Slashdot Mirror
OnHub Router -- Google's Smart Home Trojan Horse?
An anonymous reader writes: A couple weeks ago, Google surprised everybody by announcing a new piece of hardware: the OnHub Wi-Fi router. It packs a ton of processing power and a bunch of wireless radios into a glowy cylinder, and they're going to sell it for $200, which is on the high end for home networking equipment. Google sent out a number of units for testing, and the reviews are starting to come out. The device is truly Wi-Fi-centric, with only a single port for an ethernet cable. It runs on a Qualcomm IPQ8064 dual-core 1.4GHz SoC with 1GB of RAM and 4GB of storage. You can only access the router's admin settings by using the associated app on a mobile device.
OnHub's data transfer speeds couldn't compete with a similarly priced Asus router, but it had no problem blanketing the area with a strong signal. Ron Amadeo puts his conclusion simply: "To us, this looks like Google's smart home Trojan horse." The smartphone app that accompanies OnHub has branding for something called "Google On," which they speculate is Google's new hub for smart home products. "There are tons of competing smart home protocols out there, all of which are incompatible with one another—imagine HD-DVD versus Blu-Ray, but with about five different players. ... Other than Bluetooth and Wi-Fi, everything in OnHub is a Google/Nest/Alphabet protocol. And remember, the "Built for Google On" stamp on the bottom of the OnHub sure sounds like a third-party certification program."
OnHub's data transfer speeds couldn't compete with a similarly priced Asus router, but it had no problem blanketing the area with a strong signal. Ron Amadeo puts his conclusion simply: "To us, this looks like Google's smart home Trojan horse." The smartphone app that accompanies OnHub has branding for something called "Google On," which they speculate is Google's new hub for smart home products. "There are tons of competing smart home protocols out there, all of which are incompatible with one another—imagine HD-DVD versus Blu-Ray, but with about five different players. ... Other than Bluetooth and Wi-Fi, everything in OnHub is a Google/Nest/Alphabet protocol. And remember, the "Built for Google On" stamp on the bottom of the OnHub sure sounds like a third-party certification program."
That is what the lone ethernet port is for. They expect everything else to be Wi-Fi.
That's probably the only ethernet port.
Sorry, but this device is idiotic. It gives Google the ability to entirely remotely control your network from outside, is entirely designed to facilitate their own services, and will become a privacy nightmare ... because if they can access it, someone else can, and law enforcement will be able to go to them and say "OK, we need access to that network, you have to give it to us".
This is the "bend over and take it" device which puts control of your home network in the hands of Google .. primarily to benefit Google.
This is a terrible idea, and it's not something I'd trust even a little. This is all about locking you into Google, and making it easy for them to manage your home remotely.
I would put absolutely zero trust in this device.
Lost at C:>. Found at C.
If you plug your modem into the LAN port you're an even bigger idiot than the first guy. The blurb is wrong, RTFA it has two ethernet ports, one for LAN one for WAN. The article specifies it has one LAN port. Which is all a router needs.
Can someone please write a browser plugin that replaces "smart" with "Big Brother" ?
This is the Apple AirPort Extreme. Same basic performance, same feature set, same way to admin it same price.
But because it says Google, we're supposed to believe this is part of some super-duper conspiracy to take over the world.
Right.
Or maybe Google just wants some of the market that Apple currently has, selling the same router you can get for $50 for $200, and being the best selling home router in spite of that?
It's not much of a router if it only has 2 ports. I would expect more for $200 on the consumer side.
Throw a switch on it and it has as many ports as you want. It's a router, not a switch.
It's like native encryption without backdoors ... if you build it right, you can't access it.
If they build it so they can remotely administer your network, they are 100% guaranteed to have to hand it over later.
Given the current context, there simply is now way in hell Google can build this device and not 100% know they're creating a device with a massive security backdoor.
Unless they have created magical technology which they can access but which can't be hacked, and they can access to update it but which can't be provided to law enforcement ... what they've done is create a device which will be exploitable, and which is so heavily optimized to push their own services as to be a giant security and privacy hole waiting to happen.
We need to be entering an era where our private home networks don't have remote admin passwords which can be used against us.
If all of our stuff is going to be networked, having us be the gatekeepers for our own security is paramount.
Because you can't design something intended to be remotely accessible and not expect there is a likelihood of someone else being able to access it.
Lost at C:>. Found at C.
The ideal location for a wireless base station is up high, centrally located in the home. This is usually not where your desk area is that has a lot of the stuff that plugs into wired ports.
So a single port makes sense. Put the router up high somewhere, then run a single cable back to a switch located in your home office. Plug everything in there.
Still, this is not for me. I prefer using a full-fledged Linux server as a router. There's just so much more you can do, and you fully control everything it does.
You can only access 'your' router using the app on your phone. It seems unlikely that they'd push the app's traffic over the local network, rather give you the "feature" of being able to administer your network from anywhere on the internet. If you can change settings from anywhere, so can Google.
If all of our stuff is going to be networked, having us be the gatekeepers for our own security is paramount.
Because you can't design something intended to be remotely accessible and not expect there is a likelihood of someone else being able to access it.
The problem is there's currently no model of security that works for nontechnical users that doesn't involve an outside party. As long as there's an outside party there's a vector of exploit, even if it's simply the field service consultant jotting-down the passwords and keeping his notes as he leaves.
What we need is a standard that allows for local-control to the exclusion of the original vendor or manufacturer for those of us that are capable of managing our own devices, while allowing nontechnical owner-users to use that vendor-provided support if they're unable or unwilling to do it themselves or to pay someone else to set it up privately. Right now we're not seeing that, and consuming these made-for-marketing brochures won't show us that even if the local-control aspect did exist.
Do not look into laser with remaining eye.
Google's services are very much about communicating back with Google's servers. I don't think it's unreasonable to assume that this service is any different until we hear otherwise.
Do not look into laser with remaining eye.
One Ethernet WAN port, one Ethernet LAN port, one USB port, and a jack for the power.
While I understand Google's logic behind this, but that's really a deal-killer for me. Even though many of my devices are wireless, I still rely on wired connections when I want a stable, fast and (comparatively) secure connection. Sure, I could pair this up with a second router or switch, but if I'm paying $200 for the damn thing, I'd expect it to cover those basics.
Of course, I was already wary about this just because it is a privacy-destroying Google device (having said that, I'm using Google's DNS servers in my current router so I probably don't have a leg to stand on in that regard). No web-based interface is a stupid idea too; touch-screen based interfaces are too fiddly for my liking. And despite TFAs claim that OnHub is "something you could put anywhere in your house without much embarrassment", I think the thing is hideously ugly. Anyway, in general I don't want people to see the networking infrastructure and a discreet flat box is much easier to tuck away than this round monstrosity. Not to mention the price is outrageous.
I'm really not sure who this device is aimed at. Sure it is easy to setup, but ordinary users are unlikely to drop $200 on a wireless router when they can get one that works fairly well (and really isn't that hard to configure either) for $50 from Walmart (or included "free" with their modem). Meanwhile, everyone else is going to look at OnHub's dearth of features and configurability and then pick up more capable hardware.
In short: No web-interface. Less Ethernet ports than an ASUS. Lame.
Should read: "OnHub Router -- Google's Trojan Horse?"
I browse on +1 so AC's need not respond, I won't see it.
The ideal location for a wireless base station is up high, centrally located in the home.
Not necessarily. Some antenna designs will have poor signal above and below the unit (as an example, a simple dipole antenna has dead spots there).
And it's not a bad idea to off-load as many things to physical ports as possible (TV streaming device, SAN) when location is not an issue, and when the airspace is already congested, especially for gadgets that are 2.4 GHz only and non-upgradeable. I recently fixed a friend's smart-TV Netflix stuttering problem by switching to a physical line -- her router was only a few feet away but had intermittent problems due to being in a crowded apartment complex.
Sorta, yeah, but the selling point is the smart home integration side of the equation.
"Why do you need to route more than two networks for a home router? This is consumer grade equipment, it should only route two ports no more no less. Some routers include built in switches so they switch more than two ports, but as you just said you're not expecting to be a switch."
Because it's risky ( and foolish ) to mix all of your networked devices under a single network.
For every device that is both wifi and cellular capable ( Eg: Your smartphones and even alarm systems ) you have introduced a potential backdoor into your home network. The cellular capable device can be used as a jump point for either a real time intrusion or automated via malware / virus / trojan.
Isolate your devices into multiple vlans / networks to minimize exposure and risk. Don't let devices in the same vlan talk to each other unless you really need that functionality. Absolutely do not let devices in one vlan talk to devices in another for the same reasons. If you require it, write explicit rules to allow for it. ( X can talk to the printer, Y to the NAS drive, etc )
Because I don't trust Microsoft, the Xbox sits on its own vlan.
Because the alarm system has a cellular connection as a backup, it also sits by itself in its own vlan.
The media center ( TV, BlueRay, etc ) all sit in their own vlan.
Wireless has it's own vlan.
Wired systems reside within their own vlan.
Access to the routers / switches are restricted to specific devices on the wired vlan only.
( Yes, you can try and spoof it. Yes, I verify it. )
Because I absolutely do not trust Google, I most certainly would never utilize one of their pieces of hardware as the front-end for my home network.
Google is in the information gathering business. Period. That is their entire reason for existing. There is no WAY, I would even consider using their
hardware. Ever. Even if it was given to me for free.
It's a good thing for users who don't need more ports, because it's less to go wrong and less to pay for.
You mean it *could* have been a good thing, but it isn't.
Not because there's less to go wrong, because from the non-power user's perspective there is no win there. Either the extra port fails silently (and they don't care because nothing is plugged into it), the port they're using fails (as it could have done on a single-port design like this) and they have a working port or ports that they can switch to, or the underlying hardware dies and all ports stop working simultaneously (which could also have happened on a single-port design.)
From the end user's perspective, there is no greater likelihood of failure with multiple ports, but there's a greater likelihood of being able to work around that failure. There is no net win for the single-port design, and a small net win for the multi-port design.
And so we come to your only other point here: Price. And yes, this single-port design could have saved the end user money. It's doubtful that the extra port hardware and perhaps a switch to a chipset capable of acting as a hub or switch would have saved more than a few dollars off the bill of materials. Most likely it would have saved less.
But the fact of the matter is that from the consumer's perspective, it has saved them nothing at all. This router, as it is right now, is extremely overpriced for the functionality it provides. It's demonstrably slower and has worse Wi-Fi range than its competitors, you can plug less into it, and you can do next to nothing except standard Wi-Fi with it so far -- and Google has shown no inclination yet to reveal its plans. So for the time being, you're paying far more than a typical entry-level, consumer-grade router, but you're not getting anything more than you would have from one with the debatable exception of a slightly prettier box.
Right now, this is a product with no reason for its existence. It's the Google Glass of SOHO routers, and unless Google announces a very compelling reason for its existence soon, I doubt we'll see it last even as long as Google Glass did.
Incorrect. The Picostation has an omni antenna, but otherwise behaves just like all the rest of Ubiquiti's AirOS devices - It will act as any combination of {bridge / router / SOHO router} x {AP / Station / Client / Repeater}... And yes, a few of those combinations don't even make sense, but it will let you do it (never, ever disable the hard reset button on a Ubiquiti unless you know exactly what you want to do).
I absolutely love my Nanostations - Put one at one corner of an area you want covered, and bam, you will have five bars a quarter mile away in any direction (technically only a 60 degree beam, but it takes quite a distance from the antenna before that starts to matter).
The Greeks didn't sell Troy a Trojan Horse, they left it outside for them to have for free.
When you leave for work in the morning and find a Google OnHub on the front porch, and you didn't order it, then maybe it's a Trojan Horse.