If you’re someone who likes to live dangerously and doesn’t care about their web-surfing habits being out in the wild, TP-Link has the perfect products for you, as the company is selling routers that send all web traffic to third-party servers, according to owners. As brought to attention by a user on r/hardware who has seriously regretted hooking up one of the company’s AX3000 routers to their network, the problem seems to center around HomeShield, an Avira-powered, subscription-based kit of security features from TP-Link that comprises real-time IoT protection, network protection, parental controls, and other tools. This service seems to always be running and sending all router traffic to be analyzed—even when the user has explicitly turned it off and/or never signed up for a subscription.
[PSA] Newer TP-Link Routers send ALL your web traffic to 3rd party servers… (r/hardware)
The practice needs to be permanently ended. Make sure fines are so punitive that the world is forced back to a "contextual" model of advertising that does not rely on collecting data on users and creating profiles on them.
I understand that right now, these don't provide as much revenue to sites, but that's only because there are more lucrative options to advertisers out there. If you remove those more lucrative options, then they will be forced to come back to contextual ads, which will raise the value of contextual ads.
Contracts can agree to some things but not make an outright illegal act ok.
I am betting this is a hazy, borderline, situation.
Maybe latest hardware has changed, or there's something better out there by now - but these have been running strong for ~years~ and I've had zero need to upgrade. They were really nice when I was first setting up Starlink and I could setup failover parameters with no problem at all. I haven't needed any VLANs, but I've toyed with the idea so I could set up various QOS parameters and Pihole configurations and the ERX can certainly do it. And adding additional WiFi coverage is as easy as plugging in another AP and adopting it - it meshes right in.
Really the only thing I can really complain about the UBNT stuff is that the APs require a java program on a PC to setup, and there isn't a way to do it via their router or to run the program on the router (there is a phone app, but I could never get it to work). It's nice that you can use the AP's without needing a same-branded router, but I don't get how there is absolutely zero integration on any level.
I've spent less on my setup than a "Gaming" router for sure. Way cheaper than a mesh WiFi router as well. Might be a bit more than your standard TP-Link consumer router though
That has been my position over the last 10-15 years.
Increasingly I avoid any consumer stuff like the plague, and if I have to use it I firewall it off, or run it on a dedicated offline VLAN.
My choices are Open Source first, Enterprise second.
I have been using pfSense as my router for over a decade and couldn't be happier. I was a little bit unhappy with the direction they went with netgate, and had intended to transition to OPNSense, but I think I dragged my feet too long and missed the window in which config files were compatible.
With all my VLANs and firewall rules it would be a PITA to transition manually now, but maybe you still can. I don't know. I'll have to do some more research.
If I ever start from scratch, I'm definitely switching to OPNSense though.
The USG has the Unifi controller built in. But I think it's been discontinued. Dream Machine also has the controller built in.
I pretty much never touch my access points, so, it's not really an issue.
Another nice feature of the ERX is IPSec VPN support. Rarely see that on consumer products. It's something I need.