before buying expensive routers check OpenWRT’s table of hardware and buy one that is supported by the current OpenWRT release and has decent specs. There is a detailed installation guide for each supported device in the wiki too so there are no excuses it’s dead simple. Free yourself from stupid hardware manufacturers and their planed obsolescence products.
- Edit: also here is the new version of the table of hardware with more details They seem to have buyers guide too in the wiki.
- Edit2: seems like GL.iNet devices ship with OpenWRT out of the box with their GUI on top and you still have access to openwrt under the hood if you need it which sounds awesome so look into them if you’re interested. Thanks you guys who brought them up.
- Edit3: there is firewall sulotion called OPNSense which is not limited to commercial routers like OpenWRT and can be run on any x86 hardware of your choice (like N100 mini pcs) so look into it if you’re interested. Many thanks to the guys who contributed in the comments
- Edit4: Sorry for the multiple edits but some of you guys suggest some fantastic insights that I had to add. Anyways here is a list of good candidate devices for hassle free installation and yet powerful enough hardware from OpenWRT’s Forum
- I promise it’s gonna be the last Edit. OpenWRT has a official device they made themselves called OpenWRT ONE (I think the second one is also in the works). It hase good specs for home network and you support the project too. Here is the link to official Retailers
I disagree. Your machine should be setup such that you don’t have to trust the network that you connect to.
With multi-layered defense you should protect your network, but not trust that you always succeed.
Sure. And you should be confident that your traffic is secure when you connect to public WiFi or directly to an AP that’s been owned by the NSA
If you’re specifically targeted by the NSA or even a national security service there is not much you can do. However, assuming that the network is always hostile is a sensible position. Because it is.
Encryption works. The NSA cannot break lots of tech. Just check their own top secret documents that were leaked by Snowden.
You don’t have to break encryption if you compromise the endpoint.
True. That’s why I love my sys-net VM in Qubes. I don’t even have to trust my WiFi drivers.
I like Qubes OS and ran it daily, for years. While it’s not completely bullet-proof (there are ways to break out of VMs and x86 hardware is probably riddled with exploitable bugs and deliberate backdoors) it’s the best publicly available usable thing we have.