GL.iNet suggestion for recommendation

GL.iNet hardware (routers) is sometimes recommended in privacy forums and is certainly a known provider in the community. Creating this to maybe generate a discussion about a potential recommendation listing on the website - I am not sure where it would fit in (which category) - maybe under “Router firmware”? If it meets the criteria or doesn’t can be left to the community, especially with more technical discussions.

I am creating this topic, because while GL.iNet was previously mentioned on the forum, using the Search function I could not find the full discussion thread - apologies if my Search was incorrect and the topic exists.

In my personal opinion, this product could be recommended, especially for casual and non-technical users. The current “Router firmware” page provides barriers to regular users who will not either want or know how to research router compatibility and install steps - on top of risking to brick their routers. So, the solution that works out of the box (receive router, plug in, setup in simple steps) is a viable alternative for an easy privacy and security win. Their usability, support is a strong factor to consider.

They also seem to be based on OpenWrt, which is currently recommended on the website. Therefore, this discussion is viable. Our aim should be the proactive elimination of barriers and making privacy and security as simple as can be for wider adoption. (The likes of GrapheneOS, Signal, ProtonMail already help achieve this by providing easy and quick install options, setup steps and similar usability features like their mainstream privacy-invasive competitors). So having a router option that can do everything out of the box like default ISP routers or generic router options; with OpenWrt pre-flashed should have an entry on the website.

Other options include:

  • Pre-set VPN configs for AzireVPN, Mullvad and NordVPN but allow for ease of setup and import for other providers.
  • VPN kill switch on the router level
  • Tor routing on the router level
  • Built-in network storage options (microSD and USB drives)
  • DNS options like NextDNS and CloudFare
  • Adguard config and profiles
  • MAC address randomisation
  • Separate guest netork
  • Ability to create multiple VLANs (a bit complicated for non-technical users, but the steps can be replicated in under 1 min)

I am not affiliated with the company.
I am an owner and user of their routers. Products worked out of the box with no issues, dashboard management is very easy to navigate and understand. Support was always reasonable with their responses and help.

I think their hardware is cool and am happy they base on OpenWrt and thankfully don’t appear to violate licenses, but I’d still recommend replacing the software with official OpenWrt for faster security updates.

5 Likes

To continue the discussion, would the slower security updates be enough to disqualify their products from being listed on the website? How much slower are the updates and what is the extent of risk?

I don’t have the technical knowldege to argue but I’d love to hear deeper discussion into this. I trust their team and their hardware and their products would present a competent and working product out of the box to better secure home networks (compared to mainstream routers). If the slower updates are a huge risk, then yes the recommendation can be rejected.

However, if the risk is not as big, their routers can fill in a gap that is currently lacking. Most people will not flash custom firmware on their router but would definitely buy something that just works. This would be one of the main pros to recommend them.

I am more concerned if the software ecosystem overlayed on top of the OpenWRT is open sourced. They seem to be pulling from open source repositories for their plugins or at least they are pulling from a remote server.

But then again, I think all routers have some latent proprietary blob within them that allows for recovery after a failed firmware flash.

I haven’t used their products nor researched in depth, but here is their github: gl-inet · GitHub

1 Like

It is a really cool device. You can even change the EMEI number of it, which can be handy, but you still will have a fixed IMSI most likely.

Privacy wise not much benefit but security wise this device is worth mentioning. By not using a SIM connected phone number in your phone. You will close the SMS attack factor.

I wish there was a device, like this one, able to install esims from f.x. INVISV PGPP so you could have both random IMEI, IMSI, and SSID. That would be top-notch privacy while on the go. I have not seen other ways to randomize the IMSI besides some sketchy white SIM providers. For what it’s worth, I think using those likely equals to putting a big fat target on your fixed IMEI number.

Skynet and similar can surely identify ID changes like that over time.

I’ve been using the Slate travel router. At first I had trouble getting OpenVPN to work with captive portals but once I learned it’s been great.

Like stated earlier, I do wish their software I open source. At the time I honestly just assumed it was since it was recommended in the privacy sphere.

If your device have WireGuard capability, you should use it as it provides better performance vs OpenVPN, at least according to their own marketing. I havent checked yet but I sounds true because WireGuard code is leaner, without legacy bloat.

Voting for this suggestion.