Regarding the router firmware page: Router Firmware - Privacy Guides
What exactly is the problem with using the standard router given by your ISP? My router settings don’t contain anything relating to privacy. And obviously my ISP knows who I am and which IP addresses I connect to, no matter what router or firmware I use. So what’s really the benefit of using an alternative firmware?
As above pointed out many routers collect data and share this data to third parties often labelled as anti virus companies.
Besides that often providers have a backdoor account for better and for worse to the router you get from them giving them direct access to your home network.
Don’t forget the insecurities. It’s not uncommon for cheap routers to run outdated linux 3.x or 4.x kernels with no updates. Hell, the official way to install openWRT on a xiaomi router is with a system exploit
Basically my router that is provided by my ISP sucks and gives me much slower WiFi speeds than what I pay for. Ethernet works as fast as advertised just not WiFi.
I saw online people recommend putting that ISP router into modem mode and buying another third party router which has better range and is generally faster in theory.
Is that ok for privacy? I don’t know if that opens my house up to security flaws or other issues that may be risky?
Which router should I buy? Are they all more or less equal in terms of security? I am in Europe.
Sorry, that’s a lot of questions but I am a beginner and a bit clueless really.
Why not just buy some access points?
There are router-access point combos and for a typical home use case it, should be fine.
GL.inet and Fritz seem to be ok.
check out the GL.iNet Flint 2 router
You should ask your ISP if it’s possible to use your own router without their modem. This would be ideal, but it’s also probably fine to keep their modem if necessary.
As for which router/access point you should purchase, it’s really a question of budget and the area you are hoping to cover.
Personally, I’ve found Ubiquiti Unifi gear to be rock solid, and they have a lot to choose from depending on your requirements. They constantly release software updates with new features and security patches, which is far from guaranteed in consumer-grade routers, which often have very short support periods.
This is their cheapest all-in-one solution with built-in Wi-Fi for a very reasonable price. They have a lot to pick from, though, and as long as you disable remote access, they are very privacy-friendly working entirely locally.
Thank you all for your advice here. It is really helpful! 
Hi,
I want to split answers into two categories, each for its own setup:
I want to know, what is/are the worst case scenario/s that the user/client can expect if ISP is fully compromised and what can user do about it.
Thanks
Basically they can see anything that’s not encrypted. So you’ll want HTTPS/VPN/Tor. There’s not really much difference if you use the ISP router other than it can see your device name/MAC address (which a lot of devices now will just send a blank name and randomized MAC by default).
What about DNS?
Router can act as an in between layer between user/client’s device/s and the network.
Yeah you can use encrypted DNS as well. It really doesn’t matter, you can see the router as outside infrastructure if you want. The encryption happens on your device so they still can’t really see anything. Same situation when you connect to public wifi, you don’t really need to worry about it.
I’m not a privacy/security expert, I want to know all the ways ISP/external network can use in order to achieve a breach.
They can become a MITM, as CloudFlare(just an exmaple), right? So the SSL isn’t very practical by its own here.
But I’m connecting with a wire, doesn’t it make any difference?
They can become a MITM, as CloudFlare(just an exmaple), right? So the SSL isn’t very practical by its own here.
No they can’t MITM you.
But I’m connecting with a wire, doesn’t it make any difference?
No doesn’t matter either way. Really all you need to worry about is if you’re using encryption.
OK, thanks a lot for helping me to sort things out.
If I use their stock router can they see the LAN traffic across machines? Like shares on a NAS?
Yes, that’s why you don’t.
hm, there was actually a pretty good CCC or DEFCON? talk about this like a decade ago, I can’t seem to find it, anyone remember it?
edit: here is a related one: Beyond your cable modem - media.ccc.de