OnHub Router -- Google's Smart Home Trojan Horse?

An anonymous reader writes: A couple weeks ago, Google surprised everybody by announcing a new piece of hardware: the OnHub Wi-Fi router. It packs a ton of processing power and a bunch of wireless radios into a glowy cylinder, and they're going to sell it for $200, which is on the high end for home networking equipment. Google sent out a number of units for testing, and the reviews are starting to come out. The device is truly Wi-Fi-centric, with only a single port for an ethernet cable. It runs on a Qualcomm IPQ8064 dual-core 1.4GHz SoC with 1GB of RAM and 4GB of storage. You can only access the router's admin settings by using the associated app on a mobile device.

OnHub's data transfer speeds couldn't compete with a similarly priced Asus router, but it had no problem blanketing the area with a strong signal. Ron Amadeo puts his conclusion simply: "To us, this looks like Google's smart home Trojan horse." The smartphone app that accompanies OnHub has branding for something called "Google On," which they speculate is Google's new hub for smart home products. "There are tons of competing smart home protocols out there, all of which are incompatible with one another—imagine HD-DVD versus Blu-Ray, but with about five different players. ... Other than Bluetooth and Wi-Fi, everything in OnHub is a Google/Nest/Alphabet protocol. And remember, the "Built for Google On" stamp on the bottom of the OnHub sure sounds like a third-party certification program."

wan port

[sirber]

No place to plug the modem in?

Re:wan port

[dreamchaser]

That is what the lone ethernet port is for. They expect everything else to be Wi-Fi.

Re:wan port

[Anonymous Coward]

If you plug your modem into the LAN port you're an even bigger idiot than the first guy. The blurb is wrong, RTFA it has two ethernet ports, one for LAN one for WAN. The article specifies it has one LAN port. Which is all a router needs.

Re:

[Anonymous Coward]

It's not much of a router if it only has 2 ports. I would expect more for $200 on the consumer side.

Throw a switch on it and it has as many ports as you want. It's a router, not a switch.

Re:

[ZorinLynx]

The ideal location for a wireless base station is up high, centrally located in the home. This is usually not where your desk area is that has a lot of the stuff that plugs into wired ports.

So a single port makes sense. Put the router up high somewhere, then run a single cable back to a switch located in your home office. Plug everything in there.

Still, this is not for me. I prefer using a full-fledged Linux server as a router. There's just so much more you can do, and you fully control everything it does.

Re:

[Guppy]

The ideal location for a wireless base station is up high, centrally located in the home.

Not necessarily. Some antenna designs will have poor signal above and below the unit (as an example, a simple dipole antenna has dead spots there).

And it's not a bad idea to off-load as many things to physical ports as possible (TV streaming device, SAN) when location is not an issue, and when the airspace is already congested, especially for gadgets that are 2.4 GHz only and non-upgradeable. I recently fixed a friend's smart-TV Netflix stuttering problem by switching to a physical line -- her router was

Re:

[aaarrrgggh]

I agree, but isn't that a better case of why you go with a switch/router plus a wifi access point?

Re:

[bickerdyke]

On my desk, only one device (PC) wants to be plugged into an ethernet.

What's eating up my router ethernet ports are: Hue gateway, NAS, TV and game console. (granted, the last two could share a cable using a switch as you described, but they are not at my desk.)

Re:

[nehumanuscrede]

"Why do you need to route more than two networks for a home router? This is consumer grade equipment, it should only route two ports no more no less. Some routers include built in switches so they switch more than two ports, but as you just said you're not expecting to be a switch."

Because it's risky ( and foolish ) to mix all of your networked devices under a single network.

For every device that is both wifi and cellular capable ( Eg: Your smartphones and even alarm systems ) you have introduced a potentia

Re:

[LiENUS]

So the jist of it is... you're not interest in any home aps right? Your list of features isn't satisfied with any consumer grade home access points.

Re:

[oh_my_080980980]

RTFA: most routers come with 4 LAN ports. So for $200 you get less then what you should get.

Re:

[LiENUS]

RTFA: most routers come with 4 LAN ports.

yeah most routers come with a built in switch, bfd. Most users use at most one port on that switch.

So for $200 you get less then what you should get.

no for $200 you get exactly what you should get, a router with a built in access point. If you want more ports get a switch, for a change someone is building consumer gear that leaves how many ports you need up to you rather than building it in. This is a good thing, it will encourage people to spread out their networks a bit, place this guy in a central point and run a line to their desktop pc with a switch s

Re:

[drinkypoo]

This is a good thing, it will encourage people to spread out their networks a bit, place this guy in a central point and run a line to their desktop pc with a switch so they can plug in their networked printer or whatever.

It's not a good thing if the user needs more ports, because now they need more crap and they have more points of failure. It's a good thing for users who don't need more ports, because it's less to go wrong and less to pay for.

Re:

[LiENUS]

Use a switch to put the ports where you need them, this is a good thing. And you still have the same number of points of failure with a switch built into the router, only if the switch is built in when your switch dies so does your router.

Re:

[LiENUS]

, because I know that Google is a business, and is not really my friend.

Don't forget to not buy linksys, neatgear, dlink, asus, buffalo or any of those either. They're all businesses and not your friend.
To negate your paranoia bout google 'decreasing your privacy' for $200 this thing isnt capable of deep packet inspecting your bandwidth, it just doesnt have the hardware for it and I seriously doubt google is vpning all of your traffic into them to inspect it on their own gear.

Re:

[gweilo8888]

It's a good thing for users who don't need more ports, because it's less to go wrong and less to pay for.

You mean it *could* have been a good thing, but it isn't.

Not because there's less to go wrong, because from the non-power user's perspective there is no win there. Either the extra port fails silently (and they don't care because nothing is plugged into it), the port they're using fails (as it could have done on a single-port design like this) and they have a working port or ports that they can swit

Re:

[LiENUS]

Where are you supposed to plug in that switch when the only Ethernet port on the device is in use for your WAN connection?

RTFA It has one WAN port and one LAN port, two ethernet ports total. You plug the switch into the LAN port and you plug your WAN connection into the WAN port. Hell the pictures from the article show two ports and two ethernet cables.

Re:

[pla]

I hate getting involved in this rapidly degenerating conversation, but...


You plug the switch into the LAN port and you plug your WAN connection into the WAN port. Hell the pictures from the article show two ports and two ethernet cables.

Assuming your modem has only one LAN port, you would do better to plug the modem into your switch, then you plug the OnHub's WAN side into the switch. This gives you full speed through the switch to your ISP for any wired devices you have, while not bogging down the p

Re:

[pla]

What fucking IP will your modem give you?

Well, I have mine configured to give out leases from the range 192.168.100.100-199, which more than adequately serves my LAN for now. What sort of piece of crap modem do you have, that can only deal with a single client connection?


What fucking IP will things on the switch get?

I just answered that, but I'll repeat myself - Since switches work by transparently passing L2 traffic, they will get an address issued by the DHCP server on the modem, just like somet

Re:

[pla]

Uh-huh. Post your topology (including model numbers and salient points of your configs) if you have anything even remotely different.

No rush, I won't hold my breath.

Re:

[smithmc]

no for $200 you get exactly what you should get, a router with a built in access point.

Considering I can get a router with a WAP and multiple LAN ports for well under $200, I'd say you're wrong.

Re:

[smithmc]

Well... according to some of the reviews I've skimmed... the Google thing is fairly hefty on the compute side compared to your average router, so maybe that's where the money is going?

Re:

[LiENUS]

My Ubiquiti Picostation has a SINGLE port and it's still a router.

No it's not. Your Ubiquiti Picostation is an access point.

Re:

[drinkypoo]

No it's not. Your Ubiquiti Picostation is an access point.

So, it only functions as a bridge? I'm not familiar with the Picostation, so perhaps it is only an AP. But if it has multiple interfaces and they are not bridged, then it is a router.

Re:

[LiENUS]

It's a bridge, not a router. takes like 30 seconds of googlign to look that up.

Re:

[LiENUS]

I mean so can my laptop....

Re:

[pla]

Incorrect. The Picostation has an omni antenna, but otherwise behaves just like all the rest of Ubiquiti's AirOS devices - It will act as any combination of {bridge / router / SOHO router} x {AP / Station / Client / Repeater}... And yes, a few of those combinations don't even make sense, but it will let you do it (never, ever disable the hard reset button on a Ubiquiti unless you know exactly what you want to do).

I absolutely love my Nanostations - Put one at one corner of an area you want covered, and b

Re:

[jonnythan]

The entire point of a router is route between two or more networks. That's what this does. My EdgeRouter has three ports, allowing routing between 3 networks. I only use 2. The LAN port of the router then attaches to a gigabit switch about 30 feet away.

There's no real reason to have a switch built into the router.

Re:

[TWX]

In large installations it's common to use layer 3 switches instead of routers at the service entrance simply because they're going to distribute to remote telecom closets, so it's more cost-effective to enter into an L3 switch through a routed port, then leave the switch through the trunked fiber ports for the various remote closets. Otherwise they'd have to leave the L3 router for an L2 fiber distribution switch, to then leave through the trunked fiber ports.

Granted, these are for campuses that have le

Re:

[TWX]

It's not much of a router if it only has 2 ports.

My Cisco 2821 router has only two Ethernet ports. It routes packets just fine.

Re:

[CanHasDIY]

If you plug your modem into the LAN port you're an even bigger idiot than the first guy. The blurb is wrong, RTFA it has two ethernet ports, one for LAN one for WAN. The article specifies it has one LAN port. Which is all a router needs.

So, which LAN port routes to the DMZ, if it only has one?

Re:

[LiENUS]

So, which LAN port routes to the DMZ, if it only has one?

Depends on what you mean by DMZ, if you mean forwards all ports to, then it doesnt use a specific lan port, you tell it which device you want to be in the DMZ and it does it same as any router.

If however you mean which port gets put in a separate vlan group so it can be on a separate subnet entirely... then none this is a home router if you want that functionality get something else. That's not home router functionality.

Re:

[gstoddart]

That's probably the only ethernet port.

Sorry, but this device is idiotic. It gives Google the ability to entirely remotely control your network from outside, is entirely designed to facilitate their own services, and will become a privacy nightmare ... because if they can access it, someone else can, and law enforcement will be able to go to them and say "OK, we need access to that network, you have to give it to us".

This is the "bend over and take it" device which puts control of your home network in the

Re:

[thedonger]

This is a terrible idea, and it's not something I'd trust even a little. This is all about locking you into Google, and making it easy for them to manage your home remotely.

I would put absolutely zero trust in this device.

People are dumb when it comes to technology. Maybe Google sees that there will be not only a need, but a requirement for a home network design/protocol/whatever that encapsulates the hardware we now get from our ISP of choice. We're entering the "internet access is a fundamental right" era. It's only logical to conclude that means highly regulated internet and, naturally, the need for a standard the government can leverage when they take over.

I'm not refuting that it can lead to Google being able to turn ov

Re:wan port

[gstoddart]

It's like native encryption without backdoors ... if you build it right, you can't access it.

If they build it so they can remotely administer your network, they are 100% guaranteed to have to hand it over later.

Given the current context, there simply is now way in hell Google can build this device and not 100% know they're creating a device with a massive security backdoor.

Unless they have created magical technology which they can access but which can't be hacked, and they can access to update it but which can't be provided to law enforcement ... what they've done is create a device which will be exploitable, and which is so heavily optimized to push their own services as to be a giant security and privacy hole waiting to happen.

We need to be entering an era where our private home networks don't have remote admin passwords which can be used against us.

If all of our stuff is going to be networked, having us be the gatekeepers for our own security is paramount.

Because you can't design something intended to be remotely accessible and not expect there is a likelihood of someone else being able to access it.

Re:

[TWX]

If all of our stuff is going to be networked, having us be the gatekeepers for our own security is paramount.

Because you can't design something intended to be remotely accessible and not expect there is a likelihood of someone else being able to access it.

The problem is there's currently no model of security that works for nontechnical users that doesn't involve an outside party. As long as there's an outside party there's a vector of exploit, even if it's simply the field service consultant jotting-down the passwords and keeping his notes as he leaves.

What we need is a standard that allows for local-control to the exclusion of the original vendor or manufacturer for those of us that are capable of managing our own devices, while allowing nontechnical ow

Re:

[kqs]

The problem is there's currently no model of security that works for nontechnical users that doesn't involve an outside party.

That's one problem. Another is that most technical users think that they are smart enough to get up security that can outsmart the NSA and hackers. 99.9% of technical users are wrong about that. And even if they're right, http://xkcd.com/538/ [xkcd.com]

I suspect that almost all technical users would be safer if they used gmail or outlook.com rather than whatever home-brew imap/postfix thing they set up on their home or work Linux server (or Windows server or whatever). But we're uber-geeks so we'll pound our chest

Re:

[TWX]

While you're not going to stop the extralegal beat-the-password-out-of-you vector, if you're not one of the few-hundred people on the planet that have been pushed that direction, right now in the United States there's no requirement to surrender passwords. Currently in the 11th circuit the court has found that the Fifth Amendment prohibits the requirement to produce passwords, and the rest of the circuits are not as yet ruled. Should there be conflicting rulings this would find its way to the Supreme Cour

Re:

[kqs]

You're correct about passwords of course (though the Supreme Court has sided with law enforcement a lot), but that only matters if the Bad Guys can only get at your server while it is turned off and encrypted. If it is turned on (as most servers are), then they just need a remote exploit or physical access (or a logged-in phone). Or maybe a backup drive since people often forget to encrypt those. (Or they don't have a backup drive, their raid set dies, and we have another kind of failure.) Compare that

Re:

[LiENUS]

It gives Google the ability to entirely remotely control your network from outside

Where does it say google has control of your network remotely?

Re:

[Rand310]

You can only access 'your' router using the app on your phone. It seems unlikely that they'd push the app's traffic over the local network, rather give you the "feature" of being able to administer your network from anywhere on the internet. If you can change settings from anywhere, so can Google.

Re:

[TWX]

Google's services are very much about communicating back with Google's servers. I don't think it's unreasonable to assume that this service is any different until we hear otherwise.

Re:

[LiENUS]

There's an option in the app to disable any communication back with google. It apparently has crash reporting that you can disable in the privacy settings... Not exactly giving google control over your network.

Re:

[Anonymous Coward]

They can auto-update the router remotely.

Are you brain-dead?

Re:

[LiENUS]

So can just about any router out there nowadays. Most implement this by daily polling a remote server for the latest version if remote-ver > installed-ver pull and install. Not exactly remote control.

Re:

[Guspaz]

The router has two ethernet ports. One for the modem, one to connect to something else (like a switch if you'd like).

Re:wan port

[Somebody Is Using My]

One Ethernet WAN port, one Ethernet LAN port, one USB port, and a jack for the power.

While I understand Google's logic behind this, but that's really a deal-killer for me. Even though many of my devices are wireless, I still rely on wired connections when I want a stable, fast and (comparatively) secure connection. Sure, I could pair this up with a second router or switch, but if I'm paying $200 for the damn thing, I'd expect it to cover those basics.

Of course, I was already wary about this just because it is a privacy-destroying Google device (having said that, I'm using Google's DNS servers in my current router so I probably don't have a leg to stand on in that regard). No web-based interface is a stupid idea too; touch-screen based interfaces are too fiddly for my liking. And despite TFAs claim that OnHub is "something you could put anywhere in your house without much embarrassment", I think the thing is hideously ugly. Anyway, in general I don't want people to see the networking infrastructure and a discreet flat box is much easier to tuck away than this round monstrosity. Not to mention the price is outrageous.

I'm really not sure who this device is aimed at. Sure it is easy to setup, but ordinary users are unlikely to drop $200 on a wireless router when they can get one that works fairly well (and really isn't that hard to configure either) for $50 from Walmart (or included "free" with their modem). Meanwhile, everyone else is going to look at OnHub's dearth of features and configurability and then pick up more capable hardware.

In short: No web-interface. Less Ethernet ports than an ASUS. Lame.

Re:

[Agripa]

The best place for the access point is not likely to be the best place for the switch so the lack of multiple LAN ports does not bother me. My Nanostation also only has 1 LAN port although it was not really intended for use as a WiFi/WAN/LAN router.

The privacy destroying aspects and lack of local configuration make it a deal-killer for me.

Re:

[RicktheBrick]

It should also be a cable modem to so one could connect your coaxial cable to it. It should be a weather prove box so I could put it on the outside of my house. Therefore I should not have to put coaxial or ethernet cables everywhere in my house. My television set should be able to be placed anywhere there is electricity since it should be able to connect wireless to the router. I should be able to connect the tv to cable tv or to my desktop computer. I should be able to buy wireless speaker that hav

Summary

[ceoyoyo]

So it's a slow, expensive router with no available wired ports and a bunch of Google spyware built in?

Re:

[ceoyoyo]

Except that Apple's similarly priced Airport Extreme has three times as many ports. Their single-port option costs half as much.

Re:

[Anonymous Coward]

Yup. Change the name from OnHub to iHub, and it could be an Apple device.

Sorry, no one would fall for it; it's not shiny enough!

Re:

[jonnythan]

It has one available wired port. The blurb is wrong. The OnHub has WAN and LAN ethernet ports, allowing you to plug in one wired device (which can easily be a switch).

Re:

[ceoyoyo]

Cool. So a slow, expensive router that needs additional hardware if you want to use more than one wired device, and a bunch of Google spyware built in?

Re:

[jonnythan]

No, it's a router. It has two ethernet ports.

Even if it didn't, it would still be a router if it routed between two different networks. An access point does not do that. I'm not sure you understand what "router" means. You could very easily have a router with one, or with zero, physical ports.

Re:

[jonnythan]

Sorta, yeah, but the selling point is the smart home integration side of the equation.

Re:

[hughbar]

Thanks, exactly echoes my thoughts. I'm in UK, Google has spying issues, tax issues, market distortion issues, I'll keep on buying Draytek for the moment, thanks.

Truth in Advertising

[jabberw0k]

Can someone please write a browser plugin that replaces "smart" with "Big Brother" ?

So basically...

[Maury Markowitz]

This is the Apple AirPort Extreme. Same basic performance, same feature set, same way to admin it same price.

But because it says Google, we're supposed to believe this is part of some super-duper conspiracy to take over the world.

Right.

Or maybe Google just wants some of the market that Apple currently has, selling the same router you can get for $50 for $200, and being the best selling home router in spite of that?

Re:

[Gr8Apes]

It is built by Google which has not come out and said anything about securing and protecting your privacy. They have said they use select information to provide better advertisements. I wouldn't buy Google anything, personally.

Re:

[jonhorvath]

The article left me with the following impression.

Apple and Google don't want government to require them to put encrypted back doors into their products. Not that they necessarily don't want encrypted back doors in their products.

Re:

[LiENUS]

Not that they necessarily don't want encrypted back doors in their products.

That kind of contradicts what Vinton Cerf from google said in the article:

"If you have a back door, somebody will find it, and that somebody may be a bad guy," Vinton Cerf, Google's chief Internet evangelist and the co-creator of TCP/IP, said in a speech earlier this month. "Creating this kind of technology is super, super risky."

Re:

[Gr8Apes]

That is a different thing - they don't want to seem compromised by the feds. Google does want full access to the data internally, and all your server side data is unencrypted for their easy perusal and tagging.

Re:

[leonbev]

Yeah, I'm not sure why I want to pay $200 for an 802.11ac router with just one wired network port (which is basically twice the going price for most competing routers on Newegg) just for another opportunity to share even more Internet usage data with Google.

It seems like thing should be cheaper than a normal router instead of more if it's advertiser subsidized. Yeah... it might not directly inject the ads itself, but you know that it's going to aid with ad targeting.

Re:

[ginoledesma]

At least the Airport Extreme comes with 3 extra GigE LAN ports.

Re:

[Actually, I do RTFA]

Well, it's strange it says Google. Didn't they just re-org so that Fiber and Nest are no longer under the Google name?

And Apple is in a super-duper conspiracy to take over (your computing) world. That's their credo. "We will control everything, and it will just work."

Re:

[hackertourist]

Last time I looked, The Airport could at least be configured from an OSX computer instead of just mobile devices.

Nobody

[Anonymous Coward]

Needs more than 1 ethernet port.

        -- Larry Page

They know all

[AndyKron]

So it will know when I go to bed, and to send me advertising for blankets if my thermostat is over 70?

Re:

[Anonymous Coward]

Future wise, your comment isn't too far off.

Typo in the headline

[EvilSS]

Should read: "OnHub Router -- Google's Trojan Horse?"

Amazon Echo

[crow]

They should have built something to compete with Echo. Put in some good speakers and a microphone, then hook it up with the software they already have with Google Now so that you can ask it things with "OK Google," and then they have something. Now it's just a router.

OnHub's data transfer speeds

[arketh]

I just read through again, and I didn't see a mention of 'OnHub's data transfer speeds couldn't compete with a similarly priced Asus router' in fact it raves about how you don't need a repeater to cover a whole house like you do with the Asus. No mention of it being slower though.. where did that come from?

Cell phone only configuration?

[quietwalker]

Am I alone here in thinking that's ... idiotic?

Okay, I have a heavy bias here. I don't use my phone much, and when I do, it's largely as a phone. I don't read my email on it unless I absolutely have to, I don't use it for web browsing, and it's not an entertainment platform for me, either games, music, or media. It's ... just a phone. Some of my coworkers see me as some sort of luddite for not hooking my work email into it.

Maybe in the future when we start using it as an ID and credit card replacement,

Awesome

[Gnaythan1]

I like it and want it to succeed. but I'll buy the cheaper knockoff that doesn't require an app and lets me install my own software a year or two later.

Not really a Trojan Horse

[Foundryman]

The Greeks didn't sell Troy a Trojan Horse, they left it outside for them to have for free.
When you leave for work in the morning and find a Google OnHub on the front porch, and you didn't order it, then maybe it's a Trojan Horse.

WTF, people

[Jawnn]

Who, besides the legions of clueless lovers of the shiny, would let Google inside their networking gear?

Bait

[Areyoukiddingme]

Trojan horse? Seriously? ++Clickbait;

From their own blurb:

In the future, OnHub can support smart devices that you bring into your home, whether they use Bluetooth® Smart Ready, Weave, or 802.15.4. We also plan to design new OnHub devices with other hardware partners in the future. Stay tuned for news from our second partner, ASUS, later this year.

In other words, they told the world up front that it's for home automation. So... Shock! Horror! It's for home automation!

This thread is full from top to bottom of why the Alphabet name was created. The Google guys want to be able to sell neat hardware without the tremendous "Google will spy on meh!" backlash. If the hardware is designed, manufactured, branded, and sold by a company that ISN'T an advertising company, maybe people will be able