Google WiFi Reviewed

[thiggins]

Has anyone analyzed the connections made by Google WiFi to internet services? With it being from Google there has to be some information collecting going on to offset the cost running of this service.

Google has no need to collect any traffic data from WiFi and it doesn't. They get plenty of information on its users from all the other services people willingly use and opt into. You can opt out of all the data collection methods via the app.

App-based management makes use of the fact that phones are something we all have now. It also enables two-factor authentication, which, unfortunately, only eero takes advantage of now.

The requirement of cloud services has both positive and negative points. It enables easy remote management and the application of more analytic horsepower than is economically feasible to include in reasonably priced products. It also allows machine learning over thousands (millions?) of networks to tune algorithms. The negative is that if the company goes belly up, your device is bricked. But this is a general technology issue not restricted to routers.

Ya pays your money and ya takes your choice.

 

[pete y testing]

Has anyone analyzed the connections made by Google WiFi to internet services? With it being from Google there has to be some information collecting going on to offset the cost running of this service.

collecting data is a certain , but i also worry about the security about not why but how they do it and if its not going to end up as a giant security nightmare like netgear is currently experiencing , this need for a constant open door to the www is bound to bit someone on the butt

 

[thiggins]

https://support.google.com/wifi/answer/6246642?hl=en&ref_topic=6281400

 

[pete y testing]

It also allows machine learning over thousands (millions?)

and the possibility to take over those thousands / millions !

 

[thiggins]

and the possibility to take over those thousands / millions !

If you're really that paranoid, don't use the internet.

 

[pete y testing]

nothing paranoid about it tim , its simple to see that if they have a huge open hole in every unit so you and they can access it that someone else is going to try , having no ability to administer locally and shut out external access cant be ever really seen as secure , and the users that would buy these units will and would have nfi they have been hijacked to a bot army , not just having a go at google wifi here but anything that needs a constant remote access to make it work

 

[thiggins]

I have a problem with the assertion that anything that has an associated cloud service is by definition insecure. I would argue that the majority of networks would be more secure if they had a properly designed and operated security service keeping an eye on it. You may know how to run a secure network, but most consumers don't.

Who do you think has more resources and knowledge to apply to that problem? A small startup or Google? I'm not saying Google or anyone else has this all figured out. For example, I'd like to see them use something like eero's system that texts or emails a code to your phone for login vs. using a Google account login.

Cloud systems are going to be part of anything that touches the internet. What we as a tech community need to do is raise our expectations of what we expect from vendors on both a functional and security level and have reasoned and reasonable discussions about the issues.

 

[RMerlin]

Totally agree. Cloud-based technologies have a huge potential for providing valuable services not otherwise possible. Look for instance as malicious website detection as provided by web browsers, or security suites like Trend Micro's. The cloud is what makes these services even possible today.

As experts, our role shouldn't be to discourage the use of anything cloud-based, but rather ensure that those providing cloud solutions do so in a sane, secure way. It's definitely possible to do so. Provide end-to-end encryption, using secure ciphers and protocols. Store passwords encrypted with bcrypt, and use salting.

Not everyone uses MD5 hashed passwords in a MySQL database reachable by the public outside of a VPN tunnel.

And we have to ensure that less expert users also use cloud products for the right reasons. Dropbox and its competitors are awesome for sharing some photos between family members. Not so much for sharing your latest income declaration.

 

[sfx2000]

One of the advantages of an approach like Google WiFi is that while it is cloud based, it's also very easy for them to push out critical path updates, as the firmware is not a "image" as some of the legacy devices are - they can push out specific libraries, config files, etc, and they can do this very quickly and in the background - remember, Google's wifi devices are essentially Chromebooks, although headless, but all code is signed and verified by the device, there is rollback if the sigs don't match...

As for security itself - I've worked with both Google and Amazon cloud services, and security is good there - depends on course how your instance is built out, but it's no less secure that running on bare metal in one's own data center.

 

[thiggins]

The background updating is part of eero and Luma as well. As you said, like Chrome and Android apps too.

 

[pbarnes]

I have a problem with the assertion that anything that has an associated cloud service is by definition insecure. I would argue that the majority of networks would be more secure if they had a properly designed and operated security service keeping an eye on it. You may know how to run a secure network, but most consumers don't.

Who do you think has more resources and knowledge to apply to that problem? A small startup or Google? I'm not saying Google or anyone else has this all figured out. For example, I'd like to see them use something like eero's system that texts or emails a code to your phone for login vs. using a Google account login.

Cloud systems are going to be part of anything that touches the internet. What we as a tech community need to do is raise our expectations of what we expect from vendors on both a functional and security level and have reasoned and reasonable discussions about the issues.

Google accounts are probably the most secure things available, so I'm not for this. I'll take Google's security team over eero's any day of the week.

 

[sfx2000]

For example, I'd like to see them use something like eero's system that texts or emails a code to your phone for login vs. using a Google account login.

Two-factor auth would be very nice - also note that an Application can leverage security modules inside a phone to do even more robust security than one would get from a browser on an internal web page - and by removing that web server inside the router, one is less likely to get compromised by something like cross-site forging type of attacks..

 

[headcase]

With 802.11v, k and r not currently not supported, and instead using RSSI based roaming assistance, I'm curious if anyone who has a set of these can test out seamless roaming capability. More specifically, how well the Apple devices are moving around and whether intermittent dropped audio is occurring when using VoIP / FaceTime.

 

[sfx2000]

Google has no need to collect any traffic data from WiFi and it doesn't. They get plenty of information on its users from all the other services people willingly use and opt into. You can opt out of all the data collection methods via the app.

I think some of the privacy concerns, esp. with Google might stem from the War Driving privacy case back in 2012, where they did end up collecting more data than they should have when mapping out WiFi for location services...

http://www.nytimes.com/2012/05/01/t...t-view-is-identified.html?_r=1&pagewanted=all

and also this... http://www.theatlantic.com/technolo...wireless-data-was-god-among-engineers/328702/

That being said - Google learned their lesson there...

 

[sfx2000]

Changing track here a little bit - with Google WiFi - it's nice that we have Android and iOS apps to configure the Google WiFi platforms, but oddly enough, there doesn't seem to be a way to manage the Google WiFi devices from a Chromebook (at least those that do not support the Google Play Store to download and run Android apps)

@thiggins - can you check with the Google POC and perhaps they have some idea on how to do this?

(One might have a family member that just has the google router and chromebook, so no way to run an app...)

 

[thiggins]

With 802.11v, k and r not currently not supported, and instead using RSSI based roaming assistance, I'm curious if anyone who has a set of these can test out seamless roaming capability. More specifically, how well the Apple devices are moving around and whether intermittent dropped audio is occurring when using VoIP / FaceTime.

I did a quick test with the Edimax RE11 using a Moto X Gen 2 phone. Both Pandora and Netflix didn't glitch once as I moved all around my home.

Don't discount the value of RSSI based roaming "assistance". The advantage is it doesn't require 11v,k,r. These standards don't actually control the roaming process. They have more to do with affecting the speed of transition.
http://www.snbforums.com/threads/what-are-sticky-clients-802-11k-v-r-explained.30689/

 

[Elisha]

So I bought a couple of Asus OnHubs yesterday and hooked them up as Mesh.
I have been using a Nighthawk R7000 since 2013 and just wanted a change. The Nighthawk has been in my basement since day one and while I have no wifi issues even 2 floors up but occasionally I see slowdowns and I thought I would give Mesh a go.
My 3 computers in the basement are all wired and so are my NAS and printers. My current wireless devices are:

1. iPhone 7 Plus
2. iPhone 6s Plus
3. iPad 2
4. Macbook Pro Retina
5. Macbook
6. EcoNet Thermostat
7. Xbox One S
8. Wii-U
9. Amazon Fire TV 4k
10. Chromecast
11. Samsung SUHD 4K
12. Roku 3
13. LG Blu-Ray
14. Kobo

Anyway I'm quite impressed with how the OnHubs are working. The second unit is in my living room behind my TV. Out of curiosity I disconnected the second Node to see how strong the signal would be from just the basement unit while running a bunch of streaming from my living room. Signal strength was just as high as the Nighthawk (Smart Connect enabled). Went upstairs to my bedroom and surprisingly still at max signal according to my iPhone 7 Plus and wife's 6s Plus. And the biggest surprise of all is that an internet speed test with a single was always giving me a max result of 128Mbps. I ran it over 20 times just to make sure from my bed and the attached washroom.
The Nighthawk was never this consistent 2 floors up.

So either the whatever Beamforming if any that is being implemented by the OnHub is better than the Nighthawk or the subsequent firmware updates have made the OnHub a significantly better unit then when they were reviewed last year with complaints of wifi range.

This makes me wonder if I even need the second OnHub to Mesh at all.

Now the only negative I have noticed is that with a single OnHub, I occasionally lose the Wifi Calling indicator on my iPhone on the top level of my house. With both in Mesh, I don't seem to have that issue or haven't noticed it yet anyway.
I may end up returning one of them and maybe getting the TP-Link unit since it looks more aesthetically appealing than the Asus.

 

[headcase]

I did a quick test with the Edimax RE11 using a Moto X Gen 2 phone. Both Pandora and Netflix didn't glitch once as I moved all around my home.

Don't discount the value of RSSI based roaming "assistance". The advantage is it doesn't require 11v,k,r. These standards don't actually control the roaming process. They have more to do with affecting the speed of transition.
http://www.snbforums.com/threads/what-are-sticky-clients-802-11k-v-r-explained.30689/

Yup - completely agree that there are other solutions beyond 11v, k, r that can help address how well devices will move around on the wireless network. As long as it works, doesn't really matter to me what the secret sauce is.

Unfortunately, in my testing of Edimax a few months ago before I settled on Airport Extremes, my Apple devices weren't hopping well. And even with the Extremes, the MacBook isn't hopping seamlessly when on a VoIP call. So now that Apple is discounting development of their routers, I will likely try something else soon.

 

[Rhyle R]

I may end up returning one of them and maybe getting the TP-Link unit since it looks more aesthetically appealing than the Asus.

Keep in mind that the SNB review of the Asus onhub compared it to the tp-link one and their measurements show that the Asus outperforms tplink.

http://www.smallnetbuilder.com/wireless/wireless-reviews/32889-asus-google-onhub-reviewed?start=2

The Router Ranker has the ASUS OnHub tied with the Tenda AC15 at #8, four places above the TP-LINK OnHub, which sits in a last-place #12 rank.

 

[Elisha]

Keep in mind that the SNB review of the Asus onhub compared it to the tp-link one and their measurements show that the Asus outperforms tplink.

http://www.smallnetbuilder.com/wireless/wireless-reviews/32889-asus-google-onhub-reviewed?start=2

The Router Ranker has the ASUS OnHub tied with the Tenda AC15 at #8, four places above the TP-LINK OnHub, which sits in a last-place #12 rank.

Yeah I know but it has had half a dozen or more firmware updates since then so who knows. The Asus OnHub by the testing doesn't best the Nighthawk but the OnHub so far has been much better than my Nighthawk!


Sent from my iPhone using Tapatalk