Yea couldn't install gps, then realized the package manager only had maybe 10% of what most gli.net routers have because of the 'special' chip in this one.

Still a great travel router, but had to buy a BerylAX for what I wanted to do with the usb gps.

Drop the Starlink into bridge mode, use the Gl.inet in front as your edge router, have WireGuard/Tailscale/etc connections back to more permanent infrastructure.

Even without a SIM card itself -- Android and iOS devices will tether over USB, so you can tether your own phone directly in and share the connection to other devices as well when you don't want to mess with Starlink.

I use a similar model to this extensively.

1. Hotels where you have to pay a "connection fee" you only have to pay once

2. I travel with a chromecast that can connect to my private network

3. I run wireguard, so all my traffic back is automatically encrypted

4. I can position this to get a better wifi signal, "boosting" the signal (via my private network) for all my devices

Valid question, and in my opinion a valid concern with Chinese telecom and networking equipment marketed to Western customers. Replacing the vendor firmware with vanilla OpenWRT, when possible, will reduce a lot of risk. That said, I can't recall reading anything yet about GL.iNet being caught with "forgetting" a "debug feature" in any of their devices.

Pretty unlikely in my book. This runs OpenWRT out of the box. Given, there are still closed source binary blobs in these things, especially around WiFi 6 and frequently the customizations for the kernel isn't released, but those tend to be more expensive locations to place backdoors especially when the system is very open to inspection. These kind of devices are VERY frequently torn down by security researchers and used in WiFi shoot-outs leading to much higher potential increased detection of anything present.

A lot of this these "backdoor" style hypothesis' still need a motive justification for the cost. Who would they be targeting? What is the potential value of the backdoor?

Given the visibility and complex locations required for the firmware, this would be an expensive backdoor to put in place for any amount of time. The attack is completely untargeted, at best you may be able to say tech enthusiasts that travel. You probably can't count on executive targeting, this device requires a separate battery pack as well as per-site configuration as opposed to pairing to their iPhone and not carrying all that extra stuff.

What are the chances of an expensive, high-visibility backdoor showing up in a dirt cheap product line for a high-risk untargeted attack? Pretty low in my book but your threat model may vary.