https://www.fcc.gov/document/fcc-adds-routers-produced-forei...
https://www.fcc.gov/document/fcc-adds-routers-produced-forei...
Are there even consumer-grade routers that are produced in the USA...?
> As outlined below, today’s action does not impact a consumer’s continued use of routers they previously acquired. Nor does it prevent retailers from continuing to sell, import, or market router models approved previously through the FCC’s equipment authorization process. By operation of the FCC’s Covered List rules, the restrictions imposed today apply to new device models.
I’m sure plenty of US factories are capable of importing boxes that look like routers but are actually just switches (because the router firmware is missing) and re-flashing them here…
[0] https://mono.si/
The fact that they haven't updated that webpage with new information since October 1st 2025 seems to indicate bad news...
... at the same time, I don't think I'd send $100 to a site with no contact/ownership/company info to begin with.
The FCC maintains a list of equipment and services (Covered List)
that have been determined to “pose an unacceptable risk to the
national security
Recently, malicious state and non-state sponsored cyber attackers
have increasingly leveraged the vulnerabilities in small and home
office routers produced abroad to carry out direct attacks against
American civilians in their homes.
Manufacturers have never had to care about security because no Gov agency would ever mandate secure firmware. This includes the FCC which license their devices and the FTC who (until recently) had the direct mandate to protect consumers.
Our most recent step backward was to gut those agencies of any ability to provide consumer oversight. All they they can do now is craft protectionist policies that favor campaign donors.
The US has a bazillion devices with crap security because we set ourselves up for this.
Plenty of consumer-grade devices have had very lax security settings or backdoors baked in for purposes of “troubleshooting” and recovery assistance. It’s never been limited to foreign-made devices.
Security has never been part of the review process. The only time any agency has really cared is when encryption is involved, and that’s just been the FBI wanting it to be neutered so they can have their own backdoors.
Sorry but this is merely a convenient excuse. Source: I have hard evidence of a Chinese IoT device where crap security practices were later leveraged by the same company to inject exploit code. It's called plausible deniability and it's foolish to tell me it's a coincidence.
You're not going to convince me that a foreign state actor pressuring a company to include a backdoor wouldn't disguise it as a "whoopsie, our crap code lol" as opposed to adding in the open with a disclaimer on it.
It's all closed source firmware. Even the GPL packages from most consumer router vendors are loaded with binary blobs. Tell me I should trust it.
No, I don't have it but you may check with Santa Claus.
(That is not to say that the FCC change will move the needle on the underlying issue of router security; as some of the ancestor comments have said, lax security practices are common industry-wide, irrespective of country of development/manufacture.)
The FCC's power just got substantially nerfed, and "we've decided to slow lane all foreign-made routers" feels like that may have been beaten on the old, higher, standard. Let alone the new one that gives the FCC almost no power.
Trusted, qualified independent experts: Ala Underwriters Laboratories.
Some trust has to be created through testing standards and the law, but generally we do believe what the label says in day to day life.
Maybe trusted community of people could do it for everyone, but there's currently all kinds of potential legal trouble brewing in that approach. Complete and public reverse engineering of every aspect of any device would have to be made completely legal, so that people could freely publish all artifacts extracted from a device and produced during reverse engineering and collaborate on them without any fear of repercussions. Also HW manufacturers would have to be prohibited from NDAing documentation for SoCs, etc.
Side benefit would be that this would also serve as a documentation for freeing the device and developing alternative firmwares with modernized sw/reduced attack surface.
The OpenWRT One [1] sponsored by the Software Conservancy [2] and manufactured by Banana Pi [3] works lovely.
[1] https://openwrt.org/toh/openwrt/one
[2] https://sfconservancy.org/activities/openwrt-one.html
[3] https://docs.banana-pi.org/en/OpenWRT-One/BananaPi_OpenWRT-O...
Self ownership and full 'right to repair' has carve-outs in the FCC's regulations in the name of limiting unintentional broadcasting/radiation. Maybe a challenge to those would survive in the post-Chevron environment. I wouldn't expect any Congress in the last 25 years to pass a law which would go against the incumbent telecom lobbyist interests though, and I'd expect such a hole if it did hit case law, to get 'patched' fairly quickly.
About the only way to really solve that would be to embarrass vendors enough to open their moats.
> Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations.
In other words, foreign-made consumer routers are banned by default. But if you are a manufacturer, you can apply to get unbanned ("Conditional Approval").
In the FAQ (https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-reg...), they even include guidance on how to apply: https://www.fcc.gov/sites/default/files/Guidance-for-Conditi...
If you (a manufacturer) apply, they want information regarding corporate location, jursidiction, and ownership. They want a bill of materials with country of origin and a justification for why any foreign-sourced components can't be domestic. They want information about who provides software and updates. And they want to hear your plan to increase US domestic manufacturing and progress toward that goal.
So, foreign-made consumer routers can still be sold, but they are going to look at them with a fine-tooth comb, and they are going to use FCC approval as leverage to try to increase domestic manufacturing.
You're assuming a non-partisan technocratic process, which this administration has amply shown is neither capable nor willing to provide. This requirement becomes another opportunity for Pay-to-Play, either in cash or quid pro quo, to the government directly (see, e.g., NVidia and AMD export allowances) or to Trump's inner circle (see, e.g., crypto venture regulation, merger approvals).
That is not what's going to happen. What's going to happen is that anyone coughing up payola to the current executive in chief's people will get approved, and anyone that doesn't will remain blocked. This practice is currently widespread, in the form of tariffs.
Wow NGL this sounds great if you ignore the reality that it'll be used as a partisan backdoor to enriching the administration.
> For the purpose of this determination, the term “Routers” is defined by National Institute of Science and Technology’s Internal Report 8425A to include consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. ¹
> A “consumer-grade router” is a router intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. Throughout this document, the term “router” is used as a shorthand for “consumer-grade router.” ²
There doesn't seem to be a general ban for foreign-made professional routers, just for some Chinese manufacturers, right³?
Oh, and what does "produced by foreign countries" even mean? I couldn't find any definition. Is this meant to be the country of final assembly? Would importing a Chinese router and the flashing the firmware in the USA be sufficient to be exempt? Where is the line drawn usually?
¹) https://www.fcc.gov/sites/default/files/NSD-Routers0326.pdf
²) https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8425A.pdf
Chinese citizens have more computing freedom than American citizens at this point. What the fuck happened to the land of the free?
Really, do they have a definition?
Yeah conceivably you could use this to ban any network device that is capable of routing between interfaces, so lots of switches with new firmware could do it, often terribly, as well as PCs with multiple interfaces. But its probably going to involve intention.
supernetworks•1h ago
tomhow•34m ago
Also, we recommend using a username that seems human, rather than being based on a company/brand name, otherwise it seems like you are here primarily for promotional purposes rather than curious conversation. You can email us to change the username if you'd like – hn@ycombinator.com.