Hacker News new | comments | ask | show | jobs | submit login
OnHub (on.google.com)
984 points by ropiku on Aug 18, 2015 | hide | past | web | favorite | 615 comments

My biggest issue with this is that Google wants to inject a piece of hardware into my home that acts as the gateway to my data. A device through which all :

> Incoming data runs through

> Internal data runs through

> Outgoing data runs through

And then wants to be vague about what data they will be pumping to their back-end for analytics/data mining.

I have had a long standing proposal for home automation and I'm curious to know, in this era of insecurity and people vacuuming up all your data, how many of the tech minded people here would be interested in a device which ensures your 'home automation' data stays in your home. This can be quite clearly achieved in hardware and by having an out-of-band oversight controller that literally will not allow certain data to exit the physical domain of your home...

Cloud nonsense? It's called an application and a home automation application doesn't need to run in someone's cloud...

Whose interested? I think it's about time this cloud foolishness for the sake of monetizing someone else's data in an insecure manner come to an end. Everyone loves to rant about 'disruption'... I feel its about time this data monetization cloud bananza be disrupted.

Oh, come on. Just connect your Google router to your Google fiber connection and connect to it with your smartphone or laptop running a Google operating system and Google browser. Visit your Google home page (using Google's DNS servers, of course) to read your Google Mail, or perhaps catch up on the news with Google News, or use Google+ to see what your friends are up to, or get a little work done on Google Docs. Should you do some Google searches and end up on some non-Google sites, don't worry - you're still safe under the watchful eye of Google AdSense and Google Analytics. What have you got to be so paranoid about?

Spot on.

I don't get it. It's become so obvious and people still seem to categorically refuse to admit the elephant in the room and to act upon it.

It's as if everybody was in some kind of unbreakable state of permanent cognitive paralysis.

How do you propose the common person act upon it?

Don't get a Google Router. Okay.

Don't use Google Fiber. Well, shucks - there's not a lot of 1,000 megabit ISPs in my area.

Don't use a Chromebook. Okay. What virus scanner should I install, then? And where should I store my data for backup? And didn't we hear that Microsoft tried to have Windows 10 phone home every damn keystroke or something?

Google browser. Fair enough, Firefox is decent.

Google DNS. Fair enough, unless I have Google Fiber. Then it's kinda weird to not pair them.

Google Mail. Something that looks like GMail has all of the problems of Google Mail. Is Microsoft really a better solution in your mind?

Google News. Come now, the problem of monopoly in news existed long before Google News did. I'd rather people also use Google News than JUST CNN, MSNBC, or shudder, the other one.

Google+. Right, because Facebook is so much better at respecting users.

Google Docs. Again, is Microsoft really better? Or Microsoft + Dropbox?

Google Search. What, I should use Bing?

AdSense and Analytics. Not really my choice, is it?

I genuinely ask this question. What do you think the common person could or should do, that would be better for them?

What, the Apple computer, Apple router, Apple browser, Apple Mail, and Siri?

> Don't {...}

You have pointed out many of the reasons why this is indeed a hard problem. That's why some of us have been trying to warn about these dangers for almost 20 years. The problem was significantly easier to fight 10 (or even 5) years ago, but everybody - including the technically knowledgeable people that should have known better - decided that shiny features were more important than paying attention to the larger picture and defending their future freedom.

> What do you think the common person could or should do, that would be better for them?

They should not use any service that goes against their long-term interests. While having a replacement is nice, this might require making a sacrifice. The lack of an alternative doesn't justify supporting the bad option[1].

Do you think that this problem is going to get any easier as time goes on? The cost of leaving Google is only going to increase, so it might be a good idea to find a way to pay that cost sooner rather than later.

[1] "...we've proved it again and again, that if once you have paid him the Dane-geld you never get rid of the Dane." ( http://www.poetryloverspage.com/poets/kipling/dane_geld.html )

At least by using a non-Google "free" mail service, file storage service, etc, you're distributing your mineable information among competing companies instead of handing it all over to a single entity. Or, you can do as I do and just find a reputable service you can just pay and not worry about it. (I pay Zoho $24 a year to host my mail.)

> What, the Apple computer, Apple router, Apple browser, Apple Mail, and Siri?

The difference between Apple's services and Google's equivalents is that Apple makes its money by selling you the boxes that the services run on - it doesn't directly profit on the services themselves. For Google, the service is the product, so if they can't make you pay for the service, then it has all incentive to data mine it for profit.

I fail to see how copying my data to more companies reduces my attack surface.

> all incentive to data mine it for profit.

Yes, and it has all incentive to protect my privacy, because if they screw that up, they lose all of my business, and all of everyone else's business, too.

> I fail to see how copying my data to more companies reduces my attack surface.

I'm talking about your privacy and mine-ability, not your attack surface. (Though it does help with that too, in a way - a bigger chance someone will get some of your data, perhaps, but a smaller chance they'll get all of it.)

No. That does not help minimize my attack surface. You're confusing surface with depth. And unfortunately, someone doesn't need to steal very much of my data in order to screw me over royally. If my Social Security number is held by more companies, that does not help me.

>Yes, and it has all incentive to protect my privacy, because if they screw that up, they lose all of my business, and all of everyone else's business, too.

There have been innumerable data breaches and we haven't seen those companies go bankrupt.

I pay attention to the data breaches. Google is one of the best companies out there.

I agree. My point still stands. The industry as a whole is terrible at keeping data secure.

Firefox may be a decent browser, but unfortunatly Mozilla has given in when it comes to adopting data kraken integration and has embedded software that can make Firefox en par with Chrome et al in the future.

No more good guys, I am afraid. Mozilla profited greatly from being spread by hackers initially, but now they no longer qualify for being supported.

No source here, I am on a crappy notebook, on the move.

And still, the HN crowd uses Gmail a lot. Here's the most technical crowd on the planet and people are obsessed with Gmail as if it was impossible to get email to work by any other means.

Furthermore, I will never understand why people would use Gmail, if there's IMAP and hundreds of email clients to choose from.

Same is true for Google Reader, that apparently caused a lot of buzz when it went away. Never understood this.

The only Google product I use is Google Maps, and Google Search occasionally. Replaced the latter with DuckDuckGo mostly and works well most of the time.

I would gladly use email client with IMAP server but desktop mail clients are really still in the 90ties.

Do you have a good to alternative Gmail/Inbox which has Inbox like archiving, and easy cleanup of the ... inbox, hiding emails for some period of time, pinning emails?

As for the hosting of emails (assuming I don't want to have 10GB dedicated to emails on my machine), do you have anything that gives me 10GB of mail and has the ease of use of Inbox on all the devices (desktop and mobile)?

And still, the HN crowd uses Gmail a lot.

Ditching GMail changes nothing about your privacy situation.

An E-Mail is a postcard. Sending a postcard via DHL instead of USPS doesn't make it any more confidential, even if you happen to be the owner of DHL.

You're not wrong, but you're not right either.

Disregarding the (slow) advancements of E-Mail encryption (DANE), and the fact that's desireable that no one company has your data. The big point is that it's fair to assume that everybody has access to your mails while in transit, but using gmail Google has access to all your mails at rest.

There is no point worrying about your e-mail "at rest" when everyone has already seen it in transit.

"Ditching GMail changes nothing about your privacy situation."

Actually, there is quite a bit to be gained by running your own mail server - especially in relation to other people on your mail server.

For instance, everyone at rsync.net logs into (al)pine over SSH. So yes, if you email rsync.net and we converse, that is like the postcard - every hop it goes through can see it.

But no piece of internal rsync.net email has ever traversed a network of any kind. Internal rsync.net emails are just local copy operations from one mailspool to another.

The same could be true of your company ... or your family.

Agreed. Even if Gmail is superior in some regards (I don't know - is it? There must be a reason so many people use it), as a tech savvy person I consider it a matter of pride (and privacy of course) to run my own mailserver with project like Sovereign https://github.com/sovereign/sovereign

I have been thinking of doing this for a while. Thanks for sharing https://github.com/sovereign/sovereign. Is that all one needs (whatever if mentioned on the README)?

I would be worried about getting marked as a spam server.

This is a common belief but it hasn't been an issue in my experience of running my email server (with Sovereign) for the last two years. I run about a dozen email addresses over a handful of domains for myself and some friends and colleagues.

Sovereign includes instructions/configuration to run an upstanding email server citizen, including SPL, TKIP, MTA encryption, etc. Remote mail servers seem to respect it at least as much as gmail.

It also runs a rbl-check script once a day to notify you if your IP ends up on a blacklist. In two years running on both DigitalOcean, I've had no issues. Even gmail routinely gets added to RBLs from time to time.

And this is exactly the reason I use Gmail.

I only use Google maps for public transport route planning, otherwise I use openstreetmap. And osmand on Android is freaking awesome.

Is the search as good or as fast at gmail on these IMAP clients? I used the mail app for iPhone for a while and it sure isn't.

I use Mail on OS X and it is good enough for my purpose. Could certainly be a bit more sophisticated, but most of the time, it works. I like to have a real email client for my mails and not use a web app.

There might be dedicated search engines for emails though, if search is very important.

See, if you use search a lot and Google has the superior product for your use case, that's totally fine. But I guess most people use Gmail out of habit and not because it is truly superior to other email clients.

I'm with you here - I also find OS X's Mail plenty "good enough," including for search. And it works great for connecting to Google Mail accounts via IMAP…

Searching is a solved problem if you use OfflineIMAP to mirror your mail store locally, then run mu or notmuch on top of it. Honestly, it's faster for me to search my local mail store than using some web interface. Plus, i can do it in the train when i have no internet connection. I happily pay a few euros a month for an email server which provides me with IMAP.

> The only Google product I use is Google Maps

I tried Bing Maps the other day and was surprised how much more usable it is. It loads faster, moves faster, and actually has a nicer interface because it uses semitransparent text to show names of areas.

Just finished reading 'The Circle' by Dave Eggers - think Google's monopoly and totalitarianism come true - and this just further reiterates how Google are become so pervasive and invasive in monetising off everyone's data and lack of privacy awareness.

I'll go back to dial-up rather than have all my activity centralised in the Google ether.

The NSA should stop the charade and just buy Google and Facebook already. They already have us by the balls, lets at least make it official and make the world embrace the heroic and always rightful eye of the US government.

I'm glad that people found this to be a point of significance. I've worked in the commercial networking hardware industry for some years and shelved several consumer ideas due to a lack of interest in security/privacy.

I have watched over many years as this 'cloud' software bonanza has eclipsed the tech industry. It went away from its original intent a long time ago and now is used as the holy-grail method of :

> ensuring (rent) is always paid for service(s) people should OWN

> vacuuming up and selling people's data.

I have several projects on my plate. However, I have a solid one for securing people's data when it comes to the IoT movement (in hardware)... It revolves around the same hardware/technology that the industry uses to scrape and funnel your data except the home user will now have it at their disposal as well.

Users should have 100% control of their data. If someone wants to 'monetize' it or use it to 'improve' their platform, the user should be rightfully paid for the opportunity to do so.

Disruption? Yeah, I think it's time. The foolishness has gotten far too long in the tooth.

.. And the backwards thing about it is: there are simple and straight forward ways to secure data (in hardware). It's only because everyone in the industry wants to ship your data all over the place and data-mine the snot out of it that things are as insecure as they are.

The very (loop-hole) or (door) that is used to funnel/mine/monetize/cloudify data is the very one used as an attack vector. Complicating the crap out of things at that point defeats the whole purpose.... Get rid of the door all together and the home is the least of all places where you should be exposing yourself.

I agree with the idea that the best protecting n for privacy is to make it expensive to snoop - it's worked for thousands of years so far.

My concern is how to make the benefits of this huge amount of data (medical information, travel etc) possible while charging the other use.

It's just - how - does one attach the metadata and enforce the lolicensing?

Therein lies the 'product' ... I'm working on several projects so I wasn't shy to put the general idea of this one out there... It's one of many things I feel passionately are going to be changed by disruptive paradigm shifts ahead.

That being said, you come up w/ the 'solution' and you'll have your 'product'... I already have a general architecture/approach outlined for myself. Create one and, from the looks of the interest here, you'll have an audience to buy it.

Also, with the scale and depth of hacks occurring around the world, you'll soon have an even broader audience.

If you get funded, look me up ;). I'll be looking for work in the coming months =P.

I'm wondering if / how the identity problem, blockchain proof of physical ownership and ...

Well, firstly applications should stop thinking they are CoW - data is something that gets passed in and operated on.

Secondly data operations should be side effect free - and distributed, so that we can ask for processing- in many ways I would expect not to share my data but to accept payment in return for some slice of processing someone wants

This may work ok, and generally the things we want (social networks) will be fine with local data sharing - facebooks walled garden would have to be replaced with open protocol (ie AOL -> SMTP) and no idea how to achieve that.

So im not setting the world on fire here. But I think the shape of future is clear - just getting there ...

I love your perspective on the current obsession with cloud computing. Hit me up sometime if you would like to talk more about this topic.

Multiparty Computation, homomorphic encryption, Private Information Retrieval, etc...

Unfortunately they're not very efficient, and have limited security guarantees. But that's part of an approach to do it securely.

All of which Google likely has no interest in researching.

That is why i don't buy into this hype what so ever. Anything that has 'cloud' on it when it doesn't need to I avoid.

I'd rather set up my own router with pf-sense and a industrial WiFi access point.

I really love the concept of complete home automation however the data needs to stay in the home and companies need to ask for permission to mine it.

I have nothing against data mining it can be incredibly helpful but i want full control over weather i choose to share it or charge a small fee for my data.

I'm very interested.

The whole idea of home automation (and most of IoT) over cloud is absurd. The devices in your home should not communicate by sending packets around the entire globe. The data should never leave your internal network unless explicitly meant to (web interfaces are cool and all, and you want to have remote access).

I'm actually somewhat surprised people don't seem how wrong the current model is, but I suspect it's a mix of cloud being The Hot Sexy Thing and being paid not to understand this (via business models that rely on monetizing users through cloud solution; as some of my hardware startup friends told me once after talking with the investors, hardware won't be making money, the cloud platform will).

So yes, I would be very willing to help reverse this and make local network communication the default for home automation and relevant technologies.

Google's model of how it wants computing to work is fundamentally flawed and now it's infected Microsoft. Really the only shelter is Linux, when will the ignorant masses wake up and realize this?

Honestly why should someone that is tech illterate really care?

Its a pretty big hassle

Vague? It seems to me like they're pretty clear about exactly what data they're collecting and why, and how to disable that collection: https://support.google.com/onhub/answer/6279845

"Please note that some features may not function with certain privacy settings turned off, and some information (such as the association of your Google Account to your OnHub) is stored by Google even if all privacy controls are turned off"

I am sticking with my Asus AC66U which has more features and is also cheaper than this Google device http://amzn.com/B008ABOJKS

I'd trust the Google device more simply because Google is better at software. With hardware companies like Asus you get routers full of terrible, insecure software. http://www.securityweek.com/asus-routers-plagued-command-exe...

Although I'm sure you're using DD-WRT or something...

Even software from Google sometimes has security holes:


Here's more... granted, these aren't all vulnerabilities that Google is responsible for, but many are:


All software has security vulnerabilities, but organisations have vastly different attitudes toward fixing vulnerabilities as they are identified, and potentially different capabilities when it comes to fixing vulnerabilities in a timely manner.

But Google will fix the security flaws automatically. You have to compare this device to the typical home router, which is NEVER updated. And even if you do run an Open Source firmware, you have to make sure it's kept up to date.

Please don't bundle Android and the rest of Google software. They are two different teams with two different philosophies, and one team doesn't like to have it's reputation hit by the other teams faults.

Remember Android wasn't originally designed by Google, and many of it's security design decisions and culture were inherited.

Unfortunately when it comes to data and cloud companies these days, that's a little like saying you'd trust Blofeld more than Dr No because he's a more competent villain.

That was patched within hours of the exploit coming out, hell I even remember seeing an article here on HN frontpage about it

BTW Google is not exactly known for being good at updates of hardware, just look at the mess Android is, especially older phones

In case HN is wondering about the reception: it's great by default, but I had some hardware mounted in inaccessible places, which could still have issues with reception.

So I replaced the middle antenna with a WL-ANT-157 from Asus, and wow. It's the best home wifi experience I've ever had in this price range.

Hmm, that "pretty clear about exactly what date they're collecting and why" seems a bit too similar to what the proposed Australian data retention laws ask for, which the community usually refers to it as "vague and overreaching". They make a vague note about not collecting the content of network traffic (but you can infer almost everything important from source, destination, time, protocol, etc anyway) and the table on the page is just described as "examples" of what it collects, and is never stated to be the full list. Given that Google is in the data collection business, and has a licence to update the device (and what it collects) automatically, I would assume that within a short timespan it will be collecting everything it can get away with.

Even what they do mention is enough to start inferring things about your personal life:

With "historical data consumption" they can determine who is in the house and when. With the number and make of connected devices, they can take a pretty good estimate of family size, annual income, how many of your household are working, etc.. (Though they probably first care how many Apple devices there are connecting... maybe we need to send you some more Samsung adverts)

And sure it strips the URLs from the logs -- but between Google DNS and Google Analytics being on much of the web, they can piece back together every site you visit anyway and now your router has a Google account they can tie it right back to the router in your home.

And of course it's a $199 router with a license agreement that says Google can stop it working at any time they like (clause 5c).

Proposed data retention laws? They are in fact actual laws, but they just haven't agreed on how much money the telco's and ISP's are going to get for implementing it.

Good link, thanks for sharing it. I gotta say, though, when I saw that wall of text my first thought was that this is going to be a tough sell for some of us. Thinking about it for half a second, I have to say that I would gladly prefer my router to be as dumb as possible. Maybe I just don't understand, at a gut level, how a cloud-connected router will actually improve my life?

OnHub seems to have a bunch of features which the cloud connection enables that are helpful, but not vital. For some people, having those features isn't worth the potential for additional complexity, and potential vector for privacy or security issues, that having a smarter router entails (or the increased device cost). For some people, it will be totally worth it. I personally think there's value in having options for both kinds of device on the market.

Hopefully it doesn't turn into the TV market, where it is getting increasingly difficult to find a TV that isn't "Smart".

Of course it's going to be a tough sell for some people. We could launch a potato and it'd be a tough sell for some people, let alone launching a WiFi router. :) At the end of the day you either trust the information made available by Google or you don't. If there was less text there, plenty of people would be suspicious that something was being hidden (heck - people are suspicious even with the current amount of text)!

It's okay to decide not to adopt the device in question, and it's fine to weigh how much you trust Google against what benefits you might get from any given device. For the average tech-savvy user, perhaps there's a lower value prop, perhaps there isn't. Some people like having absolute control, other people like someone managing things for them.

I personally think the real answer is not to have a central device, but to spread it out into a peer2peer 'fog'.

There's been some movement in industrial applications via stuff like https://twitter.com/FilamentHQ which leverages hardware accelerated ECC and telehash, using blockchain based DNS systems and other decentralized methods of command and control.

I think a similar direction needs to be taken for consumer hardware and data. The cloud needs to become just another peer.

I've been working with a bunch of interesting ideas on trying to get a distributed IoT network setup using programmable blockchains and Eris industries stack as part of an internship with them.

I very much like the term "fog computing" for P2P anti-cloud software. Hope it catches on.

Just watch out for Namespace collisions with groups like AppFog in the Container space.

Why not both?

In P2P networks you'll need reliable peers with sufficient capacity. Making a home server into an always connected peer could solve plenty of issues, such as with routing and hosting.

"fog computing" is an awesome term!

It's been actively used by Cisco for several years. http://blogs.cisco.com/perspectives/iot-from-cloud-to-fog-co...

I totally agree with you. I am as likely to buy this as I am to buy a router made by Facebook.

I would be very interested in helping write some code or contributing money towards making improvements to lock down phone home and other unwanted behavior. I think an excellent starting point is to see if you couldn't take a Mikrotik or OpenWRT/Tomato router and bake a lot of this extra filtering and functionality in. For some of the things that Google advertises like speed checks or choosing an optimal channel or whatever, should be do-able in open source firmware, so I think it would be hugely beneficial, at least for me (and probably many others).

This is exactly why I found the Google branding a bit weird. The smart guys over there surely must know that a lot of us would be suspicious of this device. Why didn't they brand it under Nest, or a new Google subsidiary that would take the initial suspicion-edge off? I think it's a good router at a decent price, but no way I'm putting that inside my house!

> The smart guys over there surely must know that a lot of us would be suspicious of this device. Why didn't they brand it under Nest, or a new Google subsidiary that would take the initial suspicion-edge off?

Why? Most consumers aren't in the ultra-suspicious-because-it-says-Google camp, and most of those who are in that camp are likely to take using a different branding for a project from the same ultimate corporate parent as evidence that not only is the project trying to violate privacy, its also trying to be extra sneaky about it.

I'm going to make a guess and say that this is going to sell just because it's Google branded.

I'm not buying it precisely because it is Google branded.

Unlike most of the comments here it isn't a privacy issue for me, I totally respect the privacy argument but personally just don't care enough to make decisions based on it... for me, the issue is that when I think of Google and hardware I think of the Nexus Q, Google TV, etc. Google suddenly (and relatively quickly) drops projects like this on a fairly regular basis and when the whole thing is all "cloud-this-cloud-that" dropping support basically means you've got a conversation-starting paperweight.

It's unlikely Google drops projects any more frequently than startups fail. I have (or have had) a lot of paperweights manufactured by failed startups, so I know it happens. I'm sad when startups fail, but they usually failed for the right reasons. It doesn't taint my overall perception of the startup concept.

If you think the Nexus Q was a fantastic product and that Google made the wrong decision to kill it, that's one thing -- you're saying they have bad taste, or bad product sense, or an inverted sense of quality vs. crap. I wouldn't agree with that assessment, though I admit it's an valid, internally consistent opinion.

But it's more likely you never owned a Nexus Q and are just using it as an example of how projects at Google get killed. Sure, Google kills projects. Just as startups fail. That's no more astute an observation than saying that sometimes it's sunny and sometimes it rains. You wouldn't expect Google to keep funding a stalled or not-quite-thriving project any more than you'd expect investors to keep plowing money into a startup that can't find product-market fit. Sure, the opposite outcome sometimes happens. But generally it doesn't, and that's OK.

Some think Google is valuable because it takes more risks than companies its size. The implication of your opinion is the opposite -- that Google should be more risk-averse (not starting this router project because a router is a crazy thing to build), or innovate more slowly (launching it later than today because it's not ready), or ignore market feedback longer than a startup would (damn the torpedoes, it sucks and nobody wants it, but let's keep its team on a death march). Is that how you'd run Google if you were its CEO?

"It's unlikely Google drops projects any more frequently than startups fail."

I don't disagree, which is why I also don't spend money on startup consumer goods that have any sort of requirement on "the cloud" (if the company dying makes the product virtually worthless, count me out) and also why I virtually never back tech kickstarter-style projects.

My opinion on google is that they are extremely bipolar (or at least give the external impression of being so) when it comes to experimental projects, they seem to go through periods where they are open to trying new things and then (very quickly) to periods of retraction where things that aren't ad focused are left to wither and die or just killed outright. I don't want my money caught up in their mood swings unless the value proposition is amazing, and in this case it really isn't.

The difference is that a non-cloud-reliant device can be sold to me and then abandoned by the company that made it some time in the future -- yet it still remains a usable device. Now whether the OnHub falls into that space or not I can't really say for sure; in this instance I actually doubt it does (my guess is it would remain a useful router even if the cloud-connected features were dropped for some reason).

It's also the frustrating potential that the product will be 98% awesome but with niggling problems that don't seem to get fixed as it's abandoned quickly; ie- my recent Ask HN submission about Android TV.

What _is_ the longest-lived wholly Google hardware out there?

The yellow Google Search Appliance for enterprises is about a decade old. You can still buy them today.

The Nexus One was branded Google. I wouldn't say it's supported by Google anymore because it doesn't receive firmware updates. Google first released it in early 2010.

The Chromebook CR-48 was first released in December 2010, but it wasn't a Google product (unbranded). It still receives software updates today.

BTW the new router isn't a Google product. TP-Link makes it. Google just controls the software, the way Microsoft updates Windows on third-party PCs.

The ratio of people who think about the implications vs the general public who consume rather than question is weighted in favour of big name companies.

There should simply be more coursework on privacy, classroom discussion on information monopoly, corporatocracy, ect... To level the field, it takes Education. (and I'm not saying the router is evil)

"a device which ensures your 'home automation' data stays in your home"

I have one of those, it's a Linksys router with OpenWRT acting as a firewall.

But if you can make it more user friendly and sparkle some hype all over... sure, go for it.

"I feel its about time this data monetization cloud bonanza be disrupted."

Ironically, having users controlling their own routers could be the best chance to do that. That is, toss out the crappy consumer routers and instead embrace the router as a user-controlled computer that sits between the user's devices (including IoT devices) and the ISP connection (e.g., modem). This router could run an open source source OS and be programmed _by the user_ to do all sorts of useful things, such as block ads, block tracking, perhaps even create private overlay networks among family and friends, protected from spam.

In a world where the Internet user can have some respite from radio, TV and other advertising, Google (=slave to advertisers) should not be selling routers. Should they come to dominate the market, the respite will come to an end. Users probably will not even know what happened. No one pays attention to routers as computers. They just want a strong WiFi signal.

I don't think there will be a significant market for your idea. One of the most rapidly adopted technologies of the 20th century is Color Television [1] and it still commands 36% of our attention [2].

Consumers have made it crystal clear that they are willing to trade their time and data for lower prices and more convenience. Watch the commercial on that landing page. It couldn't be targeted less at technical people.

[1]: http://cdn.theatlantic.com/static/mt/assets/business/technol...

[2]: http://www.emarketer.com/Article/Mobile-Continues-Steal-Shar...

False choice. It's not impossible to make something that tastes good and is also good for you. Some people find that Apple products are desirable, and incidentally, Apple provides a relatively high level of privacy.

But you can never expect Google to provide such a product as long as it makes money off your data. Maybe it needs to be under a different letter of the Alphabet.

Well I don't think there is anything inherently wrong with Google. So suddenly people have started to become suspicious about what data a router is able to collect, while in fact various routers which are well capable of executing malicious applications have been around forever? This is just a trend and Google is not some inherently evil guy that acts outside of the norm. Ditch Google? Fine. The next alternative you find is equally, if not more, likely to perform some data collection. Of course you can go full Stallman and ensure your data are truly guarded by your own in every possible sense. But the heavy price that comes with it, we all have seen.

I started developing a self hosted home automation framework for my senior project last year. Been on a bit of a hiatus, partially because I don't have my own place currently, but its here: https://github.com/terramod. Central web application that can run "apps" on your house, with raspi nodes that connect the hardware around the house.

I too am a bit surprised to hear tech minded people get excited about products that basically exist to collect their data.

From what I can see though, the hardware looks decent... Personally I'm curious for when someone does a teardown, to make sure there are no hardcoded callbacks to Google servers that shouldn't be.

If not, this wouldn't be so bad (for $200) running DDWRT/OpenWRT?

[edit] Also, does anyone know if the base firmware will be open source similar to Chromium? If so, one could theoretically still take advantage of their security updates (which would honestly be leaps and bounds above current consumer-grade hardware) with open source tooling.

I agree with you, but is this specific to only home automation? Shouldn't the same paranoia / concern (depending on who you're talking to) apply to critical company data (documents, source code, etc.) as well as personal health information (biometrics, etc.)?

It isn't just specific to home automation. The same paranoia should apply to all data and will once people understand the gaping holes in existing cloud centric/data funneling architectures. In the meantime, a new approach to the problem is worth looking into. As the speed of technological innovation increases more and more, so will the disruptive paradigm shifts.. and this cloud model is long overdue for one.

Yeah, but by giving more data you let software to personalize better. So by reducing your data exposure you are acting as techno-Luddite stiffing progress.

I don't think we will suddenly abandon the cloud. If anything, we will centralize even more information. My biggest philosophical debate is what will happen to people who deliberately protect their information. Surely they are meatier targets by various adversaries, but the thing that bugs me most is the fact that you will become irrelevant. Lack of data will impede even some most basic services and probably you won't be trusted because Big Cloud doesn't have your profile.

> Yeah, but by giving more data you let software to personalize better. So by reducing your data exposure you are acting as techno-Luddite stiffing progress.

Is this sarcasm? I guess I fail to understand how Google now knowing all the details of my life impedes "progress". It shouldn't stop them from developing new technology; why does the "cloud" need to figure out how to "personalize" things more for me anyways, outside of the obvious answer to serve up better targeted ads (which I'd rather make go away by any means necessary)?

> Is this sarcasm?

More of irony, I guess.

Google's core is still about serving you information and possibly some knowledge. To get better insights they need more information. It is as simple as that. MS entered the same field with Windows 10. They need more data to give better Cortana experience. If it's not all the data, Siri, Now & Cortana would suck. Now we are witnessing them going mainstream.

Merging cloud tech (automatic redundancy, intelligence) with P2P tech and giving the user full control is what is needed.

Secure smart home servers that act as rendezvous servers for your end-to-end encrypted connections so you have smooth links and network switching, routing, file hosting for your privately shared media (using tech like Tahoe-LAFS), anonymization (why run multiple Tor/I2P clients in a network when you can have one trusted device do it?), simple access control so you can easily determine to gets to connect to your home automation hardware, etc...

Absolutely, it's a bad joke. Endless data collection, personal profiling, total mass surveillance, NSA...

Need we say more?

Worried about Security then look @ this wolflink routers. They are far better than this onhub and it can be controlled directly from mobile and the highlight of this router is that it comes with parental control https://www.wolflinks.com/

agree with everything you said, but

> Whose interested?

shouldn't that be "who's"?

Could be an attempt at making a funny combination of "whose interests" and "who's interested"

I'm interested.

From [1]

  Get started

  Welcome! To set up your OnHub, you’ll also need:
  Google account
  Android or iOS device
  Broadband connection
Google account? That seems like an unnecessary requirement for a router.

[1] https://on.google.com/hub/support/#get-started

(Disclaimer: I work for the same former-division-of-Google-and-now-Alphabet-subsidiary that built this, though I don't work on OnHub.)

I think you need an account for cloud-based configuration, credential sharing, etc. Maybe it's not for everyone, but I think it makes sense as a product. I highly doubt they added a Google account requirement to improve ad targeting.

Thanks, but shouldn't these features be optional? I still don't get why I need a Google Account.

The router is cloud configured from your mobile device, that is how it works.

Some cloud services for the device are actually optional. But AFAIK you still need a Google Account.

Here is the help page on the topic of data collection and privacy:


And see also, how to set a whole bunch of privacy settings:


Disclaimer: I work on the project. I am not a spokesperson or legal or marketing, or anything like that.

> The router is cloud configured from your mobile device, that is how it works.

How do I configure a router if I need an internet connection to configure it? Sounds like a circular dependency issue.

Out of box configuration of the device is done without the need for Internet access.

Also, these days a good % of customers are walking around with an Internet connection in their hands, separate from their home connection.

Does it mean that you can set it up without a Google Account, then? Or does it let you create one (without being set up for the internet) somehow?

It's a wirless bridge, and it assumes you already have a router with an internet connection(i.e. your cable/dsl/fiber box). Setup instructions are here:


That's bullshit. It should use something like Thread or Bluetooth 4.0 to let you configure it from your mobile device, which already assumes you'll be in the same room with the router in 99% percent of the cases.

There's no reason for this to be sent over the Internet, when you're both in the same room.

I wouldn't phrase it so negatively but I do share the same sentiment. I think this is the craziness that seems to be so widespread that people don't notice how crazy it is - the primary way for two devices sitting few meters from each other to communicate should not be routing packets around half of the planet. I get it's easier, but it's bad engineering, unnecessarily wasteful energy-wise and I bet the only reason this is the default is for companies to lock people down and make money on data.

"unnecessarily wasteful energy-wise"

This is just for setup right? So the energy cost is insanely trivial, hardly worth mentioning.

I'm making a general point here. In case of this router, one-time expense is indeed hardly worth mentioning. I just dislike the whole trend.

The general point is "local direct communication is hard and unreliable". Your phone falls back to 3G - connection broken. You're on "HouseWifi" and the other device is on "HouseWifi_5Ghz" - connection broken. You have a router with a guest mode and stops guests accessing the local LAN - guest can't print or chromecast or whatever.

Totally agree.

This then assumes that authentication is handled by some combination of device proximity, physically pushing a "grant admin access" button on the device, or falling back to password management (possibly on a sticker on the bottom of the device).

There is something to be said for tying the device into an existing strong authentication infrastructure.

It allows configuring while not near it too, to check what's wrong with it while at the office. Bluetooth doesn't extend that far.

If you can debug the device remotely, you can debug the device remotely without trusting a third party.

There's absolutely no reason your private home router should be a slave to whatever remote configuration, monitoring, or intercept that some third party may be under legal orders to implement.

IMO these devices are nothing but parasites. On the positive side, Google has no track record with selling this kind of device and hopefully they will fail badly at it.

Google Fiber is one of the most wanted things in the tech world. You think having your traffic go through their router is bad? I don't even want to know how you'd feel about every internet thing you do being on their network.

There is a significant difference between being the first hop after the firewall, and the firewall actual.

I'd say Google has done amazingly well with selling at least one device like this, the Chromecast.

Maybe I'm over-stating the similarities, or the actual success.

Is guest access on a private SSID? Is my traffic separate from theirs? What about VPN support? I was getting ready to by an Asus router because I'm in the market for one, and it's at a similar price point. The three features I'm most interested in are QOS (which it looks like you have), having guests segregated from my network, and VPN access to my server

>> that is how it works.

That's how it's "made to" work (needing a google account).

IPv6 support?


> The router is cloud configured from your mobile device, that is how it works.

So is the Chromecast and you don't need an account for that, unless you want to customize it with your own photos etc

For users in some country can't access Google Account (e.g. China), Can I still buy and use it? That'll be no Google Account on daily use.

These features are the value proposition. If you don't want them, a different router might actually be better for you.

I thought the value proposition was a better designed antenna and intelligent on-board bandwidth prioritization.

>These features are the value proposition

Asking for an explanation or complaining or criticizing a product is good and should be encouraged. Companies should expect negative feedback if they release products that consumers do not like. In fact this helps the Companies too in making products that people want.

I don't quite see why you're telling people to "take it or leave it". That applies to every single product in existence, and I would hazard a guess that most people here are aware of it.

I'm not saying that it's "take it or leave it".

I'm saying that if you're unwilling to use a Google account for this, then (in all likelihood) it probably isn't the best product for you.

The same way that if you're unwilling to use an Amazon (or Apple) account, the Kindle (or iPhone) isn't going to be the best product for you.

I understand the sentiment but I can see a certain logic to using a Google Account.

It gives some protection against an attacker using a default password (as with every other router in the world). Also the hardware could be locked to a particular account in case the firmware is reset and you return to a welcome page.

Also it seems preferable that Google should use it's existing infrastructure instead of creating something new just for this.

They are optional. You have the option of just buying a different device.

No way! I deserve the best, and I also deserve the best without giving up anything nothing notta zilch! /s

You're actually giving up $200. Quite a good chunk of change. And no discount for my meta data passing through Google.

Uh, I think that's the discounted price... ;)

"I highly doubt they added a Google account requirement to improve ad targeting."

I find that a highly optimistic statement given advertising is pretty much Google's only significantly profitable product and is supporting the entire conglomerate.

It doesn't seem very plausible that Google made OnHub just to sell lots of them at the $200 price point. I think the official stance on this will be that they want to make the internet work better and be easier to setup. I do think that's plausible.

Plus, unless Google can snoop into HTTPS connections, how would this help them with ad targeting? (since HTTP will be phased out within the next few years)

Haven't the NSA revelations of the past few years driven home the fact that metadata is extraordinarily valuable and informative?

> unless Google can snoop into HTTPS connections, how would this help them with ad targeting

Hostname from TLS SNI is also useful for AD targeting.

I suppose a workaround could be just an OnHub specific Google Account.

How is creating a Google Account a workaround to creating a Google Account?

How is creating a throwaway Google Account anything other than a minor inconvenience?

If you're able to tell, which division is that? Is this really inner-Google product development, or mostly/partial/somewhat outsourced via a prod-dev consultancy?

Pretty sure they mean Nest.

Not directly, but they would certainly have included it as an entry point to bring users into Google's account-driven services, and to make a Google account "stickier".

That indirectly does increase ad revenue and targeting, and you can be sure that over time different people in the company will keep having the "bright idea" that if they correlate OnHub data with data from Analytics, DNS, and location services, they can improve ad-targeting by 0.x%, leading to $Y million in additional revenue, and within a few years it will be.

What division is that?

Fiber was part of "Access and Energy" led by Craig Barratt. Has a spot on their super out of date management page: https://www.google.co.uk/about/company/facts/management/

    I highly doubt they added a Google account requirement
    to improve ad targeting.
You might be right but it's really hard for me to agree with you. It could be optional, but it appears not to be.

I believe the post was not disputing the existence of the requirement, but the idea that it was to improve ad targeting.

I understand, and I still think an ad company has every interest to improve its ad targeting. What is so controversial about that?

Cloud-based configuration? Isn't that virtually always a terrible idea security wise for a router? Is it another form of "lawful intercept"?

Depends on if you think un-updated, bad PRNG devices are better.

This isn't an "either-or" situation. You can have an auto-updating router which doesn't depend on configuring via a third party service.

Not really. If the router auto-updates, it has to get that update from somewhere. If anything, being able to push firmware is more powerful than being able to push configuration.

Their privacy policy seems open ended enough to indicate otherwise. Using this router allows Google to collect a HECK of a lot of data about your Internet usage.

Well, privacy policies are weaksauce and in general haven't been legally tested that much.

Terms of Service [1] is the real deal. For e.g. - (I've removed examples given in brackets)

-- When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works communicate, publish, publicly perform, publicly display and distribute such content.

The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services.

Our automated systems analyze your content to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. --

So yeah, the Terms of Service is filled with so many legal loopholes that only a lawyer would love.

[1] http://www.google.com/intl/en/policies/terms/

I like the "for example.." present in most sentences.

Attempting to list out each and every individual instance where a piece of data might be used does not a good privacy policy make.

That IS a lot of data!

For now

> For now

Sure! What else doesn't it do "for now"? You should make a list. Subliminal messaging out of the speaker, ad hoc mesh for coordinating kill-bots...

More seriously, one nice feature of that page:

If changes are made to this article (which should be rare), a revision history will be available on this page to let you know what has changed and why.

All privacy policies should have this.

> I highly doubt they added a Google account requirement to improve ad targeting.

Ad delivery networks, and google is one of the biggest, have one core business: delivering ads. Everything is setup to make that as big and as solid as possible. Whatever it takes (and we all know how far ad delivery networks will go: almost infinitely far).

Now they ship a piece of hardware, require signing up with an account, and it's not for prolonging / helping their core business? If you believe that, I have a piece of land I want to sell to you, special price.

I'm not going to say you're wrong, but Google has an interest in maximizing the number of people who have consistent, reliable, enjoyable internet experiences. If this hardware does not collect data to help them target ads (and that may very well be the case), but causes more eyeballs to spend more time online where they will find Google-hosted ads, it helps their core business AND the customer.

Believe it or not there are a lot of teams at Google that don't think about ads. I worked on Geo for over three years and had plenty of discussions about how various things should work, and ads never came up. (There was one case where we pushed pointless login requirements on the user, gating Zagat reviews behind a G+ login, and I (along with many others) argued against it.) Like I said, I'm not on the OnHub team, but knowing how these sorts of things work my educated guess is that they did some market research and found that the best way to have the best UX for the median user was to do cloud-based configuration.

On top of which, the privacy policy (linked elsewhere in the comments)_ makes it clear that your actual web browsing data isn't tracked.

At a strategic level, if we make wifi better and people use the internet more, sure, we can show them more ads. Maybe that and/or other strategic concerns are part of why the project got funded in the first place. But the people actually designing the features are probably a disjoint set of people from the ones thinking about that kind of strategy.

I agree!

- Typed on Google Chrome on my Android Phone, connected to my Google Fiber network via my onHub router.

> Ad delivery networks, and google is one of the biggest, have one core business: delivering ads

It's made by an alphabet subsidiary, not google. Google are the bad ad-selling guys, they're the good guys. 100% true!

Sounds a lot like the Meraki model. Makes sense... I'm sure one of the top consumer issues is losing router credentials.

> losing router credentials

I suspect 95% of people do not change the default credentials, which are stickered or engraved on their routers.

> default credentials, which are stickered or engraved on their routers.

Which having a seemingly random admin and wifi password with WPA pre-configured is better than no password.

I remember a story where an individual connected to an open AP, scanned the network, found a windows network share with everyone read access, that had NES roms and their tax returns. The sad part, and still is true today, you couldn't help them without admitting that you committed a crime (a felony I believe).

Sure you could -- just drop off a file someplace visible.

That would require committing a crime (in the US at least).


This is too funny - why would you admit, to a cop, what you are doing??? You just say you are sitting in your car enjoying a nice day - and it wouldn't be a lie because technically you are. It just so happens you are doing other things as well.

> He had been accessing the Internet through a nonprofit agency's network from a car parked nearby and chatted with the police officer about it.

If you are thinking "but surely the legal system should understand this concept, right?"

> "I had a feeling a law was being broken, but I didn't know exactly what"

Or how about the library who didn't mind a patron was using their wireless system - but the police still wanted to press charges:

> The library director said that Tanner had not broken any rules, and local citizens criticized police for their actions.

From one of the news articles:

> The police officer confiscated Tanner's laptop in order to inspect what he may have been downloading,

That is a big NO. If a police officer ripped my laptop from my hands - I guarantee it would be a decision we would both regret.

I think you meant to attach this reply to some other comment.

No - you said drop off a file somewhere. Connecting to their open AP is a crime in itself. I was trying to point out that the legal system has no idea how to deal with the legalities of accessing APs. Of course, they would have prove I had a malicious intent (assuming they could track me down).

So don't sign the file with your real name?

> read access

If you have their tax returns, you can mail them a letter, or often even phone or email them.

And honestly that probably greatly improved home wifi security.

Yup - my first thought too.

I used to work there, and one eternal subject of lunch-table conversation was how interesting it would be to make consumer routers with the same ease of management... but how the consumer market is such a hellhole to work in because margins are so low and consumers are more sensitive to price than to management complexity in their purchasing decisions.

A good brand like Google's can get around that, though.

How can they link all collected data then ?

Could be worse - a G+ account.

Yay, more wifi data. Android wasn't enough ;)


A Google Wave account.

Do you mean because they aren't available, or because of something about wave?

When I tried it after hearing it would shut down soon, it seemed neat.

Yeah, Wave was a great tool for remote collaboration/project management. There's the Apache Wave bundle you can self-host, but it's not as simple as just linking someone to wave.google.com.

I was just being snarky. A router requiring you to have a Google account seems needlessly complicated. We could crank it up a notch and allow only the users of an esoteric and obsolete messaging system use it.

Wave was a cool idea, though. But refusing to integrate it with e-mail under the assumption everybody will stop using it was a tad optimistic.

Not only that, why do I need an Android or iOS device? Are we too hip for web configuration pages now?

It's computer fascism and people are stupid enough to sign up for it.

The fact that you can decide to sign up for it or not means it's not fascistic at all.

Very interesting. From looking at the specs, it looks like they're packaging a server and marketing it as a router. The configuration app is a very nice touch, routers have always a pain to configure. I'd love to stick this in my apartment (even though I can only receive a maximum of 10mb/s).

As a side note, I'm surprised this isn't marketed alongside the Nest branch. It really has the look and feel of Nest products with the LEDs and the speaker aesthetic. Also surprised this isn't an "Alphabet" product.

"As a side note, I'm surprised this isn't marketed alongside the Nest branch. It really has the look and feel of Nest products with the LEDs and the speaker aesthetic. Also surprised this isn't an "Alphabet" product."

It pretty much is... it's their way of sneaking the 'home automation' core/aggregation box into people's homes masked as a wireless router (for now).

I'm sure the capability you mention will come heading into the future. The only question will be : execution/security and will a competitor come up w/ a more secure/well executed product which won't serve as a data vacuum hose to google.

This kind of product launch on the heels of their massive alphabet re-org with no understanding where it came from (division wise) or what its goal is leads me to question whether the re-org is really going to move google beyond its former execution flaws ...

> home automation' core/aggregation box

Deeper than that, even. It seems like this is intended as a local-network cloudlet[1] substrate.

Launch an app on your phone that needs a companion frontend server instance to talk to? One gets launched "in the cloud"—specifically, in a virtual cloud owned by the app author. But where is that instance, physically? Usually a provider like AWS... but with a cloudlet peering arrangement, that instance could instead end up running on your router. (Not as crazy as it sounds if your app has an N:M frontend-backend server topology.)

[1] https://github.com/cmusatyalab/elijah-cloudlet

I've been toying with terminology to deal with the idea of a decentralized p2p cloud. Calling it a 'virtual cloud' seems off, and 'fog' has been co-opted by other kinds of tech. Any thoughts on what would be a good terminology for this?

“The Shade”

* It’s a play on the word “shard”.

* It suggests privacy and protection.

* It suggests something that is nearby, as opposed to “the cloud” that is far away.

Unfortunately, the word is probably too susceptible to negative connotation.

I thought fog was being used to describe this kind of thing. Where else is fog computing used, differently?


Given that it has ZigBee, Bluetooth 4.0 I think it's meant to be a hub. It also mentions Weave which would work well together with Nest: https://nest.com/support/article/How-does-Nest-Protect-conne...

What about Thread?

Thread and Zigbee both work on 802.15.4, which it supports.

Come to think of it, that's why Google is so behind Thread - they want a mesh networking protocol that's not exclusively local, but can connect each one of the embedded systems directly to the Internet with their own IPv6 address. Although, the protocol does support using a "gateway", too, but I have a feeling that won't be made the priority for most Thread-enabled devices.

Thread uses the same hardware and radio protocols as Zigbee but a different software layer on the top.

Which means this could easily get Thread support as one of the "software updates" to come out.

The FAQ on the specs page mentions Thread support.

Well they bought Revolv a while back (via Nest), mostly for the team. Come to think of it, I think they were working with Go too.

Revolv Hub supported devices:


There are decent solutions to this already. INSTEON works great. It's got dual-band connectivity (wired and wireless) and you can either use a cloud hub if you want, or control it locally with a computer.

I can't tell you how many Insteon switches I've replaced in anger because they start flashing, stop responding to button presses, start beeping - one didn't even stop when I pulled the air gap switch. I'm well versed in their tech and in electrical systems, and everything was installed correctly, in some cases with fresh neutral wires pulled through direct from the neutral buss bar in the service panel, just to avoid potential crosstalk/current leakage, since they communicate over wires as well as via two way radio (newer spec switches).

I know it's anecdotal, but the Insteon forums are filled with similar stories. I was a very early adopter and have been through several generations of devices, and I'm committed to using another platform when I start replacing the remaining Insteon switches that will inevitably die.

I wouldn't recommend Insteon to anyone. X-10 was more reliable in my house. I'm evaluating Zigbee options now.

I just bought a Zigbee Winkhub because I was looking into something to play around with to remotely control lights. I also wanted something that I could hack and run my own code on. The Winkhub is relatively easy to hack. I've only been using mine for about a week now but am very happy with it. I've only tested mine with lights so far.

I have heard these stories (and am wary), but I have yet to have a single INSTEON device fail on me so far. X-10 was completely unusable for me.

> The configuration app is a very nice touch, routers have always a pain to configure.

Basically this boils down to:

The average home router which has basic to no settings (many even lack channel selection) but usage is poor to suboptimal. I had a Netgear router which had broken internal static routing - and netgear's response was to buy a different router (even though you could set it inside the router...).


Buying a higher power router or installing DD-WRT, Tomato or any of the other firmwares - now you have 1000 configuration items but you don't know which ones to tweak to give you good performance.

I believe most people fall into the middle - they want something that's easy to use with good performance but with the ability to adjust the 1000 configuration items if they wanted to.

> I believe most people fall into the middle - they want something that's easy to use with good performance but with the ability to adjust the 1000 configuration items if they wanted to.

I think most people want something that just works. (Most HN readers might want something where they can adjust 1000 configuration settings, but most people I think would never want to.)

> Also surprised this isn't an "Alphabet" product.

Alphabet has been announced, but AFAIK the actual corporate transition hasn't yet occurred.

Not to mention Alphabet is a holding company and won't have any products. It will all be done through the subsidiary companies (e.g. the new Google).

> I'm surprised this isn't marketed alongside the Nest branch.

I'm surprised that it isn't a Nest branded product that the Nest division ultimately controls. Looking at Google's history, I wouldn't be surprised if the Nest division came out with their own wifi router as well.

I'm hoping that this doesn't turn into another Google TV release where the product is barely beta.

It's comparable to the other top home commercial routers out there, like the Airport Extreme or Linksys 1900AC.

What specs are you talking about specifically? It doesn't look like a server at all.

There's a specs link at the top of the page, but I'm also not sure what parent poster means. Just confused, I think.

The specifications are on a par with low-end consumer-grade NAS products, and it has a USB 3 port, but nothing on the site says anything about providing storage or other services, except for router-type and supporting configuration services (I suppose "keep an eye on your network" is a bit of an extra).

"Plenty of room, OnHub has 4GB of storage space, so there’s plenty of room for auto-updates and the latest software features" is hardly selling a server. All it claims to be is a fancy router.


The detailed specs page shows a 1.4 GHz Dual Core processor and a 1GB of DDR3 RAM. Thats a little ridiculous for a router

Not really. The Linksys WRT1900AC has a 1.2ghz dual core CPU as well.

At some point you need a general purpose CPU to run everything and it's not hard to just throw an ARM SoC at it which is going to be in the 1-1.5ghz range and dual core because that's just what low-end is now.

The Linksys: http://www.linksys.com/us/p/P-WRT1900AC/

Agreed, the specs between the WRT1900AC and the OnHub are strikingly similar. Even the advertised smart features.

The CPU is inline with top of the line routers these days (e.g. Asus RT-AC87U is a 1Ghz dual core). 1+Ghz dual core CPUs are really cheap these days.

The RAM is about 4x what other routers are packing but the cost difference between a 1Gbit chip and 4Gbit chip is a few dollars. Prices have been plummeting this year and 8Gbit chips replaced 4Gbit as the new hotness. Not to mention DDR4 rolling out so there might just be dumping going on that makes adding 1GB of RAM a non issue.

It's a Dual Core ARM, it's expected for a good gigabit router.

I'd imagine it's basically off-the-shelf mobile hardware.

Plus at least 4GB of storage.

> routers have always a pain to configure

Eh? You must buy some shitty routers, no offense.

Compared to the rest of the market, paying $200 for a router isn't competitive. It just is not worth it given Google's "eh-we-will-do-it-and-stop-if-people-complain/sue" mindset.


To Melvin, since I'm submitting to fast:


> OnHub Wireless Router from Google and TP-LINK > by TP-LINK

1) You complain about the quality of TP-LINK products and think the solution is....another TP-LINK product, likely measured in the same way.

2) Honestly, I cannot think of a consumer AP that would actually perform to your expectations [apartment complex with 30+ competitors, saturating all the channels] that would be priced at $300, let alone $200. I can tell you right now, this Google AP won't do it either. Its "up to 1900mbps" for a reason. Trust me. Buying this won't be a magical solution to your problems if you real world gigabit speeds.


To the folks complaining about "magical routers":

A) Buy something from Ubiquiti Networks.

B) Buy something you can flash with WRT firmware.

In both cases, as long as you understand the hardware specs, you'll get something better than the norm. In Ubiquiti's case, I'm 99% sure it will outperform a Google branded TP-Link AP unless Google is heavily subsidizing and QAing everything.

I have a 1 Gbps fiber connection at my apartment. I spent a good hour doing research and finally bought this http://www.amazon.com/gp/product/B00BUSDVBQ. It had 4.5 stars at the time and was the highest rated router that Amazon carried. I bought it, plugged it in and ran speedtest on it. Max speed I could get was 250mb/s. Not bad but not the gb/s that was getting advertised. Additional, over time, it would always slow down to 10-50mb/s. I called TP-Link and they said this was likely the best it'll do and the advertised speeds are in an interference free lab environment.

If OnHub fixes that second problem as they claim to, that would be more than enough reason for me to spend the $200. If they can get higher than 250mb/s speed by optimizing around the congestion, $200 will be well worth the spend.

I was in the same situation as you. Same Router too.

I could actually get close to 1 Gbps with the stock firmware. But it was unstable, requiring a reset every other day. I used an open source firmware, but it didn't contain the NAT offload module, so I would not be able to get over 200-250 Mbps. (This was is all wired, not wireless).

Since I had a wifi access point, I ended up switching to an Ubiquity Edgemax router and haven't had any problems since.

Not really a fan of TP-Link.

Here's the thing about TP-Link: They're a "good enough" manufactur. Meaning if you care about something, don't buy a TP-Link, but if you don't care that much and just need it to basically work "good enough" (e.g. WiFi for your mom's house) then they're fine.

I got a cheap TP-Link repeater. It works fine, nothing special, no bells or whistles. But for the price it was a good buy.

TP-Link are hardly a manufacturer of "good enough" products. Their $100 Archer C7 router is the top recommendation on TheWirecutter for over a year.[0] Their $75 Archer C5 is also the top rated AC1200 router in every single category on SmallNetBuilder.[1] It beats out more expensive models from all the bigger name manufacturers.

[0] http://thewirecutter.com/reviews/best-wi-fi-router/

[1] http://www.smallnetbuilder.com/tools/rankers/router/result/1...

I've got the same router and I'm getting close to 900Mbps. Maybe your client device doesn't support 5Ghz?

I'm very happy considering the price and openwrt support.

Wifi or ethernet? My client device is the latest MacBook Pro. It supports 5Ghz.

So what's your magical router? Does it have options actually make sense? And a help that is, like, helpful?

I'm talking about things such as "Enable XPRESS whatever". Help: "Turns XPRESS whatever on or off". And then you find out that no matter what the feature was supposed to do, theoretically, in practice it makes the router slow and unstable. Or, at worst, crashes it. No brand is immune. Many (non-enterprise) routers will advertise QoS features, but you find that you are better off without them.

That goes for almost all brands that are not classed as "Enterprise" - and even some that are.

Have you ever tried an AVM Router? Amazing things, several of their Fritz!Box lineup are actually better specs-wise than this Google router (and don’t come from a company with rather questionable update and privacy record)

Have you tried running either a *wrt variant, or, if you don't like poking firmware, any of Ubiquiti's offerings?

How do DrayTek products rank these days? When I was on ADSL they were excellent, and their UK-tuned firmware outperformed Linksys & Netgear.

Now I'm on fibre I'm using the Draytek purely as an access point, and BT's modem to connect. The Draytek'll need replacing soon.

DrayTek sucks as a router, those things need to be rebooted all the time. Use an EdgeRouter.

No experience with Draytek's routers, but I've been happy with their ADSL/VDSL modems (Vigor 120/130). They have some really nice features, like PPPoA -> PPPoE passthrough.

We're using a few of their modems in bridge mode and then everything works fine. It's just the routing they can't do.

I only recommend what I've used personally. :/

> Trust me.

I don't trust people who say "Trust me." :)

I'm sure. No one ever believes me until I've been paid to fix it. I'm used to it.

It's less about your skills, and more about your presentation. "Honestly" and "Trust me" smack of salesmanship. It's a weird effect. Engineers try to be more persuasive by picking up, intentionally or not, vocabulary used for persuasion. Unfortunately, there is a lot of nuance that's hard to control.

Tighten up your writing, and perhaps speech, so you simply state the facts as you see them. This router will meet your needs because it has these 3 features. 1,2,3. It's much harder to argue with flat statements of fact as opposed to the salesmanship trick of, i would lie to most people but i like you so i'm going to tell you a secret.

Or, you know, don't. If it's not a problem for you don't waste time on it, but that's the underlying effect.

Thanks for the advice.

I think the underlying problem is my incentive is for people to disbelieve me the first time I tell them something. I don't really care if they believe me since after I am proven right I get more to fix the problem. [e.g. The last time, I got ~$6k] :/

So I'm not really motivated to fix it, y'know?

I probably should fix it since I'd be a better person for it but my financial incentive isn't aligned with fixing it.

My point: you're a random stranger saying to another random stranger "trust me" without justifying your request to trust you. Why should I trust you?

Your reply: After I've convinced them that I know enough to fix the problem (by either demonstrating my expertise/qualifications/experience or getting someone else to vouch for me), they believe me.

Well duh! If you demonstrate why they should trust you, they'll trust you. They won't just randomly pay you money to fix shit if they don't trust you.

Given I suggested a free solution it doesn't really require much trust.

But hey, go keep trusting the people who already screwed you.

You're going off the deep end now.

I'm uncertain how a factual statement is going off the deep end but okay.

1) You want to fix a shitty TP-Link product with another TP-Link product.

2) How is that not that?

Trustworthy people don't need to tell others to trust them.

I've never had problems with my Router. I do however have problems with Google ChromeCast vanishing from other devices -- which according to Google is a problem with the router (although for me the problem mostly occurs when the ChromeCast decides to use the same WiFi channel for its internal WLAN as the WiFi it's registered on).

I also have occasional problems with Linux devices being picky and flaky -- sometimes not connecting at all (repeating the "connecting..." phase ad nauseam) and sometimes just dropping the connection until I restart the device.

I find it dubious that these problems would be fixed by a Google branded router.

I have a Ubiquiti AC access point at home and the only thing I could see the OnHub doing better is the auto-sensing other networks and working around them. I'm not sure how that would work yet since changing channels would kick everyone off wifi for a second but the Ubiquiti "auto" channel is only changed/detected at boot (probably for the reason I just mentioned).

Really? I paid more for that for my last one. ASUS RT-AC68U when it just came out...

I think the best way to judge this product is as a hub for a smart home. The fact that it is an easy to wifi router is incidental (in spite of the fact that is all the marketing is talking about). It seems pretty clear, "onHub" is suppose to be a hub for a bunch of "on" branded smart home devices.

I've written some more fleshed out thoughts here: https://medium.com/@mrwilliamchang/onhub-is-not-a-router-foc...

To understand why certain products, which are seemingly unrelated to Google's core competency, have stayed with Google and haven't moved on to Alphabet, or why Google created a product such as OnHub and not Nest, you have to realize why all of these product are under Google - to track all the data that goes through them under the same generic/unified "privacy" policy, and then feed it into its advertising system.

That's why OnHub is a Google product.

For clarity:

Here is the help page on the topic of data collection and privacy: https://support.google.com/onhub/answer/6246642?hl=en&ref_to.... And see also, how to set a whole bunch of privacy settings: https://support.google.com/onhub/answer/6279845?vid=1-635755.... Disclaimer: I work on the project. I am not a spokesperson or legal or marketing, or anything like that.

I hate to burst your bubble, but it's actually just a branding thing, and has been in the works for much longer than anyone involved knew that Alphabet was going to happen.

The team that built this is part of the same company as Google Fiber (disclaimer: for which I work), which is in fact no longer part of Google Inc.

> but it's actually just a branding thing

I've heard it's mostly a liability thing. When projects like the self-driving car were directly under Google, Google's assets were fair game in any lawsuit over that technology. With the current setup, liability is siloed in each legal entity which gives the cash cow, Google, more protection.

More here: http://www.theverge.com/2015/8/13/9149431/alphabet-google-co...

I wasn't commenting on why the Alphabet thing happened (I've heard all sorts of explanations but nothing official except what's been said publicly, and I don't personally have any insight). I was talking about why things in Access & Energy are still getting the "Google" label, e.g. "Google Fiber" or "OnHub by Google".

Well, if they wanted to track data through this, though, they either have to make it under the Google brand, or can’t sell it in Europe.

And that's exactly why it won't be getting put in my home.

This was a primary motivation for Google+ as well - a single unified login under one unified privacy policy.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact