|Router Security||Google Wifi and OnHub Routers||
Website by |
In December 2016, Google's OnHub routers were replaced with Google Wifi routers. The OnHubs were single devices, GWifi swings both ways. That is, you can buy one and use it as a single router, or, you can buy two or three and use it as a mesh router system.
As for their security, David Gewirtz recommended them in December 2016. See Sacrificing router flexibility for security with Google Wifi and OnHub. I agree with 98% of what Gewirtz wrote. If you were going to buy a router for Grandma, Google Wifi would be my recommendation.
That said, there are two security issues with Google Wifi routers. First, you are stuck with the 192.168.86.x subnet. Second, UPnP is enabled by default.
Jan. 3, 2017. NOTE: The below was written before Google released their second generation routers, Google Wifi. When Google Wifi was released, the software for the OnHub routers was upgraded to match that of the Wifi routers. Also, I have no first hand experience with Google OnHub routers. Interestingly, my initial security opinion of the OnHub routers was that they were a poor choice for reasons noted below. Now, however, I think Google Wifi routers are a good security choice for non-techies (see above).
Google's OnHub routers are part of a recent wave of consumer friendly routers. These devices do away with many features in an effort to keep things simple for non-techies. In and of itself, this does not make a router less secure, instead it is assorted design choices Google made.
For example, a Google OnHub router can only be configured by someone with a Google account. This means that Google not only knows who you are, but also where you are (based on both the public IP address of the router and nearby Wi-Fi networks). For the most privacy, create a new Google account that is used solely for administering the router and nothing else. Still, you have to assume that Google can get into the router at any time, so these devices are not for anyone who cares about their privacy.
Initially, the OnHub routers did not support Guest networks. This is no longer true.
Other missing features are parental control and content filtering. It also doesn't support VPNs, but it's not clear from the reviews I read whether that only
means that it has no VPN server or whether it also means that the router does not offer VPN pass-through.
Update Jan. 3, 2017: Functioning as a VPN server is the sort of techie feature that the recent wave of consumer oriented mesh router systems (Eero, Luma) omit. However, the OnHub does allow for VPN pass-through access, that is, LAN side devices can function as a VPN client.
As you would expect, the routers default to using Google's DNS servers which gives them an audit trail of every visited website. You can, however, change the DNS servers and I suggest doing so on the theory that Google knows enough about us already.
A fairly rare feature these routers do offer is that ability to self-update their firmware. While, on the one hand this is great for insuring users get the latest bug fixes, there can also be a down side to it depending on how the feature is implemented. I have not read a review with details on how this works.
In response to privacy concerns with their routers, Google describes the data collected and how to opt out here: OnHub, the Google On app and your privacy.
The WireCutter offers a detailed review in their article on the best Wi-Fi router. They say
There is only one Ethernet LAN port.
The routers do nothing to enable Google Cloud Print for printers on the LAN that do not support it natively. Printing from a Chromebook pretty much requires the Google Cloud Print service.
As for Wi-Fi performance, Dan Seifert of TheVerge found the Wi-Fi range much better than an Asus RT-AC66U router. And Joe Wilcox said "The usable wireless range far exceeds the Apple AirPort Extreme router that OnHub replaces in my home". On the other hand, SmallNetBuilder and The WireCutter were not impressed with the Wi-Fi performance. YMMV.