Still dont understand why this is such a big issue, and I have been reading threads about it for a year now.
Just turn on cloud access, accept the t&cs and then turn it off again. If you are really scared then you can isolate that device in a vlan or DMZ temporarily.
I run many commercial and residential networks, and this is definitely a non issue for me.
I stopped buying Ubiquiti when I reset my UDM Pro and took it to another house without internet access, and it refused to "activate" without an Internet Connection or a phone app connection. Seems they are more interested in selling a lifestyle rather than actual production network equipment.
I stopped buying them when I saw users posting on reddit that they were logging in to their systems and seeing other peoples camera feeds and networks.
https://www.bleepingcomputer.com/news/security/ubiquiti-user...
Im not excusing Ubiquiti here, I agree thats pretty annoying.
However a UDM pro is a router (as well as other things). The expectation is that it is connected to WAN.
Unifi switches and access points etc do not have the same online requirement.
You can't actually configure the wan connection fully without internet connectivity (at least last i checked).
This meant for instance if your WAN required VLAN like New Zealand you couldn't actually set it up without another router. Their fix is to add 1 more option to the WAN configuration options rather than the full suite of WAN configuration options you get once it's talked home.
The partial fix does make it clear that the philosophy of "you must talk to the mothership" is a guiding one that ubiquiti sticks to.
> a UDM pro is a router (as well as other things). The expectation is that it is connected to WAN.
That's a bad expectation.
When I moved houses, I was without home broadband for almost 2 months. I bought a Cloud Fibre Gateway as everybody recommended Unifi. I intended to set my local network up, have Home Assistant running, as well as my NAS and other self-hosted apps.
Couldn't do any of that until I figured out a way to tether my phone to my OpenWRT router that the Unifi was supposed to replace, and wire them together over ethernet.
Not the final straw that made be give up on it but a truly atrocious first experience.
What are you using instead?
If I ditched my modest ubiquiti gear I’d probably try out https://www.alta.inc/ Because https://chrisbuechler.com/
I swapped my edgerouter lite (ERLite-3) to an Alta Labs Route10 recently after moving to an ISP that uses PPPoE. Unfortunately the Cavium silicon inside the ERL cannot do hardware offloading for ipv6+vlan+pppoe concurrently, so I had to find a new router. The Route10 is a nice piece of kit, but the software is still very immature, and absolutely requires a controller to manage. I really wish that I could run VyOS on it, but for now it does the job and will probably be absolutely fine for 99% of people.
This looks super interesting, thank you
New mikrotik gear is also a great option.
OPNsense.
I’m also curious what other prosumer network hardware companies have good products?
I use TP link Omada gear and its a been very good replacement to unifi. I use it both personally & manage a side gig venue’s network. I have lots of vlans & even run dante & ndi with no issues. Replaced a Unifi system it was so buggy. DHCP reserve IPs failed, spotty issues with artists phones & the mixer board to mix their in-ears etc. I’ve setup IPSec tunnel to AWS VPC even pretty easy.
Using a pi4 for last 4 years on poe running their management docker container. So solid! I’d recommend the pi over buying their hardware device mamager, its way slower.
I like Mikrotik routers, and their other products look good too. They are often discussed on HN if you want to search for a range of opinions. I do find that their software can be confusing, but that may also be to do with the number of options.
Having seen a few slippery slope situations like this over the years with IoT and other services, I'm simply not willing to make any concessions in that direction. I use a UDM Pro and turning on cloud access requires associating that hardware with a Unify cloud account. That's already undesirable if you want to safeguard privacy.
Fair enough, the Unifi brand is a consumer/prosumer brand after all.
I guess if you have strict privacy requirements then you would be looking more at enterprise gear anyway.
Why does strict privacy requirements imply enterprise gear?
Because the elites have decided that privacy is only applicable to businesses.
Ah yes. The “elites”. The invisible yet omnipresent, subtle yet ubiquitous, global cabal that no matter how fragmented and divided society gets, always speaks with one voice[0] and acts in seamless unison.
[0] It’s an endless source of fascination to me that it always seems to be non-elites that have the inside scoop on what the elites are thinking and deciding. I’d love to know where they get that insight if not from their own hyper-pattern-matching imagination.
This is absurd. When people refer to "the elites" as I did, they often mean a large group of people. They do NOT speak with one voice[0], nor do they act in seamless unison. It is a bit noteworthy then that governments worldwide seem intent on destroying the privacy of communications on the internet.
[0] People who are used to getting fucked by people higher up in the economic food chain are pretty used to seeing, with their own eyes, the actions "the elites" take. See, we get to live in the world they create. Whereas they get to live in a much, much nicer world, without rules or restrictions. To call the average person's lived experience "hyper-pattern-matching imagination" is just plainly being shitty.
No. I don’t believe most people can see “with their own eyes” anything of the sort. They definitely feel the pain. But the ability of most people to correctly ascribe their pain to a semi-reasonable, possibly-likely source is utter rubbish. Most folks do the exact opposite. They are SO incapable of seeing with clear eyes that they will happily let their abusers scapegoat utterly irrelevant groups and distract with pointless crusades. Most people let their pain get hijacked just so they can easily point the finger at anyone and feel justified that yes, someone did indeed do them over. And as a result, they will consistently vote against their own interests and join in on the gang bashing of minority groups, all the while being screwed over even more.
Perhaps next time it would be more useful to point out exactly who you’re referring to in a given discussion rather than lazily refer to “the elites”.
I’ll also add that in my view, most of what seems like the concerted actions of a global conspiracy is merely the result of very simple human heuristics. Mostly functions of greed (for money, power, or both). Just like the amazing structure in fractals arises from very simple math, so too the workings of our politics and economies through simple human heuristics played out at scale.
This is an absurd comment.
Do you really think there is some magical network gear out there which provides easy full security, but is only available to buy for a specific group of people?
Because it generally has much stricter firewalls, more granular policies, better/more comprehensive logging, no device phone home, and no requirements to sign up for online accounts. All of which make it all much more secure by default due to standard enterprise company requirements, and easier to customise to the users specific secure needs.
Enterprises often have to pass audits and have regulatory compliance requirements. So no surveillance capitalism for them. Where enterprise tech vendors get you is licensing cost.
Enterprises often have to pass audits and have regulatory compliance requirements.
So do many smaller organisations. The market for prosumer/SOHO/SME tech is in a sorry state lately with many being pushed towards what is essentially consumer level junk with a slightly different finish on the case and a different badge.
There is an irony here in the UK that we're finally seeing widespread availability of FTTP broadband with gigabit+ speeds and the latest WiFi standards but trying to find decent routers, switches, and access points that support 10G internal networking and the full rates of the available broadband and WiFi standards is a nightmare. It's like the only conceivable options are extremely expensive "enterprise" products and consumer junk that you control with a mobile app (until it becomes unsupported at some indeterminate future date presumably) that phones home to the manufacturer's servers (until they get shut off at some indeterminate future date presumably) and only works with an account on the manufacturer's system (until it deliberately or accidentally gets disabled for any reason presumably) and possibly a subscription payment (that can increase arbitrarily in future years presumably). It seems like literally no manufacturer that has previously provided reputable mid-level equipment still trying to compete in this segment of the market any more and that is both sad and potentially dangerous.
They pay enough to not become the product
Because enterprises pay a lot of money for strict privacy, whereas consumers pay less if anything.
In my experience generally consumers pay zero for privacy but expect it anyway.
In addition to the other comments, enterprise infra (almost) never has internet access.
Will it still get automatic updates in case of security issues?