Hi all!
I've been a openwrt-addict for many years now. Thought I wanted to try the Unifi Dream machine, a 8port switch and AP Pro. So that what I did and I'm looking at my investment in retrospect now.
Because I didn't reeeeeally google much before buying, I thought that Unifi UDM was the sh*t when it comes to security, privacy and what not. For instance Internet threat protection and stuff. But when I read different blogs it seems that they are all based on stuff that is free on the internet, so for instance openwrt does support a lot of unifi features (and for what I know doesn't cost a bag of money!).
So to be short. I'm thinking of returning my equipment, put back my 1900ACS as router and use my netgear router as a dumb ap again. Because I can't really see that I gain so much in privacy etc. I'm kind of into things, but not a superduper geek building my own builds, so I'm hoping for divested builds to keep rocking.
By all means is Unifi looking good, but for instance adblocking is not supported. "Go get a pi-hole"! What the.. 
I had that with my linksys 1900acs for a long time, and it was working flawless too!
So shoot me in the head if this is the wrong place to cry about this, but help me to get back to openwrt please
edit: https://github.com/albertzsigovits/writeups/blob/main/unifi-udm/README.md
I've found here that since this is running linux as well it's possible to install a lot of things. For instance pi-hole (i thought I need a raspi for that!). Also adguard, dns with ad blockers...
Maybe this unifi dream machine isn't that bad anyway?
1 Like
Ubiquiti has pretty much abandoned their EdgeMax line outright (which was what gave them their start and was their bread and butter before Unifi came along) and was recently (read: November, originally reported in January, full truth came out in March) compromised six ways from Sunday when a disgruntled senior engineer quit and took the root keys with him, in the process laying bare ALL of their intellectual property and customer data.
How's that Dream Machine looking now? =) It's the bastard lovechild of EdgeMax and Unifi, BTW.
3 Likes
I've heard about that breach, and it's not good at all. Nonono. What's kind of frustrating, is that for the unifi networking-app on iphone to work, "Remote Access" must be enabled - EVEN when on LAN/WLAN or with VPN! What the actual heck?
edit: on a general basis, how well does openwrt (when patched regurarly of course) perform on a privacy/security stand point? Who is best? Will openwrt because of it's opensource image and continous development always be better than some manufacturs like linksys, netgear or asus? Maybe it's impossible to answer..
1 Like
Privacy isn't a technology issue, it's a practice issue. There have been sufficient breaches, however, that my long-held stance that privacy is an illusion appears to be more true than ever.
Regarding security - on the perimeter (where OpenWRT and all routers tend to live in homes), so long as you have proper firewalling, there's very little threat. DNS hijacking is possible but exceedingly remote, and honestly ransomware and other forms of malware (that don't involve network gear at all) present a thousandfold threat compared to your router.
Security and privacy are both largely behavioral and tend to be most effectively attacked via social engineering than anything. Humans will always be the weak link in the stack.
2 Likes