after breaches into my systems it was soon clear it is one of my network devices. Since I expected this (somewhat) all network hardware based and manufactured in China Mainland will sooner or later be compromised, it seems like GL-iNet is now. I can proof that to a significant extend, via logs and screen recordings, dns requests by the OS the CCP uses (chinauos.com) their parent which is owned by the (broadly speaking) PLA uniontech.com which has even though I used DNS-OVER-TLS plus a VPN just routed all my requests to 127.0.0.1 and then with "0ms" ping directly to their systems. That worked for them
both with Cloudflare & Nextdns.
Be careful and @Openwrt team pls stop endorsing them, sadly not even HK is free anymore, it seems like the party is over. No cloud features of GL-inet were used/activated and SSH/Dropbear was disabled via Luci, didn't help. Its also suspicious that they only download the .ipk data from their servers, not from the official openwrt repos. Or that somewhere in the memory they must safe the UUID, since all devices I have from them let me reconnect to their cloud without login even after reflashing it with DD-WRT (in one case) in all others when I reflash from original OpenWrt back to GL-iNet Factory. That was always the case though.
Neither I or the VPN connection are remotely close to south-east Asia. Be careful folks.
I really hope I and the logs are somehow wrong but it seems increasingly unlikely.
I might add that I do not intend any harm on them, I do believe though that its out of their hands.