As someone from Europe, I certainly am at least equally uncomfortable with products from the US. Made in USA to me equals zero concept of privacy protection but plenty state surveillance (CLOUD Act, Cisco having hard coded back doors every two weeks etc.) and recently even lack of rule of law and even threats of annexation of European land and interference in domestic elections.

Sure, China will probably also spy and conduct industrial espionage, just as the US, but they appear to be a rational actor and have never threatened the sovereignty of European countries.

the US has a recent history of extra-terrestrial law enforcement, both in ally countries (kim dotcom, meng wanzhou), and non-ally countries (bin laden). that's the main fear. w.r.t. the US, everybody is at risk, all the time.

if you don't do anything wrong, you won't get into trouble, and out of 8 billion people in the world, only a handful of people get in trouble. the problem is, the definition of trouble can change.

Who can guarantee that the Cisco/UniFi or whatever Made in USA gear won't be a host to a state sanctioned "lawful interception software" politely pushed to many devices with the help of a National Security Letter?

Who is "we" in this context?

I'm neither from US nor from China, so I don't belong to either "we". So in my case no hardware is safer unless I design the board and develop the firmware on top of it.

Even then, I'm not sure whether there are hardware vulnerabilities baked in.

I think it’s safe to say that by “We” we can assume it would be your country and its allies.

War and spying has been a thing for a long time now. I think it’s unreasonable to expect countries to not make use of their respective industries and enterprises to get an edge on each other.

The fact is that this kind of hardware is just very good for that so as I a costumer, I feel you and I think the best we can do is buy a custom hardware and install a custom OS. Like open-wrt.

But I will not complain of my country doing that because when I see adversaries doing it, it’s completely reasonable that it also do. In fact, game theory, mandates it.

> I think it’s safe to say that by “We” we can assume it would be your country and its allies.

I live in a country which has been spied on for years by its closest "ally". See Crypto AG scandal for more details. So in my case there's no "we".

Yeah, the most realistic trade-off might be installing OpenWRT and some tripwires to see whether anyone is trying to do something nefarious remotely.

In spying, there's no "we".

> In spying, there's no "we".

Sometimes your own government is the most likely to spy on you.

> Yeah, the most realistic trade-off might be installing OpenWRT and some tripwires to see whether anyone is trying to do something nefarious remotely.

I agree with that, but its beyond the reach of most people.

I think zero trust or low trust within your LAN is also a good idea. So is firewalling ISP supplied routers.

Thats also fair. I agree.

There are no allies in this world. There are opponents, and opponents who say that they are your allies.

If a government has a backdoor it can be exploited. What if your US made router's backdoor is discovered and abused by a Chinese party? No backdoor can be made to only exclusively be unlocked by its creator.

Compared to it being in the hands of the US, who couped my country and bombed my neighbours?

Definitely.

Yeah this US centric view that deemed china as the "bad guys" also problematic

because in some parts of the world like middle east,south american,africa etc

the US is deemed more evil than china etc

I do not know those countries, but in South, South East and East Asia the US is not the threat, its a potential ally against China. In most of Europe it is an important ally.

Allies to spy on each other, but they are not a threat in the way actual or potential enemies are. The fact the the US spied on Germany, and Britain spied on Belgium does not really make them threats.

It was an important ally, Europe is currently investing billions in uncoupling its reliance on both Russia (for natural resources) and the US (for defence and natural resources) because neither party can be trusted anymore.

> Europe is currently investing billions in uncoupling its reliance on both Russia (for natural resources) and the US (for defence and natural resources)

Russia, yes.

I do not see any real expectation of Europe not being reliant on the US. See the many discussion here about reliance on US cloud services. Where else are these natural resources to come from? Where is the technology or the money to scale up to what the US has?

1. Canada (2nd largest country in the world after Russia).

2. Internally.

USian hubris won't end well for the US.

Europe is offloading it's reliance on Russian LPG just to buy more from the US.

You didnt read the comment that I replied????

lol, US didnt just doing only "Spy", read the comment tree first

Can you link to a source where that's demonstrated? If these devices have a backdoor surely both HN hackes and the NSA would have found it by now, right?

> much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

The same is true of any country, including the USA. Australia & the UK have laws to that effect, and the USA backdoored RSA and Juniper off the top of my head.

Unless you run purely open source, your only choice always has been which country had open slather to spy on you. There are no real contenders for open source phones right now, so for most of us guaranteed privacy was never a choice. (I have high hopes for Halium in the future, as I hate this.)

For those of us in East Asia or some country like Iran or Venezuela that the US likes to bomb periodically, China is the least objectionable spy master. Those of us in the West chose USA, as they were a reliable trusted ally. Then Trump arrived on the scene and make things complicated.