Router Security Google Wifi and OnHub Routers Website by     
Michael Horowitz 
Home | Site Index | Router Bugs | Security Checklist | Tests | Resources | Stats | About | Search |

Google Wifi Routers

In December 2016, Google's OnHub routers were replaced with Google Wifi routers. The OnHubs were single devices, GWifi swings both ways. That is, you can buy one and use it as a single router, or, you can buy two or three and use it as a mesh router system.

As for their security, David Gewirtz recommended them in December 2016. See Sacrificing router flexibility for security with Google Wifi and OnHub. I agree with 98% of what Gewirtz wrote. If you were going to buy a router for Grandma, Google Wifi would be my recommendation. Then again, now I'm not so sure. See my blog 7 mistakes Google made updating my Google Wifi router published May 8, 2017.

And, there are two security issues with Google Wifi routers. First, you are stuck with the 192.168.86.x subnet. Second, UPnP is enabled by default.

This April 2017 article, How Google wants to re-invent the router is a puff piece that could have been written by Google's PR department. Except for one point that I had not seen mentioned anywhere else - Guest network users can see devices on the main LAN. This is a quote from a Google person: "We've also made it really simple for you to share specific devices from your main network to your guest network. So if I want guests to be able to access my Wi-Fi but I don't want them to be able to see my hard drive and my desktop PC, I can do that. I can share my Chromecast, but not my NAS."

In January 2017, Google WiFi routers were sold out everywhere but by the end of February they were in stock.

The page here on Firmware Updating has a section on Google Wifi routers.

May 8, 2017: I blogged about 7 mistakes Google made updating my Google Wifi router.

According to this July 2017 article, Google Wifi routers are based on ChromeOS. The open source GaleForce project lets you root Google Wifi.

Google OnHub Routers

Jan. 3, 2017. NOTE: The below was written before Google released their second generation routers, Google Wifi. When Google Wifi was released, the software for the OnHub routers was upgraded to match that of the Wifi routers. Also, I have no first hand experience with Google OnHub routers. Interestingly, my initial security opinion of the OnHub routers was that they were a poor choice for reasons noted below. Now, however, I think Google Wifi routers are a good security choice for non-techies (see above).

Google's OnHub routers are part of a recent wave of consumer friendly routers. These devices do away with many features in an effort to keep things simple for non-techies. In and of itself, this does not make a router less secure, instead it is assorted design choices Google made.

For example, a Google OnHub router can only be configured by someone with a Google account. This means that Google not only knows who you are, but also where you are (based on both the public IP address of the router and nearby Wi-Fi networks). For the most privacy, create a new Google account that is used solely for administering the router and nothing else. Still, you have to assume that Google can get into the router at any time, so these devices are not for anyone who cares about their privacy.

Initially, the OnHub routers did not support Guest networks. This is no longer true.

Other missing features are parental control and content filtering. It also doesn't support VPNs, but it's not clear from the reviews I read whether that only means that it has no VPN server or whether it also means that the router does not offer VPN pass-through.
Update Jan. 3, 2017: Functioning as a VPN server is the sort of techie feature that the recent wave of consumer oriented mesh router systems (Eero, Luma) omit. However, the OnHub does allow for VPN pass-through access, that is, LAN side devices can function as a VPN client.

As you would expect, the routers default to using Google's DNS servers which gives them an audit trail of every visited website. You can, however, change the DNS servers and I suggest doing so on the theory that Google knows enough about us already.

A fairly rare feature these routers do offer is that ability to self-update their firmware. While, on the one hand this is great for insuring users get the latest bug fixes, there can also be a down side to it depending on how the feature is implemented. I have not read a review with details on how this works.

In response to privacy concerns with their routers, Google describes the data collected and how to opt out here: OnHub, the Google On app and your privacy.


The WireCutter offers a detailed review in their article on the best Wi-Fi router. They say

There is only one Ethernet LAN port.

The routers do nothing to enable Google Cloud Print for printers on the LAN that do not support it natively. Printing from a Chromebook pretty much requires the Google Cloud Print service.

As for Wi-Fi performance, Dan Seifert of TheVerge found the Wi-Fi range much better than an Asus RT-AC66U router. And Joe Wilcox said "The usable wireless range far exceeds the Apple AirPort Extreme router that OnHub replaces in my home". On the other hand, SmallNetBuilder and The WireCutter were not impressed with the Wi-Fi performance. YMMV.

This page was last updated: July 19, 2017 12PM CT     
Created: November 15, 2015
Viewed 10,883 times since November 15, 2015
(17/day over 647 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Copyright 2015 - 2017