After Anonabox requested US$7,500 and raised US$585,549 before being suspended, I hoped that one-stop solutions would be discouraged but according to Wired News, I couldn't be wronger because there are at least five parties aiming to fill Anonabox's niche:
Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it’s no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet "anonymity" or "invisibility." And as with any panacea in a box, the quicker the fix, the more doubt it deserves.
Last week saw the fast forward rise and fall of Anonabox, a tiny $45 router that promised to anonymize all of a user's traffic by routing it over the anonymity network Tor. That promise of plug-and-play privacy spurred Anonabox to raise $615,000 on the fundraising platform Kickstarter in four days, 82 times its modest $7,500 goal. Then on Thursday, Kickstarter froze those pledges, citing the project's misleading claims about its hardware sources. Other critics pointed to flaws in Anonabox's software's security, too.
But the Anonabox fiasco hasn't deterred other projects hoping to sell an anonymity router of their own. In fact, many of them see Anonabox's 9,000 disappointed backers as proof of the demand for their own privacy-in-a-box product. At least five new or soon-to-launch crowdfunding projects now claim to offer a consumer-focused anonymity router with names like Invizbox, Cloak, TorFi, and PORTAL, each with its own promises - and caveats.
Full disclosure: I may or may not be connected to one of the parties mentioned in the article but I think they're all misguided.
Related Stories
No tool in existence protects your anonymity on the Web better than the software Tor, which encrypts Internet traffic and bounces it through random computers around the world. But for guarding anything other than Web browsing, Tor has required a mixture of finicky technical setup and software tweaks. Now routing all your traffic through Tor may be as simple as putting a portable hardware condom on your ethernet cable.
Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes. Anonabox’s tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfills its security promises, is that it could become significantly easier to anonymize all your traffic with Tor—not just Web browsing, but email, instant messaging, file sharing and all the other miscellaneous digital exhaust that your computer leaves behind online. http://www.wired.com/2014/10/tiny-box-can-anonymize-everything-online/
Subsequent to the posting of the Wired article, some critics on Reddit ( https://www.reddit.com/r/privacy/comments/2j9caq/anonabox_tor_router_box_is_false_representation/ ) have called attention to Germar’s misrepresentation of the “custom” hardware board and plastic case used for the device. They point to stock devices available on Alibaba from Chinese suppliers that appear to be nearly identical. In a followup phone call with Germar, he clarified that the router was created from a stock board sourced from the Chinese supplier Gainstrong. But he says that the project’s developers requested Gainstrong add flash memory to the board to better accommodate Tor’s storage demands. Germar also says now that the case was supplied by Gainstrong and was not custom-designed by the Anonabox developers, a partial reversal of how he initially described it to WIRED.
UPDATE: This project has been pulled from kickstarter. Details at: http://hackaday.com/2014/10/17/anonabox-how-to-fail-horribly-at-kickstarter/ and http://arstechnica.com/security/2014/10/kickstarter-pulls-anonabox-a-tor-enabled-router-that-raised-over-585000/
and, according to Ars:
Redditors and others discovered that there was a hashed root password installed on all Anonaboxes—that password was cracked, and found to be “developer!” an obviously weak password. When asked about the password, Germar responded, "There was no way to log in from the outside anyway, you'd need physical access to the device anyway."
The Independent reports that:
A British firm could be set to net billions of pounds after making a major breakthrough in cybersecurity. Scientists at Scentrics, working with University College London, say they can guarantee total privacy for emails and text messages. It also means that for the first time laptop and smartphone users will be able to connect to wifi hotspots on the move without worrying about hackers. Only the security services would be able to gain access to the messages, if they needed to. The Scentrics application can be embedded into a mobile handset or computer device, enabling the user to obtain "one-click privacy" at the press of a button. Or it can be downloaded as an app, so the sender can pay a small fee for security every time, for instance, they send an image of family or friends over the internet.
The patent assignee modestly states:
"In terms of British Intellectual Property [IP], it is only dwarfed by the invention of the world wide web itself," said Mr Chandrasekaran. "The internet was born without this in its DNA and we've done it." He explained: "What we've done is to patent the IP for a standards-based, fully automatic, cryptographic key management and distribution protocol for UMTS and TCP/IP." In layman's terms, the company and UCL have found a way of defeating what cryptologists call "the man-in-the-middle attack" or MITM - the ability of someone to hack and intercept an electronic message.
The venture comes from a heavy hitting institution and the people involved seem to be quite connected but the scheme only works by having secure access to a public key infrastructure. Unfortunately, As I previously noted when the last one-step crypto system flamed out (but before the next five went nowhere):
any one-step, hermetically-sealed, silver-bullet solution is poor technology and, in the case of security, is actively dangerous. Although it should never be necessary to pull something to pieces, or understand innards, technology is far from waving a magic wand and having something work 100% of the time. Technology is based upon tiers of leaky abstractions. Therefore, *when* it fails, it needs to be divisible so that debug can proceed. Ideally, technology should be a binary tree of components and faults can be found in the manner that Christmas tree lights can be fixed.
Even when packaged and idiot-proofed, the implication for end users is that anything significant needs to be a multi-step process. For example, install application, install certificates, test certificates. Anything less will have a horrendous corner-case which will be awkward to detect, diagnose or correct. And in the case of security, these corner-cases foreseeably threaten liberty.
Full disclosure: I may or may not be connected to one of the parties mentioned in a previous article.
(Score: 2) by LoRdTAW on Saturday October 25 2014, @04:52AM
I'm not a grammar nazi but this is terrible.
Fixed:
(Score: 2) by JNCF on Saturday October 25 2014, @05:05AM
Haha, I kinda like seeing people's quirks come out in writing as long as it's something that I could see somebody actually saying. SoylentNews is people :)
(Score: 2) by cafebabe on Saturday October 25 2014, @09:13AM
I was trying to convey the sense that I was so wrong that I was wrong about being wrong. Regardless, wronger is in the Urban Dictionary [urbandictionary.com] and the Unix Dictionary and usage is technically correct but wavers over time [copyediting.com].
1702845791×2
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @10:02AM
"ed's"? Clean up your own act first.
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @05:19PM
That is no where as bad as the GP complaint.
(Score: 2) by aristarchus on Saturday October 25 2014, @05:19AM
I could be wronger, but I won't since that is not even a word???
But wow, taking advantage of people who have no idea what they are doing on a network! I mean, it is almost diabolical! Man creates internet, internet creates AOL, AOL creates Facebook, Facebook speaks Mandarin and creates dinosaurs, and, dinosaurs hawk "instant anonymity routers", and eat man. Simple chaos theory, really. Anybody could have seen it coming. Why is the primary stockholder in this company with the routers "Air America"? Didn't that CIA front expire during Vietnam?
(Score: 2) by frojack on Saturday October 25 2014, @06:30AM
Hey, wronger spellchecks, so it must be a word, unlike "spellchecks" which doesn't.
No, you are mistaken. I've always had this sig.
(Score: 2) by maxwell demon on Saturday October 25 2014, @09:01AM
My copy of Webster's New Encyclopaedic Dictionary contains the following entry:
So obviously you couldn't be wronger in assuming that "wronger" is not a word.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by maxwell demon on Saturday October 25 2014, @09:05AM
Err ... only after sending submit I noticed that I made an error in typewriting the last pronunciation: It's of course
and indeed written as such in Webster's.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by frojack on Saturday October 25 2014, @06:20PM
We have this thing called copy and paste....
And Websters is online.
Still got to admire your tenacity for digging out that book and retyping it. I'm getting off your lawn now, no need for the shotgun.
No, you are mistaken. I've always had this sig.
(Score: 2) by tempest on Saturday October 25 2014, @01:15PM
I'm pretty sure wronger is a noun though. As in, someone who has wronged another. (but it is a word)
(Score: 2) by cafebabe on Saturday October 25 2014, @09:22AM
I am reminded of the following quote [bash.org]:-
1702845791×2
(Score: 2) by maxwell demon on Saturday October 25 2014, @06:23AM
I can provide you with a box that makes you truly invisible in the internet, and at the same time perfectly protects your computer from attacks from the internet. And it's absolutely simple, too. You just put that box in between the computer and the internet.
Here's how it works: The box has two Ethernet plugs (one for the computer, one for the internet), Neither is connected to anything. Since no traffic from your computer enters the internet, your computer will be completely invisible from the internet, and so will be everything you do on it. On the other hand, any attempted attacks against your computer originating from the internet will end at that box, thus at the same time making your computer perfectly secure against such attacks.
So it's a box that solves two problems at the same time. A great deal, isn't it?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by frojack on Saturday October 25 2014, @06:39AM
Neither is connected to anything. ... any attempted attacks against your computer originating from the internet will end at that box.
Magic...
No, you are mistaken. I've always had this sig.
(Score: 2) by aristarchus on Saturday October 25 2014, @06:49AM
Wow! Pray tell, how much would I have to spend to possess such a miraculous device? Is there an installment plan? Could I possibly be already covered under Medicare like my L'il Rascal scooter? Or do I have to wait 90 days for a refund? Inquiring Minds want to know! (But wait, there's more! Well, more of nothing, so technically it is _more_, just more of nothing. But how much would you pay for Twice As Much nothing? Do not be the last one on your block to have Double Nothing! Call now! Operators are standing! And if you call in the next 15 nano-seconds, well, you are faster than us and way to smart to be bambozzled by such a idiotic scam. OMG henry!!!)
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @07:16PM
October 24, 2014
Another Tor router crowdfunding project nixed by Kickstarter [arstechnica.com]
-- gewg_
(Score: 2) by cafebabe on Saturday October 25 2014, @09:29AM
You have comprehensively solved this problem-space and all else is a compromise; possibly a more pragmatic compromise but a compromise nonetheless.
1702845791×2
(Score: 2) by jcross on Saturday October 25 2014, @01:55PM
Just $49.99 for the economy model with 3 inches of air gap, and $99.99 for the deluxe model with 6 inches! Call within the next 20 minutes to get the extra strength vacuum gap included free of charge*!
* separate shipping and handling charge required
(Score: 1) by redneckmother on Saturday October 25 2014, @04:23PM
... but wait - there's still more!
for an additional $29.99, we'll install TWO interfaces on each side, allowing channel bonding, load balancing, or a backup ISP connection - drop those packets faster and more reliably!
Mas cerveza por favor.
(Score: 2) by cafebabe on Saturday October 25 2014, @12:17PM
It appears that one of the editors erroneously removed one of the parameters from a forum comment. It should be http://soylentnews.org/comments.pl?sid=4428&cid=107343 [soylentnews.org]. I'm quite aware that SlashCode requires two parameters to retrieve a comment, so it wasn't my fault.
Also, one of my hyperlinks was inside a <BlockQuote>, which I dislike because it isn't true to the original quoted text.
1702845791×2
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @07:02PM
I've been mentioning the phenomenon over the last many days.
I was blaming the carelessness of editors.
My apologies to all of you guys.
It's not your fault that the URLs get altered
(though hovering over those hyperlinks should reveal they have been altered).
It's actually Slashcode that is auto-borking the URLs.
It only happens to S/N URLs and only in story summaries.
-- gewg_
(Score: 2) by Blackmoore on Monday October 27 2014, @02:08PM
Cafebabe - i was the editor on this one.
Admittedly i'm pretty bad/new at this, but the regular editor staff needed a break. (i think LaminatorX did all the editing for one day last week, and N1 on another, in a best case scenario we'd have each editor take care of 5-6 a day (Of a docket of 10-12), and then have someone else double check)
That said i did not see the links change. but it's pretty clear that either slash, or my browser did change the links. the in quote link was all me. I'll find a better way to handle that.
Oh the other hand I will comment that the editor we have to use to review and work the submission does make me hurt inside. I wont go further than that since i cant code in perl, and wouldnt be able to rewrite the damn thing.
(Score: 2) by cafebabe on Monday October 27 2014, @02:23PM
I was unaware that editing decisions have been compounded by software problems. After seeing a manual change, I falsely assumed that all changes were manual. A minor bug (which may or may not be related) is incorrect handling of angle brackets after previewing a comment. It may be related to handling of ampersands which recently drew ire [soylentnews.org].
1702845791×2
(Score: 2) by Blackmoore on Monday October 27 2014, @02:40PM
yeah, I think TheMightyBuzzard and mrcoolbp are trying to find that and beat it into submission.
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @11:30PM
I've been using a proxy service for about a year now for a few specific applications. Setup my OpenWRT router to VPN to said proxy, use a Socks service to connect to the VPN over my own network. This way I can use the VPN when I want rather than exclusively. Was a real learning experience getting that up and running, but the resources are googleable.