Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tiny Wireless Device Offers Tor Anonymity

Posted by Soulskill on from the fits-discreetly-in-left-nostril dept.

Lucas123 writes: The Anonabox router project, currently being funded through a Kickstarter campaign, has surpassed its original $7,000 crowdfunding goal by more than 10 times in just one day. The open source router device connects via Wi-Fi or an Ethernet cable making it harder for your IP address to be seen. While there have been other Tor-enabled routers in the past, they aren't small enough to fit in a shirt pocket like the Anonabox and they haven't offered data encryption on top of the routing network. The device, which is being pitched as a way for consumers to securely surf the web and share content (or allow businesses to do the same), is also being directed at journalists who may want to share stories in places where they might otherwise be censored.

6 of 68 comments (clear)

  1. Re:I wonder how much we can trust it by ArmoredDragon · · Score: 4, Informative

    A sha256sum of the entire firmware image should suffice for verification.

  2. Bad idea! by thegarbz · · Score: 4, Informative

    No it's not great, and no it's not a back door you need to worry about.

    The fundamental problem is that anonymity is hard, very hard. There have been several people identified via Tor, seemingly smart people who thought they were covering their tracks. In many ways making Tor easy to use, and making a Tor proxy style router is the single worst way of using Tor.

    We leave tracks everywhere we go. Our browser configuration, plugins, OS, etc all leave fingerprints for people to follow and using Tor doesn't stop that. Tor should be hard to use. It should require reading a manual. It should require understanding everything about anonymity. It should be used like Tails, a burner Linux distribution which should leave no trace on the system on which it was used.

    The TLAs don't need to backdoor this device. It's quite likely that they welcome its use.

  3. Re:I wonder how much we can trust it by fuzzyfuzzyfungus · · Score: 5, Informative

    Making Tor dead simple to use is great, but this is such a nice device for three-letter agencies to target inserting a backdoor into.

    While that is a possibility(albeit one that could theoretically be ameliorated, barring hardware-level backdoors, by 'here's how to build Tor from mainline and replace our firmware' documentation), I'd be more worried about the fact that Tor isn't dead simple.

    The project itself has a list of handy warnings concerning What Not To Do on Tor and expect the anonymity to keep working, even assuming there are no unknown attacks and vulnerabilities at play. Tor has no magical ability to scrub dangerously identifying information from the assorted dumb, lazy, or just plain user-hostile chatter generated by various programs on your computer. It also, as a necessary side effect of its design, exposes some traffic to the exit node, which requires that you be careful about SSL/TLS for anything that the exit node shouldn't see.

    That's what makes me nervous about the projects(hardware or software, boxes like this or Android VPN plugins, or whatever) that make it dead easy to route all traffic through Tor. Unless you know exactly what you are doing, that probably isn't what you want. Your day-to-day OS is very likely to be far too dangerously chatty(which means that you really shouldn't use it at all, unless booted to a liveCD; with the Tor browser bundle, that passes only traffic from the Tor browser as a distant second best); but you definitely shouldn't just plug it into the magic Tor box. Some applications you just don't want going through Tor at all. If the traffic is intrinsically personally identifying the best case is that you'll gain nothing and the worst case is that you'll be less secure than you were.

    Things that keep people from running the browser bundle on their poxed XP machines and expecting anonymity are good; but Tor simply isn't easy to use, even if it is made easy to set up, and that can bite you in the ass.

  4. Re:I wonder how much we can trust it by fuzzyfuzzyfungus · · Score: 3, Informative

    The Tor Browser is better than 'just route all traffic through Tor'; but unless you trust that your machine isn't carrying 12 strains of cyber-syphilis, you probably want a non-persistent liveCD OS if you are doing something sensitive.

  5. Alternate solution. by Anonymous Coward · · Score: 3, Informative

    This is a different flavor of the TP-Link TL-WR703N wireless router I ordered from the SLBoat store on ebay.com. It comes preloaded with OpenWRT and I can then flash it with the PORTAL bin file from github.com. PORTAL uses TOR for all access to the Internet.

    https://github.com/grugq/portal

  6. Re:I wonder how much we can trust it by The+Ickle+Jones · · Score: 3, Informative

    As the other person said, everyone is already subject to mass surveillance.

    But even if what you said were true, the more people that use this, the more targets they have to selectively harass. We need more and more people to use this sort of thing in order to better thwart their mass surveillance efforts.