Tiny Wireless Device Offers Tor Anonymity

Lucas123 writes: The Anonabox router project, currently being funded through a Kickstarter campaign, has surpassed its original $7,000 crowdfunding goal by more than 10 times in just one day. The open source router device connects via Wi-Fi or an Ethernet cable making it harder for your IP address to be seen. While there have been other Tor-enabled routers in the past, they aren't small enough to fit in a shirt pocket like the Anonabox and they haven't offered data encryption on top of the routing network. The device, which is being pitched as a way for consumers to securely surf the web and share content (or allow businesses to do the same), is also being directed at journalists who may want to share stories in places where they might otherwise be censored.

I wonder how much we can trust it

[PhrostyMcByte]

Making Tor dead simple to use is great, but this is such a nice device for three-letter agencies to target inserting a backdoor into.

Re:I wonder how much we can trust it

Its open source and open hardware. All the good.

Re:I wonder how much we can trust it

"Open" is rather misleading because it would be easy for "them" to compromise a few individual shipped units and poison the pool.

It's going to be pretty easy to confirm whether your device is running the same binaries as everybody else and to recompile and replace them if it isn't.

Do you plan to audit the code and make sure it's as-advertised, none of the code does anything shady

Yes. You can never be 100% sure but you can be pretty certain.

and the binaries are compiled from the code you saw?

I can compile the binaries.

Re:I wonder how much we can trust it

[DaHat]

How do you determine that the checksum hasn't been modified in transit?

You could always audit the code yourself and compile it as well... but are you sure your compiler doesn't have any backdoors which might inject evil code just for something like this?

The bugger about paranoia... is you never know if you are sufficiently paranoid.

Re:I wonder how much we can trust it

[Sqr(twg)]

The three-letter agencies don't need to insert a backdoor. All they need to do is operate a bunch of Tor exit nodes.

As soon as you use Tor for everyday activities you are effectively not anonymous anymore.

Example: You set up the WiFi router and start doing your secret stuff. The bad guys have no idea who's behind the connection.
Then the jogging app on your iPhone connects over the same Tor tunnel. It opens an unencrypted connection to a "share my run" server, and now the bad guys know your email address, weight, and the GPS coordinates of the route you ran this morning. They don't even have to tap your or the server's connection. They get the information directly from their own exit node. (I.e. easier than if you had not been running Tor. Anyone can do this. Not just the three-letter agencies.)

Want anonymity? Install the Tor Browser. Then only use it for the anonymous stuff. Never visit any of the sites you ordinarily frequent.

Re:I wonder how much we can trust it

Ahem! Everyone already *is* attacked by mass-surveillance. Tor gives protection.

Re:I wonder how much we can trust it

but are you sure your compiler doesn't have any backdoors which might inject evil code just for something like this?

There are known ways to check that too.

The bugger about paranoia... is you never know if you are sufficiently paranoid.

The bugger is that people get too stupid about it and stop trying to recognize how likely something is.

Of course its not idiot-proof

[penguinoid]

The weak link in Tor security has always been its users.

Re:Not secure

[tlhIngan]

Its a cool idea. There are things that are problematic about it though, like the fact that the browser itself hasn't been properly anonymized. The Tor browser package tries to disable plugins and third party software that might inadvertently reveal your identity or cause other information leakage. There is no such guarantee in this instance, which is a bit of a false sense of security. Tor isn't a panacea for all anonymity issues, and you wouldn't want to route most of your traffic over it.

And therein lies the problem Well, one of several.

First, the users have to actually want to be anonymous. There's no magic "make me anonymous" magic pixie dust that can be applied - I mean, what's the point of using Tor if you're going to log into your Google, Facebook, Amazon, Twitter, or whatever else account? You've not only gave your anonymity up a long time ago, you've just defeated all the anonymity you're going to get because all those ad networks now will be able to re-link your Tor usage to you.

Additionally, Tor is not magic. Using it doesn't make you invisible. Especially if you're going on about "black helicopters" and such because the likes of the NSA have revealed to be running the largest number of high-speed exit nodes, and those who control exit nodes on Tor control it all. Either keep your traffic within the Tor network on Tor-specific sites, or realize that where ever your traffic exits, the exit node may be screwing with you.

Sure you may get certificate errors and such, but I'm sure most users will click through them anyways.

Hell, it almost seems all the spies want users using Tor because by making it magic box, they'll do the same old stupid shit over it and not only be really easy to track and monitor, but the users will think all is well, at that.

yes, keep adding leechers!

The problem with Tor is that there are hundreds of leechers, even the agencies are using it to cover their tracks and it wouldn't be surprising if they controlled most of the exit nodes too!

What we need is to have every internet user to be an exit node, otherwise Tor will just collapse.

This device should at least be a client and relay device, being just a client is being a leecher.