Tiny Wireless Device Offers Tor Anonymity

Lucas123 writes: The Anonabox router project, currently being funded through a Kickstarter campaign, has surpassed its original $7,000 crowdfunding goal by more than 10 times in just one day. The open source router device connects via Wi-Fi or an Ethernet cable making it harder for your IP address to be seen. While there have been other Tor-enabled routers in the past, they aren't small enough to fit in a shirt pocket like the Anonabox and they haven't offered data encryption on top of the routing network. The device, which is being pitched as a way for consumers to securely surf the web and share content (or allow businesses to do the same), is also being directed at journalists who may want to share stories in places where they might otherwise be censored.

Re:I wonder how much we can trust it

"Open" is rather misleading because it would be easy for "them" to compromise a few individual shipped units and poison the pool.

Do you plan to audit the code and make sure it's as-advertised, none of the code does anything shady, and the binaries are compiled from the code you saw?

Didn't think so.

Not secure

[BitcoinBenny]

Its a cool idea. There are things that are problematic about it though, like the fact that the browser itself hasn't been properly anonymized. The Tor browser package tries to disable plugins and third party software that might inadvertently reveal your identity or cause other information leakage. There is no such guarantee in this instance, which is a bit of a false sense of security. Tor isn't a panacea for all anonymity issues, and you wouldn't want to route most of your traffic over it.

I'm personally more interested in the hardware, any specifics on that? I think it would be a nice platform for a lot of interesting projects, hardware based firewalling etc.

CDNs will render the device useless

Using tor to acces a website that is served via cloudfront will get you a captcha to solve.
The capchas are sometime way too hard for humans to solve.

Most of the anonbox users will be annoyed by the constant capthca onslaught and decide that the device is broken and stop using it.

It should really be called a...

Internet restriction circumvention device. But *NOT* an anonymity device. Tor is great for avoiding deep packet inspection monitoring/blocking at the ISP level, but without a chain of anonymous accounts proxies outside the tor network, etc it's useless as an anonymity device. Sure you might be able to troll slashdot, or reddit, or digg, or whatever your favorite website is, but if even one of those is done with an account you made via the 'normal' net, it has the potential of being identified and tied back to you.

Given the comments about Comcast and Tor mentioned in an article here a few weeks back, I expect we'll see more of the social engineering angle coming at us from hostile incumbent ISPs. The FBI/NSA/USAFCC will mostly not care since they can probably use Tor as probable cause to hack your system (when you finish laughing over 'probable cause', like that would stop them from hacking you either way!)

Overall I think these devices, assuming the hardware is secure and the software is suitably hardened (and lacking either a heartbleed-esque memory leak, or remote exploitable hole offering root level system access), and firmware upgrades are not trojan'd en-route, should see a net increase in tor usage and perhaps wider adoption of anonymity enhancing technology. After all, it's a net gain for all of us if more people use tor, and if this device takes off, hopefully dozens more will spring up. Assuming consolidation is avoided, 10 different types of Tor routers with no more than 20-30 percent compromisation should ensure sufficient route anonymity for the average user.

That said, Windows, your CPU ID, your ethernet hardware address, and now Nvidia's GPU UUID, all seem like much larger and more immediate anonymity holes than tor network compromise. Can anyone verify for me if AMD's GPUs have a similiar UUID feature as Nvidia's cards, and if either or both have a method of disabling the return of said ID's to non-root/administrator applications (The latter obviously won't help with videogames however, since most have administrator level access through their DRM.)

Re:I wonder how much we can trust it

[oneandoneis2]

Don't over-dramatise. This is a way of making it easy & convenient for non-techies to use Tor. Anyone with anything to hide - criminals, terrorists, activisits, whatever - will have long-since spent the 30 seconds it takes to find out how to use tools like Tor without buying a gadget for it.