Slashdot Mirror
Anonabox Accused of Lying About Its Product Being Open-Source On Kickstarter
blottsie writes The "anonabox" has raised more than $550,000 on Kickstarter in only three days. But some believe the company's claims that the router-like device, which is said to automatically route users' Internet traffic through Tor, is entirely open-source are false. Anonabox developer August Germar tells the Daily Dot, however, that the device was commissioned specifically to run their code.
Surely that would settle this silly dispute. Either the code is there, or it is not.
Time is what keeps everything from happening all at once.
Anyone who contributes money to a Kickstarter project deserves what they get.
(And I have been sucked in the past, so I know how easy it is).
Wait until the product is on the shelf, and then buy it. If it's really that great, it will get made.
I referenced the following part: The anonabox has been developed and refined for the sole purpose of running the open source software Tor, considered the best and most secure way to access the Internet anonymously. All traffic coming out of or going into your computer or network is encrypted this way. The result is strong, secure anonymity.
Relating to the above, I asked exactly how can they make such claims when proper anonymity requires the users to also understand the concept and to actively avoid doing things that would compromise that anonymity, like e.g. logging to Facebook or checking e-mails. I did say that they are very specifically making it sound like the box can just magically make you anonymous even when you do your usual stuff over Tor and they should either rephrase their sales pitch or I'll assume they don't even want people to really understand the concept. My question has gone unanswered, so take what you will!
the problem isn't just the fact that the code and hardware isn't open-source, it's the fact that the developers openly lied on their Kickstarter campaign. Not only is the hardware not open-source but it wasn't even designed by them, it's a cheap Chinese knockoff of a tp-link 3G router! On top of that after looking through the firmware they've found that it's not custom software, but a badly configured OpenWRT build with a standard root password (set to "developer!"), an unsecured wifi ssid and sshd installed and running by default! The scale to which these jokers have deceived their backers is ridiculous, and this Kickstarter needs shutting down.
His attitude about custom firmware was shocking as well:
I'm keeping a track of how many requests we get relating custom firmware, and from what I'm seeing the user base is not as interested in custom firmware as you might think, which is echoed by this thread (we've shipped 60,000+ units, and less than 10 people have commented in the last month in this thread about getting access to recovery mode).That doesn't mean that we're shooting the idea down, you need to keep in mind that in terms of priorities this is way down the list as you'd expect from any feature where it's being requested by less than one tenth of one percent of the user-base.
It really floored me to read this, given the kickstarter page's promises of hackability. Anyone with a reflashable phone (or any pretty much any other Android device whatsoever capable of using custom ROMS) knows that a real recovery mode is absolutely essential, in case the OS/kernel gets borked. Ouya's supposed "recovery mode" relies on an already-bootable OS, so it's useless. How can you trust any product's promises of openness when it seems they can do a complete 180 with impunity after they have your money?
well.. from the looks of it..
the question should be to ask do they understand the difference between an INVENTION and a product.
clearly they had read about the invention way before and just hashed together a product. they don't seem to have clear understanding of how the product works.
basically they're just selling a 20$ box for 50$. which isn't too bad. but if they don't understand the product, why the fuck trust with them running it, instead of running tor on your laptop? or better yet, running something like tails on the laptop.. the tor wont help if the os on the laptop is the problem - and how they can vouch for the closed source drivers on the board? and if it's not their board, I doubt it's theirs to give away as "open hardware" either. it seems like it's open in the sense that they used whatever was openly available to them...
I think they just saw the project on hackaday, asked around for some boards and smelled money and wanted the money upfront from the customers to negate risks - and then did some bullshit to sell it. now that bullshit could technically be in violation of kickstarter rules, so they might have to move to indiegogo and spin up some more bullshit why they moved("big brother forced us to!" most probably).
world was created 5 seconds before this post as it is.
If the code is freely available and anyone who wishes to can flash their devices with it there really isn't an issue here.
Time is what keeps everything from happening all at once.
This reddit thread has more info:
https://www.reddit.com/r/privacy/comments/2j9caq/anonabox_tor_router_box_is_false_representation/
The issue people have is:
- he claims they have spent lots of effort developing four generations of custom hardware for this thing and that they need the kickstarter money to put it into production.
- the reality is they are buying a cheap existing router from China, adding a big markup and a modified build of open wrt, and making a really good profit from the thing.
This is really misleading and abuses people's sympathy for hardware startups. He is not a hardware startup, he is an importer and that deception is really poor form.
Even if everything on it is properly implemented, which is doubtful, the device will be completely insecure for ordinary, non-expert users. To use Tor securely, the endpoint communication software must be properly anonymized, Java and Javascript disabled, etc. Use Tails or Tor browser bundle on an encrypted home partition of a well-patched system instead.
I don't see what problem this solves that the Onion Pi doesn't solve?
I doesn't matter anyway. The vast majority of users (almost 100%) won't read the source or make modifications. From a purely marketing perspective, "open source" is a word like "locally-grown" to add a nice and cozy grassroots feeling to the product.
Don't use it.
Looks like he is the first to realize that
* openwrt capable mini-routers are very cheap, i use multiple WR703N for tinkering
* there are many firmware generators out there that should it make simple to create an tor-capable image
We will see an firmware-image that you can directly flash from the vendors webinterface and that turns your router into an tor-client.
get out the soldering iron! :P
....for all the people who buy it...when they set it up...and they start wondering why their usually fast internet is so darned slow now.
"As we finished our beers, we noticed a news story on the overhead TV about the Arab Spring protesters in Egypt being cut off from twitter. We wished we could help somehow. "
We were just thrilled that a typical American sponsored color revolution is taking yet another country down to hell for at least another 10-20 years. We just wanted to help! Look at those "peaceful" protestors!
A cryptocurrency called "Freicoin" did the same thing a few years ago. They had a crowdfund on indiegogo under the premise that it would be "peer-to-peer", stayed 100% p2p for the beta, but the moment they went live they changed the code to give 80% of all new coins to the Freicoin Foundation. Sure, it's p2p in the sense that anyone can run the code that gives preferential treatment for a specific entity, so some peers are more equal than others.
This is horrifying - how gullible do you have to be to back and trust this? It's such a big fat juicy target for the NSA (or FBI or Russian hackers or any other group of
miscreants). It's a 'spy on me!' box for the people they most want to spy on. If they have the full help of the company then they can add cheap hardware to the build so that even if you completely wipe and reflash the main partition their stuff still runs. Even if the company were legit, all you need is one guy or one pwned computer inside it.
A couple years ago you'd be crazy paranoid to think they'd bother, but post-Snowden we know they have the time, the interest, and unlimited resources.
I was just notified by email that the anonabox Kickstarter project has been suspended by Kickstarter for violating their TOS.
All funding has stopped and backers will not be charged for their pledges, according to the message.
A sad result, but you have to credit Kickstarter for their actions.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert