Kickstarter Cancels Anonabox Funding Campaign

An anonymous reader writes: On Friday, the controversy surrounding Anonabox reached its zenith with Kickstarter officially canceling the project's funding campaign. Anonabox began with a modest goal of $7,500, but quickly reached its goal 82 times over. Then funders and interested parties began to scrutinize the project's claims, and that's when the project ran into trouble. From hardware that wasn't actually custom-made to software that didn't actually fulfill promises of privacy-focused routing on the internet, the facts regarding Anonabox proved that it was in blatant violation of Kickstarter's rules against false advertising. This project clearly failed, but if the support it initially garnered is any indication, the public is hungry for easy-to-use technology that encrypts and anonymizes all personal internet traffic.

Really?

[Ralph+Wiggam]

The guys who said they could create custom hardware for 7,500 bucks were full of shit? I am shocked.

Re:Really?

[saloomy]

Why is custom hardware needed? Im just curious. There seem to be plenty of cheap ($100) SOC boards out there with ethernet ports. You only need one to route. Not sure what sort of hardware performance requirements the encryption and tunneling software would require, but surely one can be built for much less than $7500. Even a desktop with a bunch of 4x1GB port PCIe cards wouldn't cost a grand... its a desktop I know, but still....

Re:Really?

[r1348]

Hardware backdoors. See Huawei.

Re:Really?

[Ralph+Wiggam]

I believe that among this target market there is a belief that any off-the-shelf hardware is going to have NSA back doors in it.

And you can certainly hand make one unit for less than $7500. But setting up mass production of any consumer electronics product, even one based on stock boards, requires one or two orders of magnitude more money than that.

Re:Really?

>> surely one can be built for much less than $7500. Even a desktop with a bunch of 4x1GB port PCIe cards wouldn't cost a grand

Do you not understand the concept of prototyping? (apparently neither did the Anonabox founders)

The $7500 goal they set was (supposedly) to DESIGN and create MULTIPLE prototype revisions of a custom board. Building one circuit board yourself doesn't cost $7500, but paying an actual EE and fab to design and build a small production run of boards to test your software, the reliability and work out flaws costs a LOT more than $7500.

The question really is: were the Anonabox people just incompetent and not *know* the real costs for custom fab work, or were they maliciously trying to scam to public? The Reddit AMA seems to indicate the latter given the volume of faked and/or stolen product shots which they mysteriously 'didn't know' why they were exactly the same as commercial providers.

Re:Really?

I believe that among this target market there is a belief that any off-the-shelf hardware is going to have NSA back doors in it.

Some of us who make the off the shelf silicon that goes into off the shelf hardware are doing everything we can to prevent NSA backdoors. It is a quiet battle that is going on in companies around the US, some with the NSA, some against it. But ultimately it comes down to individuals to put in dense overlapping defenses in the digital logic.

Re:Really?

[TechyImmigrant]

Designing and building a 6 layer board, 3 iterations to get right, using your own time is 10-30 grand, depending on the components and manufacturer fees. Any board of takes 6 months. It just does. String together all the things to do for a manufacturable board and it takes 6 months.

Doing a one off, for your own amusement, or a PoC, I managed that in 2 very long days once.

Re:Really?

[NoMaster]

Why is custom hardware needed?

It's not. The off-the-shelf hardware they chose, combined with off-the-shelf software they chose, was quite capable of doing what he said it would.

The problem was he lied when he said it was custom hardware developed through a series of different iterations. It wasn't - it was as off-the-shelf as you can get, with only a "would you like fries with that?" ROM upgrade from 8meg to 16meg, and a lack of USB port - to differentiate it from the Alibaba $20 special. Right down to the case, which he also claimed was custom-designed by him...

(Hell, after people showed him pictures of an identical board in an identical case being sold there, he popped up saying the USB port was a 'fantastic idea' and that he'd now decided to include one too...)

The images of the hardware and development process used on the Kickstarter page? Again, deceptive - the picture of his 'custom-made' case was lifted from Alibaba and the original logo (badly) photoshopped out; images labelled as showing how ongoing development had shrunk the size of the hardware showed exactly the same photo (copied from elsewhere too) of exactly the same board simply resized to make it appear as though it was smaller , etc, etc.

Software? Very similar story. His 'custom-made code' consisted simply of a bunch of rules; the

The issue was never that he was taking a $20 box, installing Linux, and asking $50 for it. That's just capitalism. The issue was that he misrepresented what he was doing as original hardware and software development, lied blatently about it, and then when caught out doubling-down on the lies .

His Reddit AMA is a good overview of the whole thing.

Re:Really?

[wierd_w]

openwrt + debian chroot + tor linux package == wireless router that simply puts everything through tor, transparently.

one could dispense with the debian chroot altogether if they did a well maintained fork of openwrt with well updated packages.

Routers are getting quite powerful these days. while they often lack hardware fpu, that can be somewhat alleviated with softfloat solutions.

keep your traffic under control, and such a box can easily handle the load. (naturally, you need to keep the number of connected devices under control, and keep packet count sane within limits of the weaksauce router's hardware.)

just saying that such an appliance can be made at home right now with old network gear and free software.

enjoy.

Re:Really?

[wierd_w]

The internet was not designed to prevent eavesdropping either.

Hell, ETHERNET was not designed to prevent it!

If you want a technology to prevent eavesdropping, you need to go ground up quantum crypto over optical fiber or something.

Tor is basically security through obscurity anyway. However, it is still more difficult to intercept and piece together than naked, unfiltered traffic, which is what a normal router offers.

Basically, what I am pointing out is that your argument is absurd. TOR was attacked by governments, not from within the TOR network, but by observing the traffic going into and out of its exit nodes. That is because the traffic going in and out was unencumbered at that point, because it has to talk with the regular internet. Coupled with other forensic techniques, the powers that be were able to deduce a great deal about who sent what packets through TOR.

ANY APPLIANCE WOULD SUFFER THIS ISSUE.
THE INTERNET ITSELF DOES NOT PREVENT EAVESDROPPING.

Instead, the best you can do is make the message meaningless to the one who is eavesdropping. That is encryption. Even better if you use encrypted packets with a randomized route. This means that eavesdroppers will only get a few of the packets, and will not have enough data to attack the message contents.

Encryption that is worth a shit requires a beefy FPU. That's why I pointed out that current COTS routers aren't a good fit exactly-- normal packet routing does not require FPU function. However, as data security on the internet becomes more and more a requirement, and less and less of a simple paranoia thing-- (and as cost of manufacture for SoC systems comes down and economies of scale interject into the market for SoCs) then home routers with real hardfloat will emerge. At that time, it really would be possible to have a consumer device in your house that does the data fiddling for you.

Again, your objection is bullshit. Followed to its conclusion, the internet itself shouldnt be used at all.

Re:Really?

Tor provides anonymity. Tor hides your location. ANYONE can setup a Tor exit node and monitor / log packets. The exit node is a stranger to you. There is no reason to trust whoever sets up an exit node, this is not security. Tor was not designed to secure data but hide its origin. Funneling general web browsing, banking etc by default through a tor device seems like an absolutely stupid idea. Hence, relying on tor this way is makes no sense. This does not mean one must give up on the internet, but it's obvious you like to hear yourself - even when I read it I learn nothing new.

Re:Really?

I don't really care that they used custom hardware IF they had said so. They didn't. They lied and said that they had completely created the thing from scratch and that it was 100% open source. THAT is the problem.

Re:Really?

[wierd_w]

Love the ad hominem. I guess you wouldn't be a slashdot AC without using one. I especially loved how you believe that I dont understand what TOR does (and that the only purpose of other peoples posts are to increase your own, personal knowledge base), or what its limitations are. Next up, you will complain about my spelling and grammar. You neednt bother though; I will spare you the expense, and admit openly that both are poor. I dont care. :P (See how I flagrantly fail to use apostrophes! Oh the humanity! Clearly I dont have a fucking clue because I cant use an apostrophe, even though I clearly do by pointing this out! OH NO!)

However, your scope of use-case is not very broad. You are assuming a person wants an easy tor node to hide all that home traffic (bank account logins, et-al), rather than for other purposes that one would want a tor node for. Say for instance, political speech, anonymizing a server that is black boxed (you can't change the software on), etc. I never said that this box needed to be the gatekeeper to the ISP. It just needs to be the gatekeeper for a TORed subnet.

Granted, there would be some added utility to the tor community at large to have so much benign traffic passing through their obfuscation network, because it would add hay to the haystack (making finding the needles harder) but it would also make the already poorly performing TOR network even more burdened, and it would in general destroy network performance, in addition to exposing lots of people to a very huge Man in the Middle.

Tor can basically be used like a vpn without a specific endpoint. This means it would be useful for people in oppressive regimes that want to send real information, free from the censors. Having a single device to configure in one's kit would be handy; especially something easily transportable, like a portable hotspot, or a router. (Just use it like a bridge instead; openwrt will let you do this. Show up at the hotel/library/Burgerking/$hotspot, use the 'free' wifi, send fully tor'd up political speech all you want.) A PORTABLE tor node that can latch onto public open networks would be quite handy, and I can definitely see a use for it.

The implication that this was for "All the interwebz!" was entirely your own fabrication, and I am hereby officially calling you out on that strawman.

Re:Really?

too long not reading. goodnight.

Re:Really?

[davester666]

"The issue was that he misrepresented what he was doing as original hardware and software development, lied blatently about it, and then when caught out doubling-down on the lies ."

That's just being a capitalist salesman.

Re:Really?

[rvw]

Why is custom hardware needed? Im just curious. There seem to be plenty of cheap ($100) SOC boards out there with ethernet ports. You only need one to route. Not sure what sort of hardware performance requirements the encryption and tunneling software would require, but surely one can be built for much less than $7500. Even a desktop with a bunch of 4x1GB port PCIe cards wouldn't cost a grand... its a desktop I know, but still....

How about the Alix APU1D4 combined with Pfsense and encrypted harddisk.

Re: Really?

Yeah, right. We all know you read every word, and simply cannot handle being pwned. And your response puts the "Coward" in "Anonymous Coward".

Are people still going to buy this thing?

[krkhan]

Sure, the Kickstarter is canceled but the makers have continued their marketing campaign. From the official website:

Looks like the Kickstarter is over. The device will be for sale soon directly through this website though, so check back soon. Sign up for our mailing list to be notified as soon as its [sic] available.

It'll be interesting to see how the general public's trust pans out over this thing. Do they take Kickstarter's cancellation as a red flag or are they so desperate for a easily-configurable Tor router that they'll pay whoever they can for it. Even if that means trusting these assholes vs. their ISPs.

Re:Are people still going to buy this thing?

[sexconker]

It'll be interesting to see how the general public's trust pans out over this thing. Do they take Kickstarter's cancellation as a red flag or are they so desperate for a easily-configurable Tor router that they'll pay whoever they can for it. Even if that means trusting these assholes vs. their ISPs.

Neither - their interest was enough to get them click on the button on the Kickstarter they were linked to, but their interest is not enough to get them to go to some other site, fill out payment info, and hope for the best.

Kickstarter works because:
There's a single site with tons of people on it who would otherwise never visit yourrandomproject.com or thatotherproject.org .
It's a single click to pledge your cash for a specific reward.
Backers know that they have the option to cancel their pledge at the 11th hour. This safety encourage people to pledge when they're only slightly interested, and limited rewards encourages them to do it early, generating hype.

There's a reason the vast majority of Kickstarters are extremely front-loaded - people don't want to be left out of the next big thing. I would see more value in the Kickstarter model, and trust it more, if projects were posted before funding opened. This would allow for comments, questions, and updates before the bandwagon gets rolling. Then a limited funding period (7-10 days?) would commence where people could fund the thing. Right now everything is driven by hype and impulse. This is, of course, what project creators and Kickstarter itself want, so it's not going to change.

Re:Are people still going to buy this thing?

[BarbaraHudson]

Anyone searching for them by the term "anonabox" is going to come across a LOT of negative stories on the first page of results.

Anyone searching for "tor router" is going to see competing products + negative stories about anonabox.

In short, "It's dead, Jim!"

Re:Are people still going to buy this thing?

> but their interest is not enough to get them to go to some other site, fill out payment info, and hope for the best.

Speak for yourself. I want that box. I could buy it from Alibaba; model no. WT3020A. However, If I can pay $30 extra for somebody to give it enough RAM, install the software I need, then that's fine too. I'll take two.

Hungry in Italics, Fuck Kickstarter

[sexconker]

I'm not hungry for "easy-to-use technology that encrypts and anonymizes all personal internet traffic", nor am I hungry for it.

If you want to encrypt traffic then set up secure keys (OFFLINE) with the hosts you wish to communicate with. Use whatever you want for keys - certificates (NOT FROM THE ESTABLISHED CERTIFICATE AUTHORITIES), passwords, RSA clocks, OTPs, or scans of your genitals.

If you want to anonymize your traffic, then use someone else's connection, changing your MAC every time you do so. Try to use multiple different connections in different locations. Try to use locations away from your house. Do not travel to said locations in a way that can easily be tracked (your cell phone, your car, etc.).

Tor, proxies, certs from the established authorities, etc. are nothing but annoying obfuscation to the NSA and similar entities. There is no easy way to be secure and there never will be. Unless you have physical control over the entire pipe, you cannot trust the connection. End of story.

Beyond that, fuck Kickstarter. I haven't seen a useful one yet.

Re:Hungry in Italics, Fuck Kickstarter

[houstonbofh]

If you want to anonymize your traffic, then use someone else's connection, changing your MAC every time you do so. Try to use multiple different connections in different locations. Try to use locations away from your house. Do not travel to said locations in a way that can easily be tracked (your cell phone, your car, etc.).

You solution is difficult, and not always needed. Sometimes you do not need perfect security, just enough to stop casual eavesdropping. TOR does this. And does it better that the current baseline, the laughably insecure SSL.

Re:Hungry in Italics, Fuck Kickstarter

And the theoretical point was - that this satisfied a *need* for a good-enough product. People who are knowledgeable in security and cryptography know there are better solutions. But not everyone needs a 100% solution. Do you not understand the law of diminishing returns? The additional effort/cost/time in that additional level of security is not cost-effective for most people/most traffic, and this plug&play device would provide far more benefit to those who do not have that expertise. But increasing the total volume of Tor traffic and especially Tor exit nodes benefits everyone, and makes eavesdropping on it incrementally harder.

Re:Hungry in Italics, Fuck Kickstarter

Tor does not and was not designed to prevent ease dropping.

Re:Hungry in Italics, Fuck Kickstarter

[houstonbofh]

Tor does not and was not designed to prevent ease dropping.

But it sure prevents finding the person to eavesdrop... So, again, good enough.

Re:Hungry in Italics, Fuck Kickstarter

So you route all your traffic through an exit node, which anyone can setup in order to monitor / store all packets going out. Instead of encrypting through a tunnel you control you let a stranger handle it? This is no solution in my opinion.

Re:Hungry in Italics, Fuck Kickstarter

The whole concept of encryption is that you can't trust the pipe, therefore run an encrypted tunnel through it.

Re:Hungry in Italics, Fuck Kickstarter

If you pwn enough of the nodes on the Tor network, you can effectively know (somewhat reliably) which IPs are requesting what.

Re:Hungry in Italics, Fuck Kickstarter

[CountBrass]

Not if the content of the traffic gives that away anyway.

And Tor concentrates all your traffic which makes some types of attack easier.

Re:Hungry in Italics, Fuck Kickstarter

> ease dropping

Idiot.

Re:Hungry in Italics, Fuck Kickstarter

I'm truly sorry, it was my smartphone autocorrect and I didn't notice. I'm so sorry I offended your intellect. I should feel so bad. I'm truly sorry. Please, again. Forgive me. May god have mercy on my soul.

SlashDot Is Watching You

[Evan+Langlois]

16 Companies Tracking This Page

How bad are people tracking you? Everytime you see a facebook, twitter, or other social media button, a like button, or whatever, that image is tracking you. I'm showing 16 different companies tracking slashdot from google analytics to facebook and twitter to places like taboola and others - some running scripts, some setting cookies. Don't know if any are using web bugs as I haven't checked to see what methods they all use, but this is what keeps slashdot running.

The problem is that every site is doing this. People are no longer customers, but you are now a PRODUCT. People are selling YOU. This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.

Re:SlashDot Is Watching You

[Ralph+Wiggam]

This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.

The internet was designed to be a way for DARPA contractors to share data without having to mail giant tape spools to each other. "We" didn't get involved until a couple decades later.

Re:SlashDot Is Watching You

[SeaFox]

Are you sure that's sixteen separate companies?

Disconnect is showing 16 counters for me too.
  - 12 content-related requests from Google
  - 3 Google social-related requests
  - One analytics request from ComScore

Looks like two companies to me.

Re:SlashDot Is Watching You

Do you really believe that paywalled sites do not track their paying customers?

Re:SlashDot Is Watching You

Nonsense, you are a product. You've never been a customer or a person, always a product.
A product of the gears of government, churning out industry, more products, services and trade.

You are a number in a filing cabinet that holds thousands of records on you through your entire lifetime.

The only way to get away from this tracking is to "die", or leave society.
And even that is barely escaping given the future of spy satellites that will be scanning the ground constantly rather than the present ones that only scan areas directed at by an operator.
Problem is they'd need to move fast, or have loads more cameras moving slower, just to be able to cover the surface it is scanning.
You'll also need to have a whole bunch of them to get around certain angles with tall buildings.
Pretty soon, you'll not even be able to escape mugging someone because they will literally trace your entire movements from the sky by hitting the rewind button.
CCTV will be like a funny joke.
Well, there are probably some ways you could confuse the hell out of them, but it would require some organization and still likely going to get caught anyway, so the ability to lie. Will this be good in terms of safety? To an extent, but people will still freak the fuck out because they know there is a camera up there watching their every single move, even if they are never ever followed unless they specifically done something wrong.
But there lies the argument against the entire thing too.

Some level of tracking is necessary for society to function.
Without it, most people alive today wouldn't have been given a chance to live, society would be considerably more costly since you would need to carry all your own information with you at all times, from medical information to dental. Every single thing.
My medical record is thicker than my fist. An average persons housing records are about half as thick as that. Government level financial tracking considerably thicker than that. So many others.
It would be insane. Just imagine the situation where you ended up in hospital and they had no records on you. How will they know who you are? How will they know if you have allergies? How will they know you have a pacemaker? Seizures?
Society would grind to a halt. We'd literally be back in the stone age with "tribal" level societies in modern cities.

Regardless, one thing I would be for is a 100% completely transparent society for every single person.
Absolutely no less than 100% though. Anything less is abusive beyond what is necessary for a functioning society at a reasonable level. (like above)
Sadly what is considered necessary is increasing more and more each decade. Soon enough, spying will be 100% necessary until we end up full-on cyberwars, the internet getting segregated, eventually dissolved, trade failing, actual full-on wars, collapse of society and probably nuclear end for most.
I do fear for the future. I'd likely be dead by then, but still.

Re:SlashDot Is Watching You

they are tracking you.
i blocked them all at the hosts file years ago.

Re:SlashDot Is Watching You

Ghostery shows me 5 trackers on slashdot (double-click, adwords, analytics, janrain, zedo). Disconnect showed me 6. Pretty much all of them were google.

Re:SlashDot Is Watching You

Just like if you pay for your tv channels they are commercial free. How naive do you think we are? As soon as companies are paywalled they will start having excuses of too low readership, so back to tracking and advertising. It is in their blood.

Re:SlashDot Is Watching You

I also have:

zedo.com
linked in
taboola.com
consent.truste.com
rpxnow.com
ooyala.com
twitter
scorecardsearch

Re:SlashDot Is Watching You

Why would you even trust Disconnect ?
It is just meta-phone-home.

Re:SlashDot Is Watching You

[SeaFox]

I believe you're thinking of Ghostery, actually.
And that's if you have the Ghostrank feature turned on, which helps the makers financially, but it is disabled by default.

Re:SlashDot Is Watching You

[SeaFox]

I have Adblock Plus set to block social stuff, too. Maybe it's filtering some stuff before Disconnect gets it.

Re:SlashDot Is Watching You

[rocket+rancher]

16 Companies Tracking This Page

This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.

wtf...? Dude, the internet was designed to allow American nuclear weapons research facilities (both private and governmental) to distribute their data so that they could survive a Soviet first-strike and continue to develop weapons. This was back in the early 1970's, and it was called DARPANet, after the US government think tank that funded its development, the Defense Advanced Research Project Agency. Seriously, it wasn't until the late 1980's and early 1990's that "the outpost of freedom" you are talking about began to take shape. Ironically, it wasn't on DARPANet that the whole subversive aspect of anonymous information exchange got governments noticing computer networks. It was the crude dial-up serial connections between PC hobbyists and their bulletin board networks. But it didn't take long for US government-funded researchers to scale up the hobbyists' point-to-point protocols with a couple of powerful tools that made distributed applications way easier to write -- network news transport protocol and unix-to-unix encoding - culminating in a store-and-forward distributed database nicknamed USENET which hitched a ride on the government-funded DARPANet. Thanks to USENET, developed after the dial-up BBS days but sharing the same spirit of information freedom, did the real power of network anonymity begin to manifest. This power was suddenly available to anybody who actually paid attention in their undergraduate CS courses. By the end of the 1990's HTML pretty much took over for NNTP and UUencoding, and the power of anonymity was available to anybody, not just engineers, scientists, and geek hobbyists. Look up Endless September for what happens when millions of middle-class American morons obtain cheap and easy access to a planetary information network -- that is what happened to your outpost of freedom -- people noticed it and turned it into a cesspool.

Re:SlashDot Is Watching You

[Evan+Langlois]

Funny - you start by saying that the government designed the internet, and then turn around an contradict yourself and say that the Internet that we know started taking shape from Usenet and hobbyist BBS users. I know. I was there. Long live my 300bps modem and 110bps acoustic coupler!

Yes, the networks merged, hence the name Internet. The .coms watching what you do so they can sell to you more efficiently is all brand new.

A-Oh-Hell users flooding the system is just re-inforcing my point. AOL is one of the problems. Hell, people freak out when you use standard reply syntax instead of putting your whole message at the top and 20 layers of quoting at the bottom.

But, banning all AOL IP Addresses was pretty back then. I don't have a problem with it. I have tons of IPs blocked on my firewall (real firewall, not some stupid Windows program) to prevent web-bugs and other listening devices. And I have a plethora of plugins that prevent such things from escaping the browser in the first place.

frosty

[Hognoxious]

Anonabox began with a modest goal of $7,500, but quickly reached its goal 82 times over. Then funders and interested parties began to scrutinize the project's claims

Way hod. I think I've spotted the problem.

Annonymize funding

Nice to annonymize purchases on a site and then show a sold out or success tag

Use the Filter...

[pubwvj]

You still have a filter in your brain that lets you not buy stuff. Use it, lukite.

THIS THING NOT EVEN NEEDED

There was no reason for the Anonabox anyway, it already exists. Why did they get so much on kickstarter?
https://pogoplug.com/safeplug
and it was even featured on slashdot last year
http://yro-beta.slashdot.org/story/13/11/22/1929234/tor-now-comes-in-a-box

No shortage of scam products....

[Kazoo+the+Clown]

Since a Kickstarter project doesn't usually have the benefit of a reputation, they're ripe for scam artists and huckster/hype factories. Then again, that HAS actually established a reputation. For Kickstarter/Indiegogo/etc. projects in general. Even ones that do what they say they're going to do can boil down to overhyped junk. Take the Om One, Leap Motion, or Midi PUC for example. They do what they say they can do. But it's like, so what, what they say they can do turns out to be pretty lame, it's just their marketing made it seem like something really hot.

"The public is hungry"?

How do you figure?

8,000 people funded it, roughly. That's a pretty fucking small segment of "the public." In fact, it's more like a small niche of people that's hungry for this. If this were something "The Public" were hungry for, it would already exist, because somebody would have realized they could make millions selling something that the public wanted, and nobody was supplying.

But you know, tell yourself whatever stories help you sleep at night.

Not sure what the fuss is about.

Not sure why people were mad about the hardware in this whole ordeal. Who gives a shit if it looks like something else or he used stock photos?

This device was never ever going to be anything but the cheapest and most practical router SoC they could get their hands on. The things are made in china by the millions and cost less than a buck. Add a little flash and two ethernet jacks and some supporting hardware and you're done. Fuck, there are literally dozens of two port micro routers that are literally this I can go buy on amazon right now. AND they have wifi. Some are even USB powered.

Realistically, they were just going to take an existing micro router reference deisgn and load custom firmware on it. Your typical router SoC has more than enough power to run a tor node.

What would make this project special would be the software stack. Making a tor node that easy to use and still be truly secure would be something of a challenge. Would it really be possible to make an idiot proof automagic tor node that intercepts and redirects traffic?

Re: Not sure what the fuss is about.

Except for one thing, the target audience.

Your $1 Chinese router SoC has a back door for the Chinese, the NSA, and probably the Russians too.

If it's not developed custom from scratch, it's probably compromised, or close enough to it to be non commercially viable as a tor router.

Re:Not sure what the fuss is about.

[vadim_t]

The problems are:

1. He said it was 100% open source ("The anonabox is an open source embedded networking device designed specifically to run Tor. It's 100% Open Source." on the project's page), and that he was designing the hardware (see the generation 1, 2, etc pics), clearly implying he was developing the hardware.

He clearly lied about that. Is there a problem with a customized small Linux distro running on an existing chinese router? No, there isn't, if you don't lie about it.

2. A quick review proved the software to contain significant security flaws, which makes this guy unsuitable for developing something where security is critical.

I see no problem with buying an off the shelf router with custom firmware from somebody who isn't balantly lying about what I'm paying for, and who actually understands security. This guy isn't either of those things.

Good for Kickstarter, but..

why was this 'project' even necessary?

I understand that they blatantly lied in the description but the fact is, it would have worked just fine since there already *are* off-the-shelf routers that will do this. The only real improvement in this project was the apparently-also-total-bullshit easy GUI and Tor support.

Why can't someone just Kickstart a project to actually, y'know.. make OpenWRT or DD-WRT RELIABLE, CONSISTENT AND USER-FRIENDLY. Adding LuCI to your distro DOES NOT count, it needs to be as consistent as a commercial router. I know that's anathema to neckbeards, but anyone who's honest and has a grain of realism on /. knows this is why Tor, OpenVPN, and any open-source networking project is still dead in the water after 20 years..

Re:Good for Kickstarter, but..

The only people who care about 'open-source hardware' are rabid ideologues like RMS. If you can implement your easy-to-use software on industry-standard commodity hardware - like Broadcom/Atheros/etc ARM-based routers who cares?

'Freedom in the Cloud'

[Wootery]

Reminds me of something Eben Moglen says in one of his Freedom in the Cloud talks:

So what do we need? We need a really good web server that you can put in your pocket and plug in any place. It shouldn't be any larger than the charger for your cellphone. You should be able to plug it into any power jack in the world or sync it up with any wi-fi router that happens to be in this neighborhood ... It should have a couple of USB ports that attach it to things. It should know how to bring itself up; how to start its web server; how to go and collect your stuff from all the social networking places you've got it.

It should know how to send an encrypted backup of everything to your friends' servers. It should know how to micro-blog, It should now how to make some noise that's like tweet but doesn't infringe on anyone's trademark. It should know how to ... be your avatar in a free net that works for you and keeps the logs. You can always tell what's happening in your server and if anybody else wants to know they can get a search warrant.

Re:'Freedom in the Cloud'

[g4sy]

This is doable. There are clearly many people who are willing to shell out $50 for much less. The market is there. We need to get an A-team of open project leaders (Andrew "Bunnie" Huang, the guys at Apertus, probably others I can't think of off the top of my head) and get a community around them to crowd-fund and build such a device. It needs a tipping point of network effect as well.

Sure they do

[Kjella]

People would like a magic box that make them anonymous and secure on the internet while they log into Facebook, just like they want a magic diet pill while they continue to stuff their faces with sugar and fat. Or for a more relevant tech example they'd like a magic oracle to tell them if a website belongs to who they think it belongs to which is why we have CAs as the best approximation. It's never going to work that way, but there's a lot of money in selling snake oil...

Hungry in Italics, Fuck Kickstarter

The NSA can't track people through Tor. It's actually pretty darn effective and does pretty much exactly what you describe.

If you look at cases where tor (or bitcoin) users were caught doing something illegal, you'll see that there is not a single case where they used tor or bitcoin tracking to find the perps. They find them through following the money and old fashioned police work.

hum

Don't get it, whatever happened to the old fashion way where the owners of the company or of the project would either invest their own money or borrow from the bank. Look at Mark Shuttleworth, he has about $500 Million and yet he did not invest $32 Million of his own money into the Ubuntu Phone project but instead went with crowdfunding which failed. Canonical makes about $30+ Million a year and has 500 employees for some reason, they have to be making $30k a year salary.

Google's tax avoidance shells

[tepples]

Perhaps it's counting Google Inc. and almost a dozen of its wholly owned tax avoidance shells as separate companies.

Pay less for a better product.

https://pogoplug.com/safeplug $49.

From a company with some history of delivery (makers of the Pogoplug).

obligatory subject, despite the thread itself

as usual. slashdotters are blind, retarded sheep.

this was shut down because the powers that be don't want this type of technology to become mainstream.

as soon as that corrupt piece of shit tom wheeler makes his bullshit ruling that ruins the internet and people start migrating to TOR, they will shut that down.

drugs/kiddy porn/assassinations/prostitution/torture - whatever. none of that could be on there and they would still shut it the hell down. and will.

you can all go on being stupid little sheep like usual though. i actually enjoy watching it.

Fuck Kickstarter

[Lord+Kano]

I'm never giving money to anything that is funded via that method.

LK

Discredit and destroy

Man, it didn't them long to discredit and destroy this company.

Just because it was off the shelf hardware (and the beta software was incomplete) does not mean that it was a total fail.

I mean there are plenty of arduinos and Rpi's with custom hardware but off the shelf software.

600K question

If nothing else good came out of this we now know that there is a fair amount of demand for something similar. The real question is who is going to step up with the ability to do this correctly and cash in. Not everyone is trying to dodge the NSA, not everyone needs perfect anonymity but think what an influx of that many nodes would do? What would happen if there were another 10,000 nodes (even better if they were bridges and exits) over night?

Someone pick up where old boy left off and clearly state what the project is about and what its limitations are and make a few dollars!

Not surprised

[eneville]

What do you expect when the Washington Redskins come after you.

Glad they were suspended

Yeah they are just trying to make a shitload of money quickly by riding the backs of other folks. Tor, DD-wrt, etc.
News flash people. Buy a raspberry pi, set it up to forward traffic to the tor network. Price... 50 bucks.. 35 for pi, 15 approx. for power cord, sd card, case?... Then visit http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing

set it up get it running and forward traffic to that box....anonymized.

firewalls

There is a lot of talk about security, does Tor hide your browsing etc, but I imagine lots of people, certainly lots of people in UK wanted it for the far less glamorous reason of wanting to get past firewalls, to visit torrent sites etc.

A better option

[mraiser]

Want actual, real, not-made-up security and privacy? Head over to IndieGoGo and help support my company's Newbound Network product. It's real. It exists. It was made in America by real live Americans. And you can try it out for a buck. http://igg.me/at/newbound

Already exists and cheaper from CloudEngine

I'm not sure why anyone would be interested in spending $50 and then WAIT for a device that already exists now for $49 from a reputable company.

https://pogoplug.com/safeplug