Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kickstarter Cancels Anonabox Funding Campaign

Posted by Soulskill on from the almost-before-it-began dept.

An anonymous reader writes: On Friday, the controversy surrounding Anonabox reached its zenith with Kickstarter officially canceling the project's funding campaign. Anonabox began with a modest goal of $7,500, but quickly reached its goal 82 times over. Then funders and interested parties began to scrutinize the project's claims, and that's when the project ran into trouble. From hardware that wasn't actually custom-made to software that didn't actually fulfill promises of privacy-focused routing on the internet, the facts regarding Anonabox proved that it was in blatant violation of Kickstarter's rules against false advertising. This project clearly failed, but if the support it initially garnered is any indication, the public is hungry for easy-to-use technology that encrypts and anonymizes all personal internet traffic.

17 of 76 comments (clear)

  1. Really? by Ralph+Wiggam · · Score: 3, Insightful

    The guys who said they could create custom hardware for 7,500 bucks were full of shit? I am shocked.

    1. Re:Really? by saloomy · · Score: 2

      Why is custom hardware needed? Im just curious. There seem to be plenty of cheap ($100) SOC boards out there with ethernet ports. You only need one to route. Not sure what sort of hardware performance requirements the encryption and tunneling software would require, but surely one can be built for much less than $7500. Even a desktop with a bunch of 4x1GB port PCIe cards wouldn't cost a grand... its a desktop I know, but still....

    2. Re:Really? by Ralph+Wiggam · · Score: 2

      I believe that among this target market there is a belief that any off-the-shelf hardware is going to have NSA back doors in it.

      And you can certainly hand make one unit for less than $7500. But setting up mass production of any consumer electronics product, even one based on stock boards, requires one or two orders of magnitude more money than that.

    3. Re:Really? by TechyImmigrant · · Score: 2

      Designing and building a 6 layer board, 3 iterations to get right, using your own time is 10-30 grand, depending on the components and manufacturer fees. Any board of takes 6 months. It just does. String together all the things to do for a manufacturable board and it takes 6 months.

      Doing a one off, for your own amusement, or a PoC, I managed that in 2 very long days once.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    4. Re:Really? by NoMaster · · Score: 5, Informative

      Why is custom hardware needed?

      It's not. The off-the-shelf hardware they chose, combined with off-the-shelf software they chose, was quite capable of doing what he said it would.

      The problem was he lied when he said it was custom hardware developed through a series of different iterations. It wasn't - it was as off-the-shelf as you can get, with only a "would you like fries with that?" ROM upgrade from 8meg to 16meg, and a lack of USB port - to differentiate it from the Alibaba $20 special. Right down to the case, which he also claimed was custom-designed by him...

      (Hell, after people showed him pictures of an identical board in an identical case being sold there, he popped up saying the USB port was a 'fantastic idea' and that he'd now decided to include one too...)

      The images of the hardware and development process used on the Kickstarter page? Again, deceptive - the picture of his 'custom-made' case was lifted from Alibaba and the original logo (badly) photoshopped out; images labelled as showing how ongoing development had shrunk the size of the hardware showed exactly the same photo (copied from elsewhere too) of exactly the same board simply resized to make it appear as though it was smaller , etc, etc.

      Software? Very similar story. His 'custom-made code' consisted simply of a bunch of rules; the

      The issue was never that he was taking a $20 box, installing Linux, and asking $50 for it. That's just capitalism. The issue was that he misrepresented what he was doing as original hardware and software development, lied blatently about it, and then when caught out doubling-down on the lies .

      His Reddit AMA is a good overview of the whole thing.

      --
      What part of "a well regulated militia" do you not understand?
    5. Re:Really? by wierd_w · · Score: 2

      openwrt + debian chroot + tor linux package == wireless router that simply puts everything through tor, transparently.

      one could dispense with the debian chroot altogether if they did a well maintained fork of openwrt with well updated packages.

      Routers are getting quite powerful these days. while they often lack hardware fpu, that can be somewhat alleviated with softfloat solutions.

      keep your traffic under control, and such a box can easily handle the load. (naturally, you need to keep the number of connected devices under control, and keep packet count sane within limits of the weaksauce router's hardware.)

      just saying that such an appliance can be made at home right now with old network gear and free software.

      enjoy.

    6. Re:Really? by wierd_w · · Score: 3, Insightful

      The internet was not designed to prevent eavesdropping either.

      Hell, ETHERNET was not designed to prevent it!

      If you want a technology to prevent eavesdropping, you need to go ground up quantum crypto over optical fiber or something.

      Tor is basically security through obscurity anyway. However, it is still more difficult to intercept and piece together than naked, unfiltered traffic, which is what a normal router offers.

      Basically, what I am pointing out is that your argument is absurd. TOR was attacked by governments, not from within the TOR network, but by observing the traffic going into and out of its exit nodes. That is because the traffic going in and out was unencumbered at that point, because it has to talk with the regular internet. Coupled with other forensic techniques, the powers that be were able to deduce a great deal about who sent what packets through TOR.

      ANY APPLIANCE WOULD SUFFER THIS ISSUE.
      THE INTERNET ITSELF DOES NOT PREVENT EAVESDROPPING.

      Instead, the best you can do is make the message meaningless to the one who is eavesdropping. That is encryption. Even better if you use encrypted packets with a randomized route. This means that eavesdroppers will only get a few of the packets, and will not have enough data to attack the message contents.

      Encryption that is worth a shit requires a beefy FPU. That's why I pointed out that current COTS routers aren't a good fit exactly-- normal packet routing does not require FPU function. However, as data security on the internet becomes more and more a requirement, and less and less of a simple paranoia thing-- (and as cost of manufacture for SoC systems comes down and economies of scale interject into the market for SoCs) then home routers with real hardfloat will emerge. At that time, it really would be possible to have a consumer device in your house that does the data fiddling for you.

      Again, your objection is bullshit. Followed to its conclusion, the internet itself shouldnt be used at all.

  2. Are people still going to buy this thing? by krkhan · · Score: 2
    Sure, the Kickstarter is canceled but the makers have continued their marketing campaign. From the official website:

    Looks like the Kickstarter is over. The device will be for sale soon directly through this website though, so check back soon. Sign up for our mailing list to be notified as soon as its [sic] available.

    It'll be interesting to see how the general public's trust pans out over this thing. Do they take Kickstarter's cancellation as a red flag or are they so desperate for a easily-configurable Tor router that they'll pay whoever they can for it. Even if that means trusting these assholes vs. their ISPs.

  3. SlashDot Is Watching You by Evan+Langlois · · Score: 3, Insightful
    16 Companies Tracking This Page

    How bad are people tracking you? Everytime you see a facebook, twitter, or other social media button, a like button, or whatever, that image is tracking you. I'm showing 16 different companies tracking slashdot from google analytics to facebook and twitter to places like taboola and others - some running scripts, some setting cookies. Don't know if any are using web bugs as I haven't checked to see what methods they all use, but this is what keeps slashdot running.

    The problem is that every site is doing this. People are no longer customers, but you are now a PRODUCT. People are selling YOU. This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.

    1. Re:SlashDot Is Watching You by Ralph+Wiggam · · Score: 2

      This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.

      The internet was designed to be a way for DARPA contractors to share data without having to mail giant tape spools to each other. "We" didn't get involved until a couple decades later.

    2. Re:SlashDot Is Watching You by SeaFox · · Score: 2, Informative

      Are you sure that's sixteen separate companies?

      Disconnect is showing 16 counters for me too.
        - 12 content-related requests from Google
        - 3 Google social-related requests
        - One analytics request from ComScore

      Looks like two companies to me.

  4. Re:Hungry in Italics, Fuck Kickstarter by houstonbofh · · Score: 2

    If you want to anonymize your traffic, then use someone else's connection, changing your MAC every time you do so. Try to use multiple different connections in different locations. Try to use locations away from your house. Do not travel to said locations in a way that can easily be tracked (your cell phone, your car, etc.).

    You solution is difficult, and not always needed. Sometimes you do not need perfect security, just enough to stop casual eavesdropping. TOR does this. And does it better that the current baseline, the laughably insecure SSL.

  5. THIS THING NOT EVEN NEEDED by Anonymous Coward · · Score: 2, Informative

    There was no reason for the Anonabox anyway, it already exists. Why did they get so much on kickstarter?
    https://pogoplug.com/safeplug
    and it was even featured on slashdot last year
    http://yro-beta.slashdot.org/story/13/11/22/1929234/tor-now-comes-in-a-box

  6. Not sure what the fuss is about. by Anonymous Coward · · Score: 3, Insightful

    Not sure why people were mad about the hardware in this whole ordeal. Who gives a shit if it looks like something else or he used stock photos?

    This device was never ever going to be anything but the cheapest and most practical router SoC they could get their hands on. The things are made in china by the millions and cost less than a buck. Add a little flash and two ethernet jacks and some supporting hardware and you're done. Fuck, there are literally dozens of two port micro routers that are literally this I can go buy on amazon right now. AND they have wifi. Some are even USB powered.

    Realistically, they were just going to take an existing micro router reference deisgn and load custom firmware on it. Your typical router SoC has more than enough power to run a tor node.

    What would make this project special would be the software stack. Making a tor node that easy to use and still be truly secure would be something of a challenge. Would it really be possible to make an idiot proof automagic tor node that intercepts and redirects traffic?

    1. Re:Not sure what the fuss is about. by vadim_t · · Score: 2

      The problems are:

      1. He said it was 100% open source ("The anonabox is an open source embedded networking device designed specifically to run Tor. It's 100% Open Source." on the project's page), and that he was designing the hardware (see the generation 1, 2, etc pics), clearly implying he was developing the hardware.

      He clearly lied about that. Is there a problem with a customized small Linux distro running on an existing chinese router? No, there isn't, if you don't lie about it.

      2. A quick review proved the software to contain significant security flaws, which makes this guy unsuitable for developing something where security is critical.

      I see no problem with buying an off the shelf router with custom firmware from somebody who isn't balantly lying about what I'm paying for, and who actually understands security. This guy isn't either of those things.

  7. 'Freedom in the Cloud' by Wootery · · Score: 4, Interesting

    Reminds me of something Eben Moglen says in one of his Freedom in the Cloud talks:

    So what do we need? We need a really good web server that you can put in your pocket and plug in any place. It shouldn't be any larger than the charger for your cellphone. You should be able to plug it into any power jack in the world or sync it up with any wi-fi router that happens to be in this neighborhood ... It should have a couple of USB ports that attach it to things. It should know how to bring itself up; how to start its web server; how to go and collect your stuff from all the social networking places you've got it.

    It should know how to send an encrypted backup of everything to your friends' servers. It should know how to micro-blog, It should now how to make some noise that's like tweet but doesn't infringe on anyone's trademark. It should know how to ... be your avatar in a free net that works for you and keeps the logs. You can always tell what's happening in your server and if anybody else wants to know they can get a search warrant.

  8. Sure they do by Kjella · · Score: 5, Insightful

    People would like a magic box that make them anonymous and secure on the internet while they log into Facebook, just like they want a magic diet pill while they continue to stuff their faces with sugar and fat. Or for a more relevant tech example they'd like a magic oracle to tell them if a website belongs to who they think it belongs to which is why we have CAs as the best approximation. It's never going to work that way, but there's a lot of money in selling snake oil...

    --
    Live today, because you never know what tomorrow brings