Kickstarter Cancels Anonabox Funding Campaign 76
An anonymous reader writes: On Friday, the controversy surrounding Anonabox reached its zenith with Kickstarter officially canceling the project's funding campaign. Anonabox began with a modest goal of $7,500, but quickly reached its goal 82 times over. Then funders and interested parties began to scrutinize the project's claims, and that's when the project ran into trouble. From hardware that wasn't actually custom-made to software that didn't actually fulfill promises of privacy-focused routing on the internet, the facts regarding Anonabox proved that it was in blatant violation of Kickstarter's rules against false advertising. This project clearly failed, but if the support it initially garnered is any indication, the public is hungry for easy-to-use technology that encrypts and anonymizes all personal internet traffic.
Really? (Score:4, Insightful)
The guys who said they could create custom hardware for 7,500 bucks were full of shit? I am shocked.
Re: (Score:3)
Re: (Score:2)
Hardware backdoors. See Huawei.
Re: (Score:3)
I believe that among this target market there is a belief that any off-the-shelf hardware is going to have NSA back doors in it.
And you can certainly hand make one unit for less than $7500. But setting up mass production of any consumer electronics product, even one based on stock boards, requires one or two orders of magnitude more money than that.
Re: (Score:1)
>> surely one can be built for much less than $7500. Even a desktop with a bunch of 4x1GB port PCIe cards wouldn't cost a grand
Do you not understand the concept of prototyping? (apparently neither did the Anonabox founders)
The $7500 goal they set was (supposedly) to DESIGN and create MULTIPLE prototype revisions of a custom board. Building one circuit board yourself doesn't cost $7500, but paying an actual EE and fab to design and build a small production run of boards to test your software, the rel
Re: (Score:3)
Designing and building a 6 layer board, 3 iterations to get right, using your own time is 10-30 grand, depending on the components and manufacturer fees. Any board of takes 6 months. It just does. String together all the things to do for a manufacturable board and it takes 6 months.
Doing a one off, for your own amusement, or a PoC, I managed that in 2 very long days once.
Re:Really? (Score:5, Informative)
It's not. The off-the-shelf hardware they chose, combined with off-the-shelf software they chose, was quite capable of doing what he said it would.
The problem was he lied when he said it was custom hardware developed through a series of different iterations. It wasn't - it was as off-the-shelf as you can get, with only a "would you like fries with that?" ROM upgrade from 8meg to 16meg, and a lack of USB port - to differentiate it from the Alibaba $20 special. Right down to the case, which he also claimed was custom-designed by him...
(Hell, after people showed him pictures of an identical board in an identical case being sold there, he popped up saying the USB port was a 'fantastic idea' and that he'd now decided to include one too...)
The images of the hardware and development process used on the Kickstarter page? Again, deceptive - the picture of his 'custom-made' case was lifted from Alibaba and the original logo (badly) photoshopped out; images labelled as showing how ongoing development had shrunk the size of the hardware showed exactly the same photo (copied from elsewhere too) of exactly the same board simply resized to make it appear as though it was smaller , etc, etc.
Software? Very similar story. His 'custom-made code' consisted simply of a bunch of rules; the
The issue was never that he was taking a $20 box, installing Linux, and asking $50 for it. That's just capitalism. The issue was that he misrepresented what he was doing as original hardware and software development, lied blatently about it, and then when caught out doubling-down on the lies .
His Reddit AMA is a good overview of the whole thing. [reddit.com]
Re: (Score:1)
"The issue was that he misrepresented what he was doing as original hardware and software development, lied blatently about it, and then when caught out doubling-down on the lies ."
That's just being a capitalist salesman.
Re: (Score:3)
openwrt + debian chroot + tor linux package == wireless router that simply puts everything through tor, transparently.
one could dispense with the debian chroot altogether if they did a well maintained fork of openwrt with well updated packages.
Routers are getting quite powerful these days. while they often lack hardware fpu, that can be somewhat alleviated with softfloat solutions.
keep your traffic under control, and such a box can easily handle the load. (naturally, you need to keep the number of connected
Re:Really? (Score:4, Insightful)
The internet was not designed to prevent eavesdropping either.
Hell, ETHERNET was not designed to prevent it!
If you want a technology to prevent eavesdropping, you need to go ground up quantum crypto over optical fiber or something.
Tor is basically security through obscurity anyway. However, it is still more difficult to intercept and piece together than naked, unfiltered traffic, which is what a normal router offers.
Basically, what I am pointing out is that your argument is absurd. TOR was attacked by governments, not from within the TOR network, but by observing the traffic going into and out of its exit nodes. That is because the traffic going in and out was unencumbered at that point, because it has to talk with the regular internet. Coupled with other forensic techniques, the powers that be were able to deduce a great deal about who sent what packets through TOR.
ANY APPLIANCE WOULD SUFFER THIS ISSUE.
THE INTERNET ITSELF DOES NOT PREVENT EAVESDROPPING.
Instead, the best you can do is make the message meaningless to the one who is eavesdropping. That is encryption. Even better if you use encrypted packets with a randomized route. This means that eavesdroppers will only get a few of the packets, and will not have enough data to attack the message contents.
Encryption that is worth a shit requires a beefy FPU. That's why I pointed out that current COTS routers aren't a good fit exactly-- normal packet routing does not require FPU function. However, as data security on the internet becomes more and more a requirement, and less and less of a simple paranoia thing-- (and as cost of manufacture for SoC systems comes down and economies of scale interject into the market for SoCs) then home routers with real hardfloat will emerge. At that time, it really would be possible to have a consumer device in your house that does the data fiddling for you.
Again, your objection is bullshit. Followed to its conclusion, the internet itself shouldnt be used at all.
Re: (Score:1)
Tor provides anonymity. Tor hides your location. ANYONE can setup a Tor exit node and monitor / log packets. The exit node is a stranger to you. There is no reason to trust whoever sets up an exit node, this is not security. Tor was not designed to secure data but hide its origin. Funneling general web browsing, banking etc by default through a tor device seems like an absolutely stupid idea. Hence, relying on tor this way is makes no sense. This does not mean one must give up on the internet, but it's obv
Re: (Score:2)
Love the ad hominem. I guess you wouldn't be a slashdot AC without using one. I especially loved how you believe that I dont understand what TOR does (and that the only purpose of other peoples posts are to increase your own, personal knowledge base), or what its limitations are. Next up, you will complain about my spelling and grammar. You neednt bother though; I will spare you the expense, and admit openly that both are poor. I dont care. :P (See how I flagrantly fail to use apostrophes! Oh the humanity!
Re: (Score:2)
Why is custom hardware needed? Im just curious. There seem to be plenty of cheap ($100) SOC boards out there with ethernet ports. You only need one to route. Not sure what sort of hardware performance requirements the encryption and tunneling software would require, but surely one can be built for much less than $7500. Even a desktop with a bunch of 4x1GB port PCIe cards wouldn't cost a grand... its a desktop I know, but still....
How about the Alix APU1D4 [pcengines.ch] combined with Pfsense and encrypted harddisk.
Are people still going to buy this thing? (Score:3)
It'll be interesting to see how the general public's trust pans out over this thing. Do they take Kickstarter's cancellation as a red flag or are they so desperate for a easily-configurable Tor router that they'll pay whoever they can for it. Even if that means trusting these assholes vs. their ISPs.
Re: (Score:2)
It'll be interesting to see how the general public's trust pans out over this thing. Do they take Kickstarter's cancellation as a red flag or are they so desperate for a easily-configurable Tor router that they'll pay whoever they can for it. Even if that means trusting these assholes vs. their ISPs.
Neither - their interest was enough to get them click on the button on the Kickstarter they were linked to, but their interest is not enough to get them to go to some other site, fill out payment info, and hope for the best.
Kickstarter works because: .
There's a single site with tons of people on it who would otherwise never visit yourrandomproject.com or thatotherproject.org
It's a single click to pledge your cash for a specific reward.
Backers know that they have the option to cancel their pledge at the 11th
Re: (Score:2)
Anyone searching for "tor router" is going to see competing products + negative stories about anonabox.
In short, "It's dead, Jim!"
Hungry in Italics, Fuck Kickstarter (Score:2)
I'm not hungry for "easy-to-use technology that encrypts and anonymizes all personal internet traffic", nor am I hungry for it.
If you want to encrypt traffic then set up secure keys (OFFLINE) with the hosts you wish to communicate with. Use whatever you want for keys - certificates (NOT FROM THE ESTABLISHED CERTIFICATE AUTHORITIES), passwords, RSA clocks, OTPs, or scans of your genitals.
If you want to anonymize your traffic, then use someone else's connection, changing your MAC every time you do so. Try t
Re: (Score:3)
If you want to anonymize your traffic, then use someone else's connection, changing your MAC every time you do so. Try to use multiple different connections in different locations. Try to use locations away from your house. Do not travel to said locations in a way that can easily be tracked (your cell phone, your car, etc.).
You solution is difficult, and not always needed. Sometimes you do not need perfect security, just enough to stop casual eavesdropping. TOR does this. And does it better that the current baseline, the laughably insecure SSL.
Re: (Score:2)
Tor does not and was not designed to prevent ease dropping.
But it sure prevents finding the person to eavesdrop... So, again, good enough.
Re: (Score:2)
Not if the content of the traffic gives that away anyway.
And Tor concentrates all your traffic which makes some types of attack easier.
SlashDot Is Watching You (Score:3, Insightful)
How bad are people tracking you? Everytime you see a facebook, twitter, or other social media button, a like button, or whatever, that image is tracking you. I'm showing 16 different companies tracking slashdot from google analytics to facebook and twitter to places like taboola and others - some running scripts, some setting cookies. Don't know if any are using web bugs as I haven't checked to see what methods they all use, but this is what keeps slashdot running.
The problem is that every site is doing this. People are no longer customers, but you are now a PRODUCT. People are selling YOU. This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.
Re: (Score:3)
This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.
The internet was designed to be a way for DARPA contractors to share data without having to mail giant tape spools to each other. "We" didn't get involved until a couple decades later.
Re: (Score:3, Informative)
Are you sure that's sixteen separate companies?
Disconnect is showing 16 counters for me too.
- 12 content-related requests from Google
- 3 Google social-related requests
- One analytics request from ComScore
Looks like two companies to me.
Google's tax avoidance shells (Score:2)
Re: (Score:2)
I have Adblock Plus set to block social stuff, too. Maybe it's filtering some stuff before Disconnect gets it.
Re: (Score:2)
I believe you're thinking of Ghostery, actually.
And that's if you have the Ghostrank feature turned on, which helps the makers financially, but it is disabled by default.
Re: (Score:2)
16 Companies Tracking This Page
This isn't what the Internet was designed to be, its not the outpost of freedom we wanted. I am trully disappointed.
wtf...? Dude, the internet was designed to allow American nuclear weapons research facilities (both private and governmental) to distribute their data so that they could survive a Soviet first-strike and continue to develop weapons. This was back in the early 1970's, and it was called DARPANet, after the US government think tank that funded its development, the Defense Advanced Research Project Agency. Seriously, it wasn't until the late 1980's and early 1990's that "the outpost of freedom" you are talkin
Re: (Score:1)
Yes, the networks merged, hence the name Internet. The .coms watching what you do so they can sell to you more efficiently is all brand new.
A-Oh-Hell users flooding the system is just re-inforcing my point. AOL is one
frosty (Score:2)
Way hod. I think I've spotted the problem.
Use the Filter... (Score:2)
You still have a filter in your brain that lets you not buy stuff. Use it, lukite.
THIS THING NOT EVEN NEEDED (Score:2, Informative)
There was no reason for the Anonabox anyway, it already exists. Why did they get so much on kickstarter?
https://pogoplug.com/safeplug
and it was even featured on slashdot last year
http://yro-beta.slashdot.org/story/13/11/22/1929234/tor-now-comes-in-a-box
No shortage of scam products.... (Score:2)
Not sure what the fuss is about. (Score:3, Insightful)
Not sure why people were mad about the hardware in this whole ordeal. Who gives a shit if it looks like something else or he used stock photos?
This device was never ever going to be anything but the cheapest and most practical router SoC they could get their hands on. The things are made in china by the millions and cost less than a buck. Add a little flash and two ethernet jacks and some supporting hardware and you're done. Fuck, there are literally dozens of two port micro routers that are literally this I can go buy on amazon right now. AND they have wifi. Some are even USB powered.
Realistically, they were just going to take an existing micro router reference deisgn and load custom firmware on it. Your typical router SoC has more than enough power to run a tor node.
What would make this project special would be the software stack. Making a tor node that easy to use and still be truly secure would be something of a challenge. Would it really be possible to make an idiot proof automagic tor node that intercepts and redirects traffic?
Re: (Score:3)
The problems are:
1. He said it was 100% open source ("The anonabox is an open source embedded networking device designed specifically to run Tor. It's 100% Open Source." on the project's page), and that he was designing the hardware (see the generation 1, 2, etc pics), clearly implying he was developing the hardware.
He clearly lied about that. Is there a problem with a customized small Linux distro running on an existing chinese router? No, there isn't, if you don't lie about it.
2. A quick review proved the
'Freedom in the Cloud' (Score:5, Interesting)
Reminds me of something Eben Moglen says in one of his Freedom in the Cloud talks [softwarefreedom.org]:
So what do we need? We need a really good web server that you can put in your pocket and plug in any place. It shouldn't be any larger than the charger for your cellphone. You should be able to plug it into any power jack in the world or sync it up with any wi-fi router that happens to be in this neighborhood ... It should have a couple of USB ports that attach it to things. It should know how to bring itself up; how to start its web server; how to go and collect your stuff from all the social networking places you've got it.
It should know how to send an encrypted backup of everything to your friends' servers. It should know how to micro-blog, It should now how to make some noise that's like tweet but doesn't infringe on anyone's trademark. It should know how to ... be your avatar in a free net that works for you and keeps the logs. You can always tell what's happening in your server and if anybody else wants to know they can get a search warrant.
Re: (Score:1)
Sure they do (Score:5, Insightful)
People would like a magic box that make them anonymous and secure on the internet while they log into Facebook, just like they want a magic diet pill while they continue to stuff their faces with sugar and fat. Or for a more relevant tech example they'd like a magic oracle to tell them if a website belongs to who they think it belongs to which is why we have CAs as the best approximation. It's never going to work that way, but there's a lot of money in selling snake oil...
hum (Score:1)
Don't get it, whatever happened to the old fashion way where the owners of the company or of the project would either invest their own money or borrow from the bank. Look at Mark Shuttleworth, he has about $500 Million and yet he did not invest $32 Million of his own money into the Ubuntu Phone project but instead went with crowdfunding which failed. Canonical makes about $30+ Million a year and has 500 employees for some reason, they have to be making $30k a year salary.
Pay less for a better product. (Score:1)
https://pogoplug.com/safeplug $49.
From a company with some history of delivery (makers of the Pogoplug).
Fuck Kickstarter (Score:1)
I'm never giving money to anything that is funded via that method.
LK
Not surprised (Score:1)
What do you expect when the Washington Redskins come after you.
A better option (Score:1)