No tool in existence protects your anonymity on the Web better than the software Tor, which encrypts Internet traffic and bounces it through random computers around the world. But for guarding anything other than Web browsing, Tor has required a mixture of finicky technical setup and software tweaks. Now routing all your traffic through Tor may be as simple as putting a portable hardware condom on your ethernet cable.
Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the users IP address and skirting censorship. Its also small enough to hide two in a pack of cigarettes. Anonaboxs tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfills its security promises, is that it could become significantly easier to anonymize all your traffic with Tornot just Web browsing, but email, instant messaging, filesharing and all the other miscellaneous digital exhaust that your computer leaves behind online.
Now all your programs, no matter what you do on your computer, are routed over the Tor network, says August Germar, one of the independent IT consultants who spent the last four years developing the Anonabox. He says it was built with the intention of making Tor easier to use not just for the softwares Western fans, but for those who really need it more Internet-repressive regimes. It was important to us that it be portable and smallsomething you can easily conceal or even throw away if you have to get rid of it.
Anonabox is by no means the first project to attempt to integrate Tor directly into a router. But Germar argues it will strike the best balance yet of cheapness, easy setup, size and security. Tor-in-a-box projects like Torouter and PORTAL, for instance, require the user to replace the software on a stock router. Another project called OnionPi is designed to be built one from a kit, and costs roughly twice as much as Anonabox.
In terms of consumer friendliness, the closest device yet to a plug-and-play Tor router has been Safeplug, a $49 variant on a Pogoplug router modified to route all traffic over Tor. But at more than twice the size, the Safeplug isnt nearly as portable as the Anonabox. And its also been criticized for security flaws; Researchers at Princeton found in September that it didnt have any authentication on its settings page. That means a hacker could use a technique called a Cross-Site Request Forgery to trick a user into clicking on a link that would change the routers functions or turn off its Tor routing altogether. It also uses an outdated version of Tor, one that had been updated even before the device shipped last year.
Anonaboxs security hasnt yet been audited for those sorts of flaws. But its creators point out that it will be entirely open source, so its code can be more easily scrutinized for errors and fixed if necessary.
The non-profit Tor project itself is reserving judgment for now. But its executive director Andrew Lewman tells WIRED hes keeping an eye on the project, and that it looks promising so far. Micah Lee, lead technologist for Glenn Greenwalds The Intercept and a frequent developer on Tor-related projects, says hes mostly encouraged by the idea. One of the potential vulnerabilities for Tor users, after all, is that a website they visit could run an exploit on their computer, installing malware that phones home to a server across a non-Tor connection to reveal their real IP address. If youre using something like this, everything goes over Tor, so that cant happen, Lee says. A Tor router can definitely have a big benefit in that theres physical isolation.
He nonetheless cautions that Anonabox alone wont fully protect a users privacy. If you use the same browser for your anonymous and normal Internet activities, for instance, websites can use browser fingerprinting techniques like cookies to identify you. Lee suggests that even when routing traffic over Tor with Anonabox, users should use the Tor Browser, a hardened browser that avoids those fingerprinting techniques. (To avoid running their traffic through Tor twice and reducing bandwidth speeds to a crawl, he points to a setting in the Tor Browser called transparent torification, which turns off the browsers own Tor routing.)
The Anonabox has been in the works since 2010, long enough that its developers have been able to evolve their own custom board as well as an injection-molded case. That customization, Germar says, means the tiny device still packs in 64 megabytes of storage and a 580 megahertz processor, easily enough to fit the Tor software and run it without any slowdowns.
Germar says he and his friends began thinking about the possibility for the device around the time of the Arab Spring in late 2010 and early 2011. The Anonabox is ultimately intended for users in other countries where Tors anti-censorship and privacy properties can help shield activists and journalists. It can be used in a cybercafe, for instance, where users cant easily install new software on computers. And its capable of so-called pluggable transportsextensions to Tor that often allow its traffic to better impersonate normal encrypted data.
Read the rest here:
With This Tiny Box, You Can Anonymize Everything You Do Online