• United States



Anonabox backpedals on ‘custom’ hardware claims as Reddit points at Chinese versions

Oct 15, 20145 mins
Data and Information SecurityMicrosoftRouters

The Kickstarter campaign for the tiny plug-and-play Tor-loaded Anonabox router quickly raised over a half million dollars, but one of the developers is backpedaling on 'custom' hardware claims as Redditers found the same hardware available for sale in China.

I’m not a fan of fundraising campaigns that promise privacy, but when the funding goal is not reached, then the campaign keeps all the funds with no product delivered. Yet not everyone trying to raise money for a project will succeed, not all failed projects keep the funds, and you can’t please everyone all the time. The insanely popular Anonabox router has raised a crazy amount of money, but some Redditers are not pleased about Anonabox claims that the hardware was custom-designed and open source.

Basically, it’s plug-n-play flavored privacy via a tiny router that encrypts and routes all the users’ web traffic via the Tor anonymizing network.

The Kickstarter campaign starts off with: “The anonabox is an open source embedded networking device designed specifically to run Tor. It’s 100% Open Source.” The developers claim to have been working on Anonabox for four years with examples of the four prototypes pictured on Kickstarter. It later claims, “No more backdoors! The anonabox provides better security than most available products because it is completely open source, and open hardware.”

Yet Redditer htilonom claimed that the Anonabox Tor router was a “false representation, possibly even a scam” and the startup was basically “reselling Chinese devices.” Side-by-side comparisons pointed out by htilonom are disturbing as the hardware does appear to be available off the shelf. For example, the “mini WiFi router” in the top image is selling on AliExpress as WT3020; the router in the bottom image is a close-up of Anonabox posted on its site.

Then there’s the circuit board comparison as pointed out by htilonom via cstyves.

When the comparison was pointed out to Anonabox developer August Germar during his Reddit AMA, Germar replied:

Nice! Yes honestly that does look like the same circuit board. I can’t help but wonder if the factory that we sourced is going to try to sell them too. It seems pretty common in the electronics industry and that’s fine. I’ve never seen that photo before now, but if that is the case good for them! We have not invented anything and there are no patents on anything. We want to encourage people to make their own if they so desire because that’s what makes this project fun.

Other Redditers claim that Anonabox is basically saying, “Pay us $45 for a Tor router that is already available for $18 retail.” Yet Germar told the Daily Dot, “The device’s circuit boards were designed by an electrical engineer based on anonabox’s specifications, and that the company ‘found out tonight that there is at least one hardware product that is very similar, but… What makes the anonabox do what it does is the software and configuration’.”

That code has not yet been analyzed by the Tor Project community or other interested third-party security minds. If it does what it claims, basically plug it into your router for instant anonymous surfing, then that’s a good thing. It’s so portable that it’s “small enough to hide two in a pack of cigarettes.” Under the heading of “built for civil disobedience,” Germar told Wired the device could be hidden in a bodily orifice. “Maybe it’s too late and the police are already downstairs, so you smash the box with a brick and throw the pieces out the window. Or maybe you just crush it by stepping on it with your shoe and flush the pieces down the toilet.”

After the “misrepresentation of ‘custom’ hardware” stink started on Reddit, Wired, which reported on the custom hardware, reached out to Germar again.

In a follow-up phone call with Germar, he clarified that the router was created from a stock board sourced from the Chinese supplier Gainstrong. But he says that the project’s developers requested Gainstrong add flash memory to the board to better accommodate Tor’s storage demands. Germar also says now that the case was supplied by Gainstrong and was not custom-designed by the Anonabox developers, a partial reversal of how he initially described it to WIRED.

Anonabox likely could bring Tor to an audience that has never used it and might be too tech-squeamish to setup Onion Pi or other little devices for “Web Security Everywhere.” Funding pledges are still pouring in for the project, so it’s not like Anonabox has been shot down in flames. Yet some tech-savvy folks are worried that if the open source hardware claims are not true, will the other “promises” made on Kickstarter prove to be false too?

If you don’t like it, then don’t fund it. If you funded it and are sorry you did so, then “Manage your pledge” and withdraw your funding via “Cancel pledge.” If you feel like Anonabox is making false claims, or violates the Kickstarter rule that “projects can’t mislead or misrepresent the facts,” then report it to Kickstarter. If you see nothing wrong it, then make a pledge to support the tiny Tor router. Or you could do nothing and attempt other methods to evade government surveillance and to protect your privacy.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.