A recent Kickstarter campaign for a Tor-based anonymous router — Anonabox — was greeted with great excitement from users and the tech community before the project was shut down. In its wake, the desire for plug-and-play anonymous routers has been huge. There are new Kickstarter projects waiting to go, and suddenly, there are a lot of solutions available.
Anonabox piqued public interest in a big way before the campaign fell apart under accusations that the product was an improper use of Kickstarter and not original work. In the days that followed, another campaign for a similar device called TorFi was closed for similar reasons.
Ars Technica IT editor Sean Gallagher notes:
TorFi was based on existing commercial hardware and open-source software, and the only addition Enjaian and Xu (the creators of the campaign) were making was to perform the reprogramming of the routers, and this may have been the reason for TorFi’s suspension.
Now Cloak, another Tor-based anonymous routing solution, is waiting in the Kickstarter wings. Its page provides detailed drawings, pictures and schematics of all the hardware and gives a detailed layout of when the project is expected to pass various construction milestones.
Cloak’s page also notes that the team is “deeply concerned that failed efforts can tarnish public perception of the underlying cause. The principles that motivate people to demand privacy are core to liberal democracy and are much too important to be obscured by the smoke from faulted attempts at implementation crashing and burning.”
The concept for an anonymous router is sound, it just seems like previous attempts haven’t been rigorous enough to pass close scrutiny. “I’m surprised these guys aren’t telling you it’ll also help you lose weight and is powered by antioxidants,” Steve Lord, a British penetration tester, told Wired. In other words, caveat emptor.
It’s very clear from the buzz generated by these projects that the market is interested in anonymous browsing. The problem, as noted by Wired, is that so much of the Internet can compromise anonymity tools with things as simple as cookies.
“There’s not much point in having an [operations security] tool if you don’t have an opsec frame of mind,” Steve Rogers, a security consultant, told Wired.