Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Building a better anonabox

  • 17-10-2014 11:46am
    #1
    Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭


    Well, I'm sure you've all heard of anonabox. I think the idea is positive but the implementation looks like it's being run by amateurs. My wife came up with the idea of doing something similar, but more secure and cheaper. She has sourced hardware. Samples should be here by Monday. Other logistics are more or less sorted.

    There are a few criticisms of the anonabox, some of which are addressable, others not so much. I'll break down the concerns that I'm aware of and possible solutions. If there are other issues that you can think of, or solutions that I haven't considered, I'd love to hear them.

    Criticism: They lied about a heap of stuff.
    Solution: No lying.

    Criticism: They weren't open about the hardware being off the shelf.
    Solution: Be open. Provide people with specs and rom. If they want to make their own with a box off aliexpress then they can go for it.

    Criticism: The firmware created by the anonabox people was a joke.
    Solution: This was amateur hour and pointed to a serious lack of expertise on their side. It would be locked down properly.

    Criticism: Claims of anonymity.
    Solution: Make it clear to people that some end user behaviour will effectively remove anonymity and that they shouldn't trust their lives or freedom to a box like this.

    Criticism: Browser fingerprinting
    Solution: I'm not sure about this one. I did think about some kind of packet inspection within the router and flattening the browser agent for example. I'm not sure there's enough CPU power for that (though I'll find out when engineering samples get here in a few days) and there are holes in it as a solution. Ultimately the solution here may be education.

    Criticism: Possible hardware back doors.
    Solution: We're not manufacturing ourselves, so this is a possibility. Test for them. Other options that don't cost a bajillion euro?

    Criticism: Intercepted packages with "custom" firmware installed
    Solution: Tamper evident package and / or ability to flash firmware from website (with hash) on arrival.

    Criticism: What if a hole is found in Tor?
    Solution: Provide security update. Open source software offers the option of indefinite community driven updates.

    Thanks for reading this far. :) If you have any input or suggestions I'd by really grateful to hear it all.


«13

Comments

  • Registered Users Posts: 1,917 ✭✭✭B00MSTICK


    I think it's a solid idea and clearly there's a market for it (how the KS is still up is beyond me!)
    Once you are 100% transparent and clear on what it can/can't do, then I think you're on the right track

    No idea on the backdoor issues, is there any existing kit that has some level of testing performed on it?

    Keep us updated on the progress on the prototype anyway, nice way to spend quality time with the wife too!


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    B00MSTICK wrote: »
    (how the KS is still up is beyond me!)

    Those guys lied in about five ways and have been called on it all over the internet. The hashtag on twitter shows nothing except it being a scam (which I actually think is a little harsh, but it shows how people's perception changes aggressively).
    B00MSTICK wrote: »
    Once you are 100% transparent and clear on what it can/can't do, then I think you're on the right track

    Thanks. :)
    B00MSTICK wrote: »
    No idea on the backdoor issues, is there any existing kit that has some level of testing performed on it?

    Worth a look. I suppose they could always add new ones.
    B00MSTICK wrote: »
    Keep us updated on the progress on the prototype anyway, nice way to spend quality time with the wife too!

    Will do. Thanks for the positive feedback. :)


  • Registered Users Posts: 569 ✭✭✭hooplah


    Scale:

    Even if the anonbox guys were straight up I think the massive demand would cause a problem in terms of delivering the required numbers. I don't have a solution to this but I think you would have to consider how to produce boxes at different levels of scale.

    Credibility:

    After the money that anonbox raised losts of chancers are going to try and cash in. you need to differenciate yourself. It would be great if you could get an endorsement or code / product review from infosec / privacy known figures. If that isn't possible then things like education focused user friendly documentation / videos / webcasts might help establish your credientals.

    Good luck!


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    hooplah wrote: »
    Scale:

    Even if the anonbox guys were straight up I think the massive demand would cause a problem in terms of delivering the required numbers. I don't have a solution to this but I think you would have to consider how to produce boxes at different levels of scale.

    They certainly gave the impression of rabbit in headlights on the supply side alright. The supplier we have will produce in bulk to order, install firmware and test for an agreed price. Shipping a large number of units would be no problem.
    hooplah wrote: »
    Credibility:

    After the money that anonbox raised losts of chancers are going to try and cash in. you need to differenciate yourself. It would be great if you could get an endorsement or code / product review from infosec / privacy known figures. If that isn't possible then things like education focused user friendly documentation / videos / webcasts might help establish your credientals.

    Great idea. I'm not sure who would endorse me, though I do have security specific qualifications and experience. Good documentation which we release early is a great idea though.

    Thanks for the post. Appreciate it.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    B00MSTICK wrote: »
    (how the KS is still up is beyond me!)
    Suspended now.


  • Advertisement
  • Registered Users Posts: 569 ✭✭✭hooplah


    Khannie wrote: »
    They certainly gave the impression of rabbit in headlights on the supply side alright. The supplier we have will produce in bulk to order, install firmware and test for an agreed price. Shipping a large number of units would be no problem.

    Sounds great.
    Khannie wrote: »
    Great idea. I'm not sure who would endorse me, though I do have security specific qualifications and experience. Good documentation which we release early is a great idea though.

    Yeah I think it might be difficult to get 'big names' - though I think if you picked up some momentum it might be easier.

    People mention in this article maybe?
    http://www.wired.com/2014/10/anonabox-backlash/
    Justin Steven
    Steve Lord

    From Twitter:
    @evacide
    @bcrypt
    @moxie

    Closer to home and probably easier to contact you could try skylops and baconzombie who post here. You could also head along to a Dublin 2600 meeting and see if people would like to try it out. Loan and preview of the tech for anyone credible who can write a knowledgeable blog post?
    Criticism: Browser fingerprinting
    I don't know about this myself but have read that the only solution would be to use something like the TOR browser - allegedly you can set it so that it doesn't go via tor a second time if you know what i mean].


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Campaign is live now here. Decided to pull the trigger a little early (was going to be Monday) given the suspension of Anonabox.


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    bedlam wrote: »
    why this over PORTAL or PORTALofPi?

    Fair question. The short answer is convenience I suppose. Honestly if you have the hardware, expertise and time you should go with either of those projects.


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    WOOP! First contributor. \o/


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    bedlam wrote: »
    ok I'll rephrase it ;) other than potentially first to market, why this over PortalMasq which will make the process far easier to install than PORTAL currently is and I believe you will be able to purchase ready made?

    There are going to be competitors. Sure we're competing with ourselves since we'll offer the firmware for people who want to install it themselves with the off the shelf hardware. Currently that's under $20 delivered (albeit slowly) from aliexpress.

    When other hardware is available with the firmware installed and the delivered price is also available I'm hoping our price will be lower (because of volume discounts). Currently we don't have those.


  • Advertisement
  • Registered Users Posts: 1,770 ✭✭✭Sebzy


    Perhaps a breakdown of costings would be beneficial to perspective buyers.


  • Registered Users Posts: 1,770 ✭✭✭Sebzy


    Please have iptables locked down to specific ports https/ssh on the retinal interface too. Ideally using non standard ports.


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Sebzy wrote: »
    Please have iptables locked down to specific ports https/ssh on the retinal interface too. Ideally using non standard ports.

    I'll go through the various settings in a thread on here and ask for feedback before we release anything.
    Sebzy wrote: »
    Perhaps a breakdown of costings would be beneficial to perspective buyers.

    It's not a bad idea but I'd feel a bit weird about breaking it down into the various components publicly (just because of expected competitors). What I will say though is that the $30 price point represents a net loss for us (which we'll make up on the $43 ones) even before anyone's time is taken into consideration.


  • Registered Users Posts: 2 deathzor


    Khannie wrote: »
    Criticism: Browser fingerprinting
    Solution: I'm not sure about this one. I did think about some kind of packet inspection within the router and flattening the browser agent for example. I'm not sure there's enough CPU power for that (though I'll find out when engineering samples get here in a few days) and there are holes in it as a solution. Ultimately the solution here may be education.
    Its not the HTTP header that is the full issue, javascript alone can screw you over hard.
    The biggest catch-22 is your are now offloading ssl negation to the box meaning you have increased security on the internet level in trade for decreased security on the network level ( if you are gonna supply wifi this is gonna be a really big deal as well as a big deal for multiple user setups ).
    Don't get me started on dynamically signing the sites with your own custom CA as now you have a CA cert on your router connected to the internet, and if that doesn't scare you well i don't known what will.

    Just changing the http request headers is next to useless as its trivial to ask in javascript what browser you are dealing with, offloading this problem to your users is a specially not an option as there is no way in hell i can clean my own browser and i consider myself reasonably well educated in technology ( let alone somebody that buys this box because they can't or won't install tor ).

    I'm currently trying to get a concept that cleans this up but it comes at a huge price namely your offloading ssl as well as disallowing javascript completely i'm still depending on the webserver to tell me what content something is and that is already worrying me because i will have to run tests/look at the source of multiple browsers and see if there is no way to sneak in html under a different content-type flag.
    let alone the performance costs of identifying what a user is requesting and what the browser is getting a result of that request.
    because you will need to offload cookie's to your router as well otherwise this exercise is rather pointless, you should also request any items that are in the browsers cache regardless of cache status of the item. ( you need to known the media because you need to identify what request is coupled by what user URL entry to double index cookie's to prevent tracking cookie's )
    and because one could use the lack of a request to identify a user, and intermix these requests at there normal times (again i need to look at browser source on this one) so that one can't abuse the request order to get a hint of the cached items.
    you may even need to switch the order around so that your always requesting them the same way as popular browser i'm not sure if request order changes per browser ( something i should really look into ).
    Keep in mind because you are providing a router you can't assume the status of the machine behind it to be completely clean from the start so it more then like has some cache build up under its own ip.

    Edit: o this might come of a bit negative don't take it the wrong way but have been trying for the last 2 days to get a concept out to cover this issue, and the more i read into it the worse it gets.
    so trying to give a quick overview of how easy it is to make a mistake on this and in turn make all your defenses useless.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    38/39 sold today, picking up steam now.


  • Closed Accounts Posts: 628 ✭✭✭Chance The Fapper


    I'll be donating when I get some money in this week, good work


  • Closed Accounts Posts: 824 ✭✭✭Kinet1c


    Khannie wrote: »
    Campaign is live now here. Decided to pull the trigger a little early (was going to be Monday) given the suspension of Anonabox.

    Purchased, hope the rest of it goes well. Thought of pimping it out on Twitter?


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Another 30+ today already, 12% their.


  • Closed Accounts Posts: 1,414 ✭✭✭Awkward Badger


    Your ideas are intriguing to me and I wish to subscribe to your newsletter contribute to your project.

    Good luck, hope ya reach the goal.


  • Advertisement
  • Registered Users Posts: 1,034 ✭✭✭dalta5billion


    http://arstechnica.com/information-technology/2014/10/in-wake-of-anonabox-more-crowdsourced-tor-router-projects-make-their-pitch/

    Nice one Khannie!

    (Also I must say I find it absolutely adorable that you're working on this as a couple! <3)


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Quick request for some feedback folks - Would you be interested in an option to allow a hosts file that blocks known ad companies etc. during the initial setup phase? There are fairly decent ones available online which we'd probably test and customise a bit.


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie



    OMG! That's so cool! :D
    (Also I must say I find it absolutely adorable that you're working on this as a couple! <3)

    :o


  • Closed Accounts Posts: 628 ✭✭✭Chance The Fapper


    Khannie wrote: »
    Quick request for some feedback folks - Would you be interested in an option to allow a hosts file that blocks known ad companies etc. during the initial setup phase? There are fairly decent ones available online which we'd probably test and customise a bit.

    Yes


  • Registered Users Posts: 1,691 ✭✭✭JimmyCrackCorn


    One major problem.

    Html5 Canvas Fingerprinting.
    https://www.browserleaks.com/canvas

    Another problem
    You cant use browser cache as you cannot trust content cached inside an anonymous session. One MITM attack and some cached JavaScript content == busted.


  • Registered Users Posts: 2 deathzor


    Another problem
    You cant use browser cache as you cannot trust content cached inside an anonymous session. One MITM attack and some cached JavaScript content == busted.

    It gets a bit worse, if we take firefox for example the IF_MODIFIED_SINCE header field is set by the expiration date of the last request.
    a clever attack could setup a custom value for this header, so that he can read it back on the next request if you EVER cache a file non-anonymously your are busted.
    in theory you are not busted if your javascript is poisoned on tor and your never leave tor, only your activity is track-able then not you ( your still anonymous even if they have ever cursor movement and key press you made on the website ).
    but once you leave the network you could still be carrying the poisoned cache meaning you give away your identity.

    You need to completely isolate the anonymous cache from the non-anonymous cache ( plus a lot of other stuff ).


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Another request for feedback please folks (and thanks :))

    How would you feel about being presented with the suggestion of (possibly) donating some of your bandwidth as a relay or bridge on initial setup? (subject to limits and warnings etc.).

    I'd rather invizboxes were at least asking people to donate bandwidth but I want to see what the consensus on being asked is.

    This is subject to checking CPU usage etc. on the box so just looking for feedback on the notion.


  • Registered Users Posts: 569 ✭✭✭hooplah


    I would be fine with being asked about opting in on initial setup.

    I should have the option to 'turn it off' however for when I'm visiting my folks / friends with less bandwidth, or working off mobile tether.

    If I didn't have that option I probably wouldn't go along with it at all.


  • Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Nice one. I hadn't considered that. It would be fairly handy for us to say "only be a relay when connected to this router" at that time just to make it automatic. I really want to make this a straightforward to use as possible and obviously big data bills are not something I want people to get stung with because they forgot to turn it off.


  • Advertisement
  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




Advertisement