Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Anonabox returns amidst community backlash

by The Gurus
November 10, 2014
in This Week's Gurus
Share on FacebookShare on Twitter

The controversial anonabox anonymity hardware router project returned today amidst a scathing reaction from the wider security and anonymity communities.
 
Previously, the project was suspended from Kickstarter after claims that the project used entirely custom hardware were debunked by industry experts and laymen alike. The project has resurfaced on crowdfunding site Indiegogo, where so far it has raised over $11,000.
 
Claims made by the previous incarnation of the project, that turned out to be false, included: A claim that the project was based on 100 per cent Open Source hardware, which turned out not to be true when the boards used in images hosted on the project’s site were identified as being the same as a closed System-on-Chip platform already available from Chinese shopping site Aliexpress for just over $20.
 
There was also a further claim that the project was based on 100 per cent Open Source software when the only “source code” released was a collection of configuration files. Amongst the few configuration files provided, substantial vulnerabilities were found, including an open unencrypted wireless hotspot and a trivially cracked default password on all devices.
 
Another claim was that all traffic passed through popular anonymity software Tor was trivially debunked by looking at the firewall configuration. That appeared to be poorly implemented and allowed some traffic to pass through.
 
Finally, there was a ludicrous claim that all communications were encrypted, deemed a ludicrous claim as only traffic sent over Tor was encrypted, and even then only at the point of entering Tor. User traffic was still sent to Tor using a default open and unencrypted wireless network, making it less secure than using something like the Tor Browser Bundle.
 
Any device that uses Tor to provide anonymity is going to face some inherent limitations on its ability to provide genuine anonymity, something both the Cloak and Portal projects have considered. On the version of the anonabox website up at the time of writing, the features page claims that “this is the safest way to use Tor”.
 
Throughout this entire debacle, many researchers and industry practitioners, myself included, have taken the view that the problems with the anonabox project may have been caused by a lack of the specialist security experience demonstrated in similar projects like PORTAL, or experience of adopting a fully open approach like the Cloak project.
 
Following the suspension of the Kickstarter project, the fact that this has resurfaced on Indiegogo alongside the plans to release the device for sale independently without engaging or appropriately responding to the community backlash is only going to lead to further accusations that the team involved are conducting a scam.
 
Former Tor chief and privacy researcher Runa Sandvik disagrees, confirming that the LinkedIn group wasn’t official, when shown the above quote, Runa said via Twitter that: “August Germar is making false claims, again.”
 
At the time of writing, a search of the forum tor.stackexchange.com found no evidence of contributions from Germar.
 
Adrian Wade of the Cloak project offered to “stump up the $51 he’s asking for and publicly offer him a debate”, while Twitter and reddit user @htilonom said: “Maybe it’s for good, people have to learn not to trust scams.”
 
Some of the broader security community have been more scathing in their assessments. Self-described dog enthusiast and breaker of stuff @semibogan accused the anonabox project of being “just thieving c*nts.”
 
At the time of writing, the current website is keen to push its Open Source credentials and even provides a link to a page to download code, without any actual source code package provided of course. It remains to see whether or not anonabox will reach its funding goals.
 
In the meantime, the community will no doubt continue to discourage people from supporting this or similar projects.
 
 
Steve Lord is technical director of Mandalorian

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Alert Logic launch hosted SIEM with managed service offerings

Next Post

Thought for the weekend: Imagination is the Key

Recent News

security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information