DTX Manchester DTX Manchester
  • About Us
Sunday, 28 February, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Anonabox returns amidst community backlash

by The Gurus
November 10, 2014
in This Week's Gurus
Share on FacebookShare on Twitter

The controversial anonabox anonymity hardware router project returned today amidst a scathing reaction from the wider security and anonymity communities.
 
Previously, the project was suspended from Kickstarter after claims that the project used entirely custom hardware were debunked by industry experts and laymen alike. The project has resurfaced on crowdfunding site Indiegogo, where so far it has raised over $11,000.
 
Claims made by the previous incarnation of the project, that turned out to be false, included: A claim that the project was based on 100 per cent Open Source hardware, which turned out not to be true when the boards used in images hosted on the project’s site were identified as being the same as a closed System-on-Chip platform already available from Chinese shopping site Aliexpress for just over $20.
 
There was also a further claim that the project was based on 100 per cent Open Source software when the only “source code” released was a collection of configuration files. Amongst the few configuration files provided, substantial vulnerabilities were found, including an open unencrypted wireless hotspot and a trivially cracked default password on all devices.
 
Another claim was that all traffic passed through popular anonymity software Tor was trivially debunked by looking at the firewall configuration. That appeared to be poorly implemented and allowed some traffic to pass through.
 
Finally, there was a ludicrous claim that all communications were encrypted, deemed a ludicrous claim as only traffic sent over Tor was encrypted, and even then only at the point of entering Tor. User traffic was still sent to Tor using a default open and unencrypted wireless network, making it less secure than using something like the Tor Browser Bundle.
 
Any device that uses Tor to provide anonymity is going to face some inherent limitations on its ability to provide genuine anonymity, something both the Cloak and Portal projects have considered. On the version of the anonabox website up at the time of writing, the features page claims that “this is the safest way to use Tor”.
 
Throughout this entire debacle, many researchers and industry practitioners, myself included, have taken the view that the problems with the anonabox project may have been caused by a lack of the specialist security experience demonstrated in similar projects like PORTAL, or experience of adopting a fully open approach like the Cloak project.
 
Following the suspension of the Kickstarter project, the fact that this has resurfaced on Indiegogo alongside the plans to release the device for sale independently without engaging or appropriately responding to the community backlash is only going to lead to further accusations that the team involved are conducting a scam.
 
Former Tor chief and privacy researcher Runa Sandvik disagrees, confirming that the LinkedIn group wasn’t official, when shown the above quote, Runa said via Twitter that: “August Germar is making false claims, again.”
 
At the time of writing, a search of the forum tor.stackexchange.com found no evidence of contributions from Germar.
 
Adrian Wade of the Cloak project offered to “stump up the $51 he’s asking for and publicly offer him a debate”, while Twitter and reddit user @htilonom said: “Maybe it’s for good, people have to learn not to trust scams.”
 
Some of the broader security community have been more scathing in their assessments. Self-described dog enthusiast and breaker of stuff @semibogan accused the anonabox project of being “just thieving c*nts.”
 
At the time of writing, the current website is keen to push its Open Source credentials and even provides a link to a page to download code, without any actual source code package provided of course. It remains to see whether or not anonabox will reach its funding goals.
 
In the meantime, the community will no doubt continue to discourage people from supporting this or similar projects.
 
 
Steve Lord is technical director of Mandalorian

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Alert Logic launch hosted SIEM with managed service offerings

Next Post

Thought for the weekend: Imagination is the Key

Subscribe
Notify of
guest
guest
18 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
trackback
Some Anonabox routers recalled for lack of basic security | Greentech-Anzon Skiing
April 8, 2015 12:20 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | My Power Health
April 8, 2015 12:20 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | My Blog
April 8, 2015 12:25 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | Printing Jersey
April 8, 2015 12:29 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security • Breakthru World
April 8, 2015 12:32 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security |
April 8, 2015 12:35 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | Taiwan NO 01
April 8, 2015 12:47 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | WordPress
April 8, 2015 12:52 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security
April 8, 2015 12:54 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security - teqarazzi
April 8, 2015 12:57 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | insurance
April 8, 2015 1:00 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | Movie trailers
April 8, 2015 1:15 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | Beyond the Wall
April 8, 2015 1:20 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security - Techbait Tech News
April 8, 2015 1:32 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | CnCoding
April 8, 2015 1:58 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
Some Anonabox routers recalled for lack of basic security | Popular Trending | trends.my.id
April 8, 2015 5:05 am

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
trackback
LUXURY ART | Some Anonabox routers recalled for lack of basic security
April 11, 2015 7:56 pm

[…] hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer’s claims of involvement with […]

0
Jon Cowden
Jon Cowden
April 19, 2017 2:51 pm

This is JUST like Anarchist Cookbook 2k… The Fed’s version put out to injure people making illegal items,forcing them to hospitals where they then have to explain the injuries, and then get questioned by the same feds whom created the napalm recipe that told you to use open flame… Lulz… That was the first internet crackdown on bomb and Phreak box making materials… The good ol days….

0

Recent News

Npower shuts down app after hackers steal customer bank info  

February 26, 2021
Partnership announcement: Edgescan partners with BSI to deliver safe and secure client solutions

Edgescan partners with BSI to deliver safe and secure client solutions

February 26, 2021
Microsoft building

Microsoft failed to fix known problems that could have prevented SolarWinds hack

February 26, 2021
Microscope

Dutch Research Council experience ransomware attack

February 26, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
18
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept