A while back, we covered the controversy over a few Kickstarter projects aiming to provide something in increasing demand as of late: a foolproof way to connect any Wi-Fi capable device to the Tor anonymized network. Two such Tor “travel router” projects have since become actual product: InvizBox, from a team in Ireland, and the resurrected Anonabox, which was acquired by the tech holding company Sochule. A third, the open source PORTAL project, originally coded by “opsec” champion the grugq, is being turned into a consumer product by Ryan Lackey and Marc Rogers of CloudFlare and will be getting its bow at the RSA Conference later this month.
These devices are, to varying degrees, effective ways to hide from unwanted attention of all sorts. That is, they’ll work short of a state actor looking to use a giant datacenter dedicated to performing all manner of de-anonymizing attacks by using the Tor takeover conspiracy model of the week, zero-day malware, or people’s own simple mistakes against them. But these routers all follow slightly different approaches. Anonabox is a stunningly hands-off product that has no user interface other than its lengthy Wi-Fi password; InvizBox provides hands-off privacy with the addition of an administrative interface to apply fixes and leverage moderately more complicated Tor capabilities; and PORTAL promises to provide everything—including pluggable protocols for Tor to help it get past the most persistent state-funded nastiness.
We don’t have PORTAL in hand yet, but we did receive test units of Anonabox and InvizBox. To see just how effective those two pocket privacy contenders are, we ran them through a head-to-head in the most hostile network environment we know of—Ars Technology Lab’s network torture chamber (otherwise known as my office… I’ve had to do a bit of responsible disclosure along the way).
Read 38 remaining paragraphs | Comments