ByNeil J. Rubenking
They’re onto you. You’ve pilfered the secret plans, but you can’t transmit them to spy HQ without giving away your location.
And all the available computers are crawling with government-installed spyware. What’s a secret agent to do? Why, plug your Icloak Stik into one of those computers, boot from it, and contact HQ over a secure channel using the built-in Tor Browser, of course! This device isn’t cheap, but it effectively puts a whole secure computer on your keychain. Of course, you don’t have to be a secret agent to make use of this cool device.
Anyone who values anonymity can benefit.
Your $99 one-time purchase gets you a 16GB USB drive that’s barely bigger than a dime.
The drive comes with proprietary operating system installed and preloaded with a number of useful utilities.
The OS is based on Linux, but don’t worry; all the scary Linux bits are hidden.
Security updates are free indefinitely.
If the company makes any feature upgrades, you get them free for a year; after that, each year of updates costs $50.
As an alternative, you can pay $149 initially and get free feature upgrades for life.
Using IcloakWith this device, there’s no setup, no configuration, no account creation. Just plug it in to a Windows, Mac, or Linux box and reboot. You probably need to press a special key during the boot process in order to boot from USB.
If you’re not sure how to do that, you can run the helper application supplied on the device.
For example, on one of my test systems it identified the computer model as Dell and advised that I hold down F12 during the boot process.
Note that even if the machine you’re using won’t successfully boot to its own operating system, you can probably boot to Icloak as long as the necessary hardware is intact.
And here’s a zinger for you—once you’ve booted from the Icloak Stik you can remove it and put it back in your pocket, ready for a quick getaway.
The browsers and other apps keep working.
The only thing you can’t do at this point is save data to the Stik.
Due to its memory needs, that Icloak requires a 64-bit processor; you won’t be able to use it on the very oldest computers.
For testing and reporting purposes, I used Icloak in a VMware virtual machine. Otherwise, I wouldn’t have been able to capture screenshots.
Anonymous Browsing At the top of the main Icloak screen you’ll find two oversized icons. One launches the Tor Browser, the other launches a portable version of Mozilla Firefox. Why would you use an unsecured Firefox browser when you have the anonymity of Tor available? Speed, that’s why.
Browsing with Tor can be a little slow, or it can be extremely slow.
And whichever browser you use, once you shut down the system and unplug the Icloak Stik, you won’t leave any traces.
If you’re not familiar with the TOR Browser, please read our full review.
In short, Tor is a system that routes your Internet connection through multiple nodes so as to thoroughly hide your actual IP address and location.
The Tor Browser automatically uses Tor for all connections.
A status bar displays your current public IP address as well as the country associated with that address.
From the browser toolbar, you can request a new identity at any time. You’ll wind up with a new IP address, probably in a different country.
During my testing I connected through quite a few countries, among them the Czech Republic, Germany, Luxembourg, the Netherlands, Slovakia, and Romania.
Do note that with Tor, just as with any VPN service, you’ll find that globalized websites feed you content based on your apparent IP address, not your actual location.
The More Info page of the main Icloak window makes it very clear what this product does and doesn’t do.
It does anonymize your connection, so nobody can identify your actual IP address or location.
It erases all browsing data on shutdown.
And it’s immune to malware aimed at Windows or Mac OS.
However, Icloak does not provide encryption—it’s not a VPN service.
It can’t ensure that nobody will access your Internet traffic, just that they can’t know it’s your traffic.
And finally, it can’t “prevent government agencies from putting bugs and hidden cameras in your home.” (If I find a product that can do that last one, I’ll let you know).
You can vastly improve your security by sticking to secure (HTTPS) websites.
To help you with that, the Tor Browser has the Electronic Frontier Foundation’s HTTPS Everywhere add-in installed and active by default.
This add-in simply forces all Web traffic to use HTTPS if it’s available.
The NoScript add-in, also active by default, foils many types of malicious websites by blocking scripts.
Of course, it’s not so smart to batten down all your security hatches and then give away your search history to Google or other popular search engines.
By default, searches in the Icloak environment go through Disconnect Search, which fetches results from popular search sites without letting those sites track you.
Other AvenuesIs this the only way to browse the Web securely and anonymously? Not at all.
To start, you could simply install and run the Tor Browser without the Icloak Stik.
Disconnect Search, HTTPS Everywhere, and NoScript are all available to tighten security even in your regular browser.
The free Epic Privacy Browser is designed to resist tampering, and it offers features like secure search, Do Not Track, and cookie control. However, its simple proxy doesn’t do nearly as much to anonymize your connection as the browser in Icloak does.
Authentic8 Silo takes a very different approach.
In a sense, it isn’t a browser at all, just a bridge to the actual browser on Authentic8’s servers.
All browsing, page rendering, and so on takes place on the servers; your local agent just displays the results.
This product offers tamper-proof authentication and a full password manager.
Cocoon+ both hides your IP address and encrypts your Web traffic.
It includes a feature-limited password manager and promises to block malware at the server level.
At the time I tested it, though, it didn’t perform all that well.
The one very important thing these other solutions don’t have is the completely isolated operating environment that you get with Icloak Stik.
One Ring to Rule Them AllHere’s a nice surprise. Like Authentic8 Silo, Icloak has a password manager built in.
The One Ring password manager works specifically within the Tor Browser. While it’s simple, it performs all of the essential tasks.
Even if you’re devoted to your existing password manager, you can’t use it within the Icloak environment. However, One Ring can import from Dashlane 4, LastPass 4.0, or KeePass.
And One Ring is smart; if you periodically import your growing password collection from one of these competing products, it knows not to create duplicates of existing entries.
On its own, One Ring happily captures credentials any time you log in to a secure site or create a new account.
It pops up a window with the captured details and lets you tweak the display name, link the item with a new or existing group, and enter notes.
If it’s a new account, One Ring offers to generate a strong password.
When you return to a site that has credentials saved, One Ring puts a ring-shaped icon in the password field.
Clicking the ring gets you a menu of available logins for that site.
Simple! And that’s the extent of the feature set.
It doesn’t attempt to fill forms, doesn’t analyze your passwords, and doesn’t support two-factor authentication, among other advanced features.
The main feature I miss in One Ring is the ability to launch and log in to a secure site from the list of passwords.
Other AppsAlong with One Ring, Icloak offers a handful of other apps. Remember, when you boot to Icloak, you have no access to programs installed on the host computer, so you may find these really handy.
Certainly you’re likely to use the text editor for taking notes.
It works very much like Notepad, though it has a few odd behaviors.
For example, when I changed the default font my text vanished. Why? Because the default font size is zero! It does have a number of features not found in Notepad.
For example, you can set the line-ending character to match Windows, Mac, or Unix.
And you can select from a number of color schemes including Cobalt, Oblivion, and Tango.
It also comes with AbiWord for word processing and GNOME Office’s Gnumeric for spreadsheet handling.
Gnumeric, a full-featured spreadsheet, can read and write Excel files, along with Open Document files and its own proprietary format.
AbiWord is a bit more limited; it handles the old Word .doc file format (among others) but not the modern .docx format.
I’m not sure how many users will choose to edit their documents and spreadsheets in the Icloak environment, though.
A simple file manager lets you manage and organize the files that you create with these tools. Note that when you plug the Icloak Stik into an already-running computer, you have full access to those saved files.
I’d advise against turning on its Show Hidden Files option, as you may find yourself lost in the twisty maze of files and folders that make up the Linux operating system underlying Icloak’s friendly user interface.
By the same token, you should avoid the many pages of configuration settings reached by choosing Settings Manager from the main Icloak menu button at top left. Most of these are ineffective, left over from the open-source Linux implementation incorporated by Icloak’s designers. (No, you can’t configure Icloak to sync with your Palm Pilot or Pocket PC!) Going forward, the designers plan to prune away any of the settings that aren’t relevant, meaning most of them.
Do It Yourself?If you search online for the phrase “Icloak Stik,” you’ll find that one of the top hits is an article titled “Privacy Gimmicks: Don’t Buy Into Them.” The gist of the author’s gripe with Icloak in particular is twofold.
First, he notes that other than being “mainstream friendly,” Icloak is almost indistinguishable from the open-source project Tails (The Amnesic Incognito Live System).
His second concern is the price, which at present is twice as much as when his article was written. You could buy a super-tiny 16GB USB drive for much less, certainly less than $20, and load it with Tails for free.
Thus the price is “absolutely insane,” according to the author.
In one sense, I have to agree.
If you have the skills to install and use Tails, and don’t need the friendly user interface of Icloak, more power to you! But for the rest of us, the Icloak Stik looks pretty good.
Leave No TraceIf you’re a spy or a reporter embedded in an unfriendly country, a tool like Icloak Stik can be an invaluable asset.
If you’re a spy wannabe, or just someone who values anonymity, it’s still very cool. Yes, it’s expensive, but unless you have the skills to assemble an equivalent device on your own, you’ll just have to pay the price.
This unusual product is in a category of its own, though it bears some similarity to software-only privacy-centered browsers.
It’s something of a work in progress.
In particular, the designers need to prune away unnecessary features and configuration settings from the product’s open source building blocks, and maybe, just maybe, consider a lower price point.
Even so, right now it offers a rare degree of privacy and anonymity, even in hostile environments.