dslreports logo
 story category
Developers of Anonabox Accused of Lying About Tiny Tor Router

Earlier this week I directed your attention to a new Kickstarter effort called the anonabox, a project that claimed to be building a tiny, "100% open source" router specifically built to run Tor. As of this writing the project has already hauled in $615,000 in funding for the project, though the entire may wind up being suspended by Kickstarter. Why? A detailed Reddit post accuses the developers of lying about a significant number of the developers' claims, including the idea that the router is fully open sourced.

Click for full size
For one, the tiny router the developers say they spent four years working on looks amazingly similar to this router already available on AliExpress for $19.62 (the team previously stated they hoped to sell their router for around $50).

The Reddit poster points out that a lot of the hardware simply comes from China, and is very far from "100% open source." A series of screengrabs nabbed by Reddit users highlight how the various "prototypes" by the team appear to be copies of Chinese hardware already available online.

Users also point out that the software on the router appears to be not only OpenWRT -- but badly configured OpenWRT, with a backdoor root password, a default open wireless network, and shipped with SSHD -- combined with the potential for Chinese hardware backdoors meaning it's not exactly a bastion of privacy and security.

A developer Q&A on Reddit also didn't go very well for the developers, many of which say they previously worked in the broadband industry. Given Kickstarter's prerequisite that "honest and clearly presented" -- it's not clear how long this particular effort is going to last.
view:
topics flat nest 

Mike
Mod
join:2000-09-17
Pittsburgh, PA

Mike

Mod

hope he was running his product

he got destroyed in the commentary
pandora
Premium Member
join:2001-06-01
Outland

pandora

Premium Member

Re: hope he was running his product

Maybe Kickstarter could be used to get millions in funds for to create a large online forum.

TheMole
join:2001-12-06
USA

TheMole

Member

WOW.

WOW (again!)

ScamTors
@73.160.110.x

ScamTors

Anon

Tor fans scammed

I have to say, it seems this would be rough justice for the crooks drawn to TOR to hide their criminal enterprises if they had invested in this scam.

battleop
join:2005-09-28
00000

2 recommendations

battleop

Member

Re: Tor fans scammed

Now come on... Tor is just like BT which we all know is used just to collect rare and exotic Linux ISOs. Tor in a similar fashon is just used to hide from political opression by communist goverments.

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

Re: Tor fans scammed

You don't suppose "100% open sores" was a clue that this might not be legit, do ya?

cork1958
Cork
Premium Member
join:2000-02-26

cork1958

Premium Member

Re: Tor fans scammed

said by tshirt:

You don't suppose "100% open sores" was a clue that this might not be legit, do ya?

Yeah,
Anything with open "sores" can't be legit!
kmt5150
join:2014-10-08

kmt5150 to battleop

Member

to battleop
Actually, TOR is much more than that. I wouldn't use it in a routing fashion as the latency can be really high. I'm actually glad these guys flopped, because I'm developing a router that not only encrypts ALL IP traffic sent/received, but is NOT completely open sourced and has hardware made right here in the good ol' USA. I'm trying to have it developed by late 2015 but if I can find funding sooner than it'll be here quicker
nonymous (banned)
join:2003-09-08
Glendale, AZ

nonymous (banned)

Member

Re: Tor fans scammed

said by kmt5150:

Actually, TOR is much more than that. I wouldn't use it in a routing fashion as the latency can be really high. I'm actually glad these guys flopped, because I'm developing a router that not only encrypts ALL IP traffic sent/received, but is NOT completely open sourced and has hardware made right here in the good ol' USA. I'm trying to have it developed by late 2015 but if I can find funding sooner than it'll be here quicker

But wouldn't both sides need to support.your encrytion? Not every end point would so how could all traffic be encryted?
kmt5150
join:2014-10-08

kmt5150

Member

Re: Tor fans scammed

The only sides to worry about for this setup is between router and VPN server. It's Traffic Encryption, not webpage encryption (https, etc). This is the connection at the 3rd layer not at the 6th. Websites, for all intents and purposes, fall under the 'Application' and 'Presentation' layers of the OSI Data Model. You could even use it with say PSNetwork and as long as the VPN conenction latency was low, you wouldn't even know it's going thru a VPN. THIS IS WHAT WE NEED. Minimally intrusive, extremely high-grade encryption that's hardware based (at the 2nd layer if possible but most likely 3rd and above).

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

Re: Tor fans scammed

said by kmt5150:

The only sides to worry about for this setup is between router and VPN server.

And who is running the VPN servers.
rahvin112
join:2002-05-24
Sandy, UT

1 recommendation

rahvin112 to battleop

Member

to battleop
TOR was developed by the NSA initially. It allows thousands of people every day to communicate with the outside world from within hostile totalitarian regimes. Before much of the internet in Syria was shut down almost all the information coming out of there was through TOR. The NSA and CIA both use versions of TOR to allow their spies to communicate with the central command. TOR is a tool, like any other.

Like all things in the world, tools can be used for good and evil. Much like those that support gun control you blame the tool for the actions of the individual and incite scorn, ridicule and accusation on those that use or own the tool, just like the anti-gun lobby. You should be ashamed of yourself.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

1 recommendation

Kilroy to ScamTors

MVM

to ScamTors
The tools are not bad, it is what they are used for that counts.

I am a skeptic of any security solution that has not been vetted and examined. When you employ any security system you are trusting the creator of that system with your security. Any mistakes or comprmises made by the creator may affect you.
elefante72
join:2010-12-03
East Amherst, NY

1 recommendation

elefante72 to ScamTors

Member

to ScamTors
Huh. That is like saying a person has shades on their window that they must have a meth lab in their living room.

Education on Tor might help...but if you don't have end to end encryption or trackers turned off, well maybe it makes it a little more difficult.

Your logic is even more interesting because P2P which has been branded a pirates haven has many commercial uses and I have seen trials by operators using the technology. And anyone in the know doesn't use P2P either.

Like the folks at the NRA say: Don't blame the gun, blame the user.
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

2 recommendations

ISurfTooMuch to ScamTors

Member

to ScamTors
So am I a criminal because I lock my house and haven't left a key down at the police station with a note inviting them to come in and look around whenever they want?

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

2 recommendations

EUS to ScamTors

Premium Member

to ScamTors
Yeah yeah, and encryption is only used by pedophiles and crooks.
It's shameful to see such comments on a tech site.

ScamTors
@73.160.110.x

ScamTors

Anon

Re: Tor fans scammed

said by EUS:

Yeah yeah, and encryption is only used by pedophiles and crooks.
It's shameful to see such comments on a tech site.

Making absurd arguments is a bad way to dispute something.
»en.wikipedia.org/wiki/Re ··· absurdum

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

2 recommendations

EUS

Premium Member

Re: Tor fans scammed

Good, practice what you preach.
54761437 (banned)
join:2013-01-18
Durham, NC

54761437 (banned) to ScamTors

Member

to ScamTors
said by ScamTors :

said by EUS:

Yeah yeah, and encryption is only used by pedophiles and crooks.
It's shameful to see such comments on a tech site.

Making absurd arguments is a bad way to dispute something.
»en.wikipedia.org/wiki/Re ··· absurdum

Go away, little troll.

Flyonthewall
@206.248.154.x

Flyonthewall

Anon

Re: Tor fans scammed

In other news pencils have been outlawed since you could actually kill someone with one. If you see someone using a pencil report them to your local law office.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK to ScamTors

Premium Member

to ScamTors
You mean like your first post?

Check the mirror.
dfxmatt
join:2007-08-21
Crystal Lake, IL

dfxmatt to ScamTors

Member

to ScamTors
uh, what? People use TOR for whatever they want, not necessarily criminal enterprise.
Expand your moderator at work

SimbaSeven
I Void Warranties
join:2003-03-24
Billings, MT
·StarLink

SimbaSeven

Member

$50 for this?

Heck, I can get the same thing for much less and throw OpenWrt on it.

I've already done this with my WNDR4000 and it works rather well. Heck, I even have it on a crappy WRT110 and a couple WRT160v2 routers. Just had to build it myself, which is ridiculously easy.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

Re: $50 for this?

You can turn any old desktop pc in to a router/firewall/tor appliance in a matter of a couple hours. The computer it self can be had free more often than not.

Any road side desktop computer find can be converted to a router firewall etc etc in a matter of a couple hours max. Hence the free bit.

As for tor and privacy sorry to say but that's fool hardy. The gov may have a harder time tracking you down. But 10k to 1 the nsa cia etc have honey pots all over the planet running tor and capturing crap tons of data on the network. There are plenty of known .onion sites ive seen in reports here and there that are honey pots. Those are ones that have been leaked. there is surely tons more of them that will never be known. It is not hard to capture traffic on tor nor is it hard to fake a bank log in or illegal site log in page using caching proxies like squid.

So people can believe what ever they like but i have serious doubts about just how truely private tor is. I have seen what is possible with a caching proxy in the area of capturing credit card and log in info in a unvencrypted manner. I set up such a thing for testing purps for a game company i worked for in the past. To discover how cc numbers of people were being stolen. I suspected caching proxy was used to let people bypass some restrictions with regards to pre orders i was in the end shown to be right.

SimbaSeven
I Void Warranties
join:2003-03-24
Billings, MT
·StarLink

SimbaSeven

Member

Re: $50 for this?

What I meant was you can do the same on any piece of equipment. Just need a little bit of time and instruction.

As for Tor, I rarely use it. The router has the option, but I rarely enable it. Reason? Tor wasn't built to download tons of data. It's slow.. as.. hell.. freezing.. over. It was meant for light traffic. Now, you have all these uninformed users on the Tor network and you'll see it become a scrambled mess in no time.

"My download of a multi-gigabyte file via Tor is running as fast as dialup". Well, might want to do some research BEFORE you jump on.
rahvin112
join:2002-05-24
Sandy, UT

rahvin112

Member

Re: $50 for this?

The TOR protocol is not designed for light traffic. The protocol does suffer from a weakness, in that the fewer intermediate nodes there are the more traffic must be passed through the ones that do exist and they are only as fast as the link to that node. The more people that run intermediate nodes to support the onion routing, and do so on fast data links with high upload/download the faster the network will be.

TOR unfortunately has far more users than nodes and can be terribly slow if you are in a part of the world with very few nodes. The more numerous and faster the nodes are the better the connection to those nodes but you will always be limited by the slowest node in your route. My experience experimenting with TOR was a moderate speed link, maybe equivalent of a 256k DSL line or so depending on what you are accessing. That is probably because I'm closer in routing to some fast intermediate nodes.

If you want to speed up TOR, help by running a permanent intermediate node.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Re: $50 for this?

its weakness is that you may end up starting at akron ohio to go to a website hosted on a server in the next building on the same isp and end up being routed through some russian network and a network in canada and in cali and in florida and in texas and in south america and new mexico and and and then finally to the server next door. Another weakness is the nodes are normally on pcs on connections that are crap to start on say 1mbit or less dsl with very high latency and some may and in fact are on sat connections. I spent a few hours on tor jumping around and ended up on various sat net providers. In a few tries i ended up with latency in the mid 2 second range with download speeds of way under 1/2 mbit. Tor is in all honesty crap for any use. Ok so you can avoid internet filters but the end result is you still can not get at what you want because the page fails to load or loads so slow it could take you a hour to load the damn thing.
rahvin112
join:2002-05-24
Sandy, UT

rahvin112

Member

Re: $50 for this?

You Just regurgitated what I said in a manner that indicates you have no idea what TOR is or how it works. Onion routing is how it provides anonymity, that routing comes at a cost. Maybe you should go over to wiki and spend some time reading about how it works because you clearly don't understand.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Re: $50 for this?

Actually i very much do understand how this concept works. I also understand that it's supposed anonymity that is far from being all it is cracked up to be. The onion network is chock full of honey pot sites. The entire network is chock full of proxy servers that log every thing set up by the gov and by those who want to harvest information for identity theft. I also understand it is damn easy to set up such a proxy system to do exactly that and when you punch in any information no matter how encrypted i can get that information encrypted to my email inbox and or log file. And the funny bit is while i use to build web sites and code them by hand my experience ends with some bare basic php and html yet i know enough php java etc to edit a cached log in page so that it logs in the user and posts me the log in information.

TOR is trash use it if you want but well when you get screwed over by using it let me say this ahead of time so i don't need to waste time later. i told you so.
Expand your moderator at work
masterbinky
join:2011-01-06
Carlsbad, NM

masterbinky

Member

Truly open?

Use an FPGA and open-source everything. Tada!! Less likely for hidden hardware backdoors