Why Design our own Hardware?

Some people have asked, and more will probably ask, why on earth we bother designing our own hardware for the Cloak.  I will try to answer that question in this post.  Be warned, this will get rather technical.

First of all, electronics manufacture is the business we are in.  Most of the group of people involved in Cloak work at Bright Things UN Ltd., a company producing hardware and software design for the Internet of Things.  In reality if we had been involved in something else we probably would never have thought of Cloak and this would not have happened.  That was the emotional response, now let’s look at realities.

I guess the first question would be: “Why bother with hardware at all when a good software solution exists?”  Well, on a typical day, on my home network, I probably have around 10-12 devices connected to my Wi-Fi network.  There are 2-3 laptops, a handful of phones, a couple of tablets, a couple of media players and a few things I have forgotten about right now.  If I wanted all of these anonymised through Tor, managing the software installs would be quite a handful and a few devices would probably be unable to support Tor (my media player definitely and probably a phone or two).  Second, while it is not overly complicated to install the Tor browser bundle I know plenty of people for which that would be quite a daunting task.  I wouldn’t ask my parents to try and install Tor.  All these issues seem to justify putting up a Tor gateway through which all traffic is forced (and yes – I know the objections against that idea, I deal with those in another post).

Next question would then be: “Why not just buy some off-the-shelf hardware and install Tor on that?”  That is indeed possible if one is technically inclined.  Google around, and there are plenty of guides explaining how to get Tor up and running on a Rasberry Pi or any of the loads of Allwinner based mini computers out there (Cubieboard, CubieTruck, PcDuino etc.)  For someone, with the necessary technical skills (typical solid understanding of UNIX/Linux, solid understanding of networking and firewall configuration), all that would be required would be to find an appropriate platform (which would typically cost around $100), figure out how to get Tor on that device and tweak Linux kernel firewall tables for a few hours (or days?) until things were working.

It would also be entirely possible to get Tor up and running on a smaller and cheaper device.  Tor has been included in OpenWrt since as far as I can remember.  So this approach would be a matter of finding a router/access point that is supported by OpenWrt, get the OpenWrt source, configure the build system and build an appropriate firmware image for that specific router.

There are a few catches however!

First of all while building OpenWrt is relatively simple and straight forward, it does require certain knowledge and certain skills and it would be well outside the realm of possibility for “most” people.

Secondly, forget about the cheap low cost routers.  I have seen tons of people suggesting building Tor for the real low end routers such as the TP-Link MR3020 (or Chinese equivalents).  Well, forget it – it simply isn’t possible (unless hardware modifications are made to those routers or external flash memory is somehow attached).  A basic bare bone OpenWrt build – minus the Luci web-based GUI takes around 3 MB of storage (let’s say 3.5 MB including Luci).  Tor takes around 1 – 1.5 MB and that relies on OpenSSL which will take another 1.5 – 2 MB.  Starting up OpenWrt with Tor will take around 32 MB RAM – at least.  Most of the low-end router appliances are equipped with 4 MB Flash (for example the before mentioned MR3020) and either 16 or 32 MB of RAM.

The excellent Dragino

The excellent Dragino

In order to get an off-the-shelf router appliance with 16 MB Flash and 64 MB RAM (the Dragino shown here wouldn’t be a bad choice – in fact it is so good it is the one we are using for software development), one would have to aim for the relatively high-end – for example TP-Link WDR3600. While these are still relatively cheap, we are probably talking around $60 – $80 or more for a reasonable device and it would be quite big.

The final problem using off-the-shelf hardware is one of manufacturing.  Even when having a ready build image, unpacking 1000 routers, flashing new firmware on them, repacking them, label the boxes and ship the routers would be a complicated logistical problem.  When building our own hardware, flashing the software becomes part of the production process (actually it will flashed by the test rig as part of the test procedure).

In conclusion, if you want to build your own Tor gateway you will need to possess quite a lot of technical insight, you need quite a lot of free time and unless you happen to have some suitable hardware lying around, you will be looking at around $50 – $100 for some suitable router appliance.

As mentioned earlier (and in another post), we have been building various Internet of Things modules for a while.  We know that it is possible to produce a tailor made Tor hardware appliance for a sales price of around $50 – provided (and this is important!) enough volume is achieved.  Manufacturing hardware is expensive to get going due to the associated start up costs – once production is going unit costs drop dramatically as volume is increased.

I am Lars from Bright Things UN Ltd.. I am responsible for maintaining the Cloak firmware. My profile on .

Posted in Cloak, Hardware, Technical
4 comments on “Why Design our own Hardware?
  1. Fake girl who is actually a dog but likes giraffes and only exists on the internet says:

    I hope the onboard RAM/Flash is enough that end-users can also choose to host their own Exit Nodes or Bridges or Services. The added USB port could also be an external storage. I hope it comes with tor-arm (tor monitor), openvpn, ssh, reverse-ssh as optional services.

    OnionShare (github) would be a must have, If you guys could add a WebUI or a onboot, launcher that generates a unique onion address for the attached USB Drive. Then users could also leak or share or send files anonymously, or maybe an entire subfolder. There is all kinds of neat ideas a small hardware appliance could do.

    • Fake girl who is actually a dog but likes giraffes and only exists on the internet says:

      of course if the drive is remove or replaced, the PubKeys/PrivKeys for the drive should leave with it so that, So that each new drive has its own identity, this would also make Onion domains sort of hot swappable. You could also take the domain down when you are leaving the device unattended. So no one fiddles with your site while you are away from it, for example when you are off stealing diamonds and they bug your hotel room and copy your PrivKey, and take over your onion site or something equally scandalous.

    • Sorry, relays (exit or non-exit) is simply not possible in a device such as this. We have been quite clear about that. Also consider the typical use case, which would be connected behind an existing NAT router. In that case it would require quite a lot of technical skill to configure that nat router to route certain ports to the Cloak. However, hidden service with files on USB stick – that is highly possible 🙂 I’ll have a look at the OnionShare – it really depends on what language it is implemented in. OpenVpn is possible. I will not promise it will be there by default but it would be easy to build an alternative firmware including it. Ssh is included by default.

    • I really appreciate all these suggestions, but might be better on the Tor mailing list (tor-talk) at the moment – would get more input from other users.

Leave a Reply