Overwhelming Interest

When I wrote my Anonabox Analysis yesterday evening, I expected perhaps a few comments from a few nerds.  I mostly wrote the analysis because I was curious.  I have spent a huge amount of time on the Cloak firmware, and I am always looking for inspiration and ideas to make it a better product.

What I did not expect was nearly 12000 page views in less than 18 hours and an avalanche of tweets.  Hell, we actually got mentioned on a Twitter Trending site and _that_ is the first time in my life I have been accused of being trendy.

What this does show however is that there is still a huge need for a product like Cloak and the importance of such a product being Open Source, so that the security aspects can be scrutinized by the community.

So far, Cloak is the only product that has actually posted public source code that can be used to build a firmware image from scratch – absolutely NO binaries that could hide potential back doors.  We are also the only ones that have actually ported Tor to OpenWrt and are not relying in an old Tor version from the OpenWrt project that is now dead and unsupported.

Please do comment on our forum if you have any questions regarding Cloak and/or my Anonabox Analysis.

Posted in Cloak, Competitors, Development, Technical, Tor

Government Surveillance

Posted in Anonymity, Encryption, Privacy, Tor

Busted

Lars Boegild Thomsen has dissected Anonabox – it gave up without a fight. For the more technical amongst you, you can skip straight to the gory details here.  The short version is, it doesn’t have any security at all – not even an access password.

It does connect to Tor. Not having any Wi Fi encryption and leaving root access password set to ‘admin’ is about as private as taking a piss in a glass bathroom with your microphone still on.

Dig the chutzpah

Scamming the public for 80 thousand dollars under cover of a “no guarantees” Indiegogo crowdfunding project and then selling the company has a bit of derring do about it. I like August Germar – he wrote to me personally and offered to buy me a beer if I’m ever in Chico – so I’m going to defend him.

We think he’s just honestly and utterly incompetent.

4,000 site hits in 6 hours

This is getting a lot of attention – at Reclaim Your Privacy we’re considering a Cloak resurrection for Easter.

We’ll be happy to answer any questions  in our forum.

Posted in Cloak, Privacy, Security, Tor

Anonymity Issue Fixed

Yesterday, Steve Lord (@stevelord on twitter) did a screen cast, where he was essentially dissecting the Cloak firmware.  I was fully aware of his intentions and had in fact provided him with a firmware copy myself.  I thoroughly enjoy being examined in this way as I do not believe in security by obscurity.

Overall I think we came out quite nicely.  Steve did however point out one issue related to Cloak allowing access to .onion addresses even when clients are connected to the Open network.  Originally I implemented this (which consisted of one network forward and one DNS forward) just because it was a damn cool thing.  However, Steve Lord is of course absolutely right, from an anonymity perspective it was a really stupid “feature”.  What can happen is that a web page on a hidden service can reference an image or a script on an open net server and your anonymity is shot to pieces.

I have of course immediately updated the source on Github and removed this issue.

Thanks to Steve for pointing this out.

Posted in Development, Security, Technical

In a shop near you soon

MatterOfTIme

Thanks to all of you who backed this project.

Kickstarter hasn’t produced the cash we needed to manufacture Cloak just yet. As long as governments and corporations conspire to confound private attempts to maintain the legitimate confidentiality of business, legal and personal communication, a market for purpose built consumer privacy hardware will grow. We have no doubt that Tor Hardaware Routers will be available off the shelf soon.

We discovered that a new market, still haunted by snake oil purveyors with walking wounded integrity is a very hard place to do business. We think the public have simply been scared away for now – they will be back, and like true professionals, we actually prefer informed and properly skeptical customers.

The team are proud to have come out of this without any serious technical objections to our work. Kudos particularly to Lars Bøgild Thomsen and Niclas Hedhman whose foreknowledge of the depth and range of technical concerns and opportunities showed extraordinary prescience. They are nobody’s fools and Bright Things’ reputation is enhanced by this exercise.

The substantial engineering effort put into Cloak does not go on the scrap heap. Our firmware implementation is published and remains the property of the commons. We will continue to develop and use it where it’s relevant to our future planned projects.

From a hardware point of view, Bright Things’ offer to manufacture Cloak or similar specified alternates remains open. We are constrained by the need to finance minimum economic component order volumes in the context of specific tooling costs.

If you would like future updates on Cloak and other interesting technologies we are cooking up in the workshop, please sign up for our newsletter .

Thanks again,

Adrian

Posted in Cloak, News

Dear Theresa

Big Sister

I read about your plans to make Internet Service Providers record user IP addresses http://www.bbc.co.uk/news/uk-politics-30166477

It’s easy to collect the data you want, but expensive to store and keep secure. It’s very powerful because it provides geolocated identification – it’s worth a fortune to an advertiser and it’s really hard to catch clever crooks who – as they inevitably will – figure out a way to copy and sell it.

Internet Service Providers face a cost with no (honest) benefit and the prospect of public censure for loss or misuse of sensitive data. Criminals will see new resource they want to exploit and advertisers will try to make it legal to do so.

It will make everybody more vulnerable to all manner of sinister deviance. Modern data correlation techniques offer frightening power to scientifically select vulnerable targets.

From an engineers viewpoint, what you are doing considerably increases the risk of personal security breaches. You are vague about the benefits on the grounds of national security. That doesn’t relive you of your responsibility to the public interest. You need to canvas the opinion of data security experts and encourage public debate to inform estimates of the potential cost of unintended consequences.

The cost for an ordinary non technical internet user to prevent their ISP logging them will be about 35 pounds. https://www.kickstarter.com/projects/1227374637/cloak

It’s so cheap and easy to defeat the tactic you propose that it really is of very questionable crime fighting value.

Posted in Cloak, Legal, News, Privacy, Security

Cloak on the Radio

bfm-logo

Cloak was discussion on BFM 89.9 in Malaysia today. For those that missed the original broadcast, BFM have made a Podcast available.

http://www.bfm.my/tech-talk-cloak-tor-router.html

Posted in Cloak, News, Tor

Pew reasearch – Americans want more privacy

wordCLoud

This survey by Pew shows how Americans view the state of privacy in their country – “not positively” is a fair summary. According to the survey, the majority Americans would like to do more to protect themselves, but don’t think it’s easy. The good news for them is, Cloak makes it much easier.

KickstarterButton

http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/

Posted in Anonymity, Cloak, News, Privacy, Security

Businessmen targeted by data thieves

The business insider reports that traveling business executives are being actively targeted by criminals in their hotel rooms.

More evidence that you need to protect your own business – public networks simply can’t be trusted with confidential information. Cloak is a practical way for IT professionals to protect executive communications. By providing .onion access to corporate web services, strong resistance to even sophisticated exit node sniffing attacks is achieved.

http://www.businessinsider.com/r-execs-in-asian-luxury-hotels-fall-prey-to-cyber-espionage-study-2014-11

KickstarterButton

 

Posted in Cloak, News, Privacy, Security

We’ve dropped a gauntlet

Steve Lord, security pro and co founder of 44Con reports on the apparent scam called Anonabox. It’s been booted from Kickstarter but is now back up on Indiegogo and taking peoples money. Steve wrote, “Adrian Wade of the Cloak project offered to “stump up the $51 he’s asking for and publicly offer him a debate”

I can confirm that we have done this. Here’s a screen dump, just in case he tries to kick the gauntlet under the rug instead of picking it up.

debateOffer

Steve’s full article is here

KickstarterButton

 

Posted in Cloak, News