Anonabox Accused of Lying About Its Product Being Open-Source On Kickstarter 72
blottsie writes The "anonabox" has raised more than $550,000 on Kickstarter in only three days. But some believe the company's claims that the router-like device, which is said to automatically route users' Internet traffic through Tor, is entirely open-source are false. Anonabox developer August Germar tells the Daily Dot, however, that the device was commissioned specifically to run their code.
A simple link to the code? (Score:3, Insightful)
Surely that would settle this silly dispute. Either the code is there, or it is not.
Re:A simple link to the code? (Score:5, Informative)
The issue doesnt seem to be the code.
People are claiming that the hardware is just a re-flashed existing micro router, eg here - http://www.aliexpress.com/item... [aliexpress.com]
Anonabox claim they custom designed the hardware, other are claiming it doesnt seem so, mostly it seems like it a moot point if it's cheap and offers the functionality specified.
Agreed on the moot point (Score:1)
If the code is freely available and anyone who wishes to can flash their devices with it there really isn't an issue here.
Re: (Score:2)
wouldn't know about that before they ship, not under obligation to give gpl code before giving product having said code.
however, it might be unlikely for them to even have the board drivers etc to distribute as open source?
Re: (Score:3)
Only half of the code has been released so far. This is supposed to be an open source software and hardware project and not a single schematic or Gerber file has been released so far.
Re: (Score:3)
An open source router has open source software/firmware and hardware. You can't claim that with an off-the-shelf hardware, unless that hardware was open-source to start with.
Re: (Score:3)
Update 9:15am 10/15/2014: As the Anonabox Kickstarter campaign has exploded to half a million dollars in just over two days (despite its initial goal of only $7,500) some critics on Reddit have called attention to Germar’s misrepresentation of the “custom” hardware board and plastic case used for the device. They point to stock devices available on Alibaba from Chinese suppliers that appear to be nearly identical. This piece has been corrected from an earlier version that included his claims that both the board and case were custom-built for the project.
In a followup phone call with Germar, he clarified that the router was created from a stock board sourced from the Chinese supplier Gainstrong. But he says that the project’s developers requested Gainstrong add flash memory to the board to better accommodate Tor’s storage demands. Germar also says now that the case was supplied by Gainstrong and was not custom-designed by the Anonabox developers, a partial reversal of how he initially described it to WIRED.
This is only after their ridiculous claim that the chinese seemed to have copied "their" design was shown to be false.
Deceptive marketing? Definitely. Open-source hardware? Definitely not. Liars? Heck, yes. Scam? You betcha!
Re: (Score:2)
Re: (Score:1)
>mostly it seems like it a moot point if it's cheap and offers the functionality specified
I disagree, if the hardware is open source or not is neither here or there but trust in the company providing the product is important and it looks like Anonabox have lost trust.
Re: (Score:1)
Anonabox claim they custom designed the hardware, other are claiming it doesnt seem so, mostly it seems like it a moot point if it's cheap and offers the functionality specified.
Warren Buffet once said "You can't make a good deal with a bad person".
If they are proven to have lied, even if in a small detail inconsequential to me, it's enough for me to distrust their character and put me off the business altogether -- who's to say they didn't also lie in more important things?
Especially considering that this is Kickstarter we're talking about, not a standard commercial transaction.
That's *if* they are proven to have lied. As far as I can see the jury's still out, so we should also av
Re:A simple link to the code? (Score:5, Insightful)
No, I'm sorry, but if the vendor of a privacy product lies about how the product was developed, why would you trust them? The first thing you buy with a product like this is trust.
Re: (Score:3, Informative)
Here's the internal board view from their own site [anonabox.com].
You can clearly see unsoldered pins for USB port and "WT3020-V1.0 2014-01-18" inscription on the board.
Re: (Score:2)
In a followup phone call with Germar, he clarified that the router was created from a stock board sourced from the Chinese supplier Gainstrong. But he says that the project’s developers requested Gainstrong add flash memory to the board to better accommodate Tor’s storage demands. Germar also says now that the case was supplied by Gainstrong and was not custom-designed by the Anonabox developers.
The larger amount of memory just means they switched from one existing design with smaller memory to another existing design with more memory. Gainstrong didn't have to even put in a custom order - just changed the part number.
Maybe slashdot can invite these guys to do an Ask Slashdot - like Florian Mueller :-)
Yawn (Score:1)
Anyone who contributes money to a Kickstarter project deserves what they get.
(And I have been sucked in the past, so I know how easy it is).
Wait until the product is on the shelf, and then buy it. If it's really that great, it will get made.
Comment removed (Score:5, Insightful)
Re:Yawn (Score:5, Insightful)
Nope, it means you were lucky!
Re: (Score:2)
Or maybe just smart. He picked a project that showed a realistic chance of being completed.
I'm 2/2 so far as well. I backed PluggyLock and received my hardware, which works well, last week. I also backed Road Redemption, and am currently enjoying the beta. It's actually really nice to be involved in the development of the game.
Re: (Score:3)
Or maybe just smart. He picked a project that showed a realistic chance of being completed.
Yep. I'm 6/6 so far - all of them turned out as well or better than I expected. I dunno why anyone would think there's much "luck" involved with picking Kickstarter projects.
Re: (Score:2)
> Nope, it means you were lucky!
Crap. Yes evaluate the projects first. Do a little internal math and check if the company has asked for enough to complete the project. Do they appear to have the skill set required to get the project out the door? Have they lied in the project description?
I've backed a few projects on Kickstarter (and alikes). I've got some fantastic big name games and cool indy games and the warm glow of knowing I helped them on their way.
Its a risk but a risk but one you can do derisk q
Re: (Score:2)
I've had a few failures (Kreyos and the Neal Stephenson sword game) but the rest of about two dozen have given me exactly what they promised and I got some really nice items.
Re: (Score:2)
No, it means you have questionable taste in Shadowrun games. I backed Shadowrun Returns and regret it. What kind of Shadowrun game lets you hire a decker for a run...then says, only the main character can hack anything, to maintain game balance?
Re: (Score:2)
Re: (Score:3)
I would think about it as an investment. You may get a return, you may not. If nobody backs that game, it will never come to market and in some cases there is no alternative that you could buy. Backing "me too" project of course is stupid... You just have to evaluate the project and team and see if they are likely to deliver.
Re:Yawn (Score:4, Interesting)
3 delivered more or less on time
1 is on track for timely delivery
1 ran into technical and organisational issues, but they've turned those around and it looks like they will deliver the product after all, if a bit late. Their campaign was overfunded so they didn't run out of cash.
1 underestimated organisational difficulties (such as obtaining product certification in different regions) and ran out of money. A good many backers did receive their goods and they still think they can fulfil all pledges, but I'm not holding my breath.
1 I've given up on.
Not too bad a track record. Of course it's easy enough to let others fund these kickstarter projects and let them take the risk, but where's the fun in that? As long as you understand the risk, I don't see why one shouldn't fund these projects that might otherwise not see the light of day.
Re: (Score:2)
Re:Yawn (Score:5, Funny)
And then they should continue on to destroy the month and the year.
Re: (Score:2)
Re: (Score:3)
An autographed poster and a download and Blu-Ray of a movie? That's what I got the only time I contributed to a kickstarter, and am happy with the deal. You might want to find a narrower brush.
Comment removed (Score:3)
invention vs. product (Score:5, Interesting)
well.. from the looks of it..
the question should be to ask do they understand the difference between an INVENTION and a product.
clearly they had read about the invention way before and just hashed together a product. they don't seem to have clear understanding of how the product works.
basically they're just selling a 20$ box for 50$. which isn't too bad. but if they don't understand the product, why the fuck trust with them running it, instead of running tor on your laptop? or better yet, running something like tails on the laptop.. the tor wont help if the os on the laptop is the problem - and how they can vouch for the closed source drivers on the board? and if it's not their board, I doubt it's theirs to give away as "open hardware" either. it seems like it's open in the sense that they used whatever was openly available to them...
I think they just saw the project on hackaday, asked around for some boards and smelled money and wanted the money upfront from the customers to negate risks - and then did some bullshit to sell it. now that bullshit could technically be in violation of kickstarter rules, so they might have to move to indiegogo and spin up some more bullshit why they moved("big brother forced us to!" most probably).
Re: (Score:1)
This anonymizer works primarily against local adversaries. The target sites, and $deity forbid tor exit nodes, can deanonymize the traffic quite easily. In addition, it may not be plug & play in all regimes, as exemplified by the chinese tor blocks, which require manual bridge configuration.
I would also be concerned about life cycle management of such a box. Although, they could offer updates from a hidden service quite easily, as an unattended service it might cause some trust issues. Also, seeing how
Re: (Score:1)
With open WiFi by default (!), sshd allowing root login (!!) and a pre-set fixed root password (!!!), I don't see how it'd work against local adversaries.
Local adversaries in the TOR adversary model sense, and that would of course be in the best case. Just saying that the device is practically just a L3 anonymizer VPN, but even that could be enough for some cases. This is assuming that they do not MITM HTTPS connections, or scrub even the plain HTTP, which I doubt.
Re:I posted a question (Score:5, Informative)
Someone else put together a handy picture highlighting a number of the errors present in just the description of the product:
https://twitter.com/Sc00bzT/st... [twitter.com]
Some of them seem to be worth a laugh.
Re: (Score:2)
well with facebook, gmail and other https sites.. the problem is really someone doing a man in the middle on the traffic outgoing from the tor exit point.
basically it just moves the point where the MITM might hapen, but, say, if you're in china then you might want to move that point to be outside of china.
Not the only problem (Score:5, Interesting)
Re: (Score:2)
That's too harsh. I've pledged a lot of kickstarters, for things that I would like to see happen. But I'm selective -- I have enough experience as an engineer that I can sniff out the BS and avoid projects that are run by the clueless (there are a lot of those) and by the scammers (a few do exist). So far I've never had to suffer anything other than late delivery. But then again, I've suffered late delivery from people that worked for me also, so there ya go. I might even admit to being late on hardwa
Re:Not the only problem (Score:4, Informative)
This "knockoff of a tp-link router" really needs to stop. It is not true. Some guy wrote it on Reddit and it's been repeated all over the place since. This isn't Reddit now, is it?
If you're going to argue that someone isn't being honest, at least try to be honest yourself.
The mentioned model, a TP-Link MR-3020, is a single ethernet port Atheros chipset device.
The router used in the campaign is a Nexx WT3020A, which is a 2-port Ralink chipset device.
Just because something looks similar, and something about it was said on the internet and repeated all over the place a bunch of times, doesn't make it true. But it does seem to make it here eventually.
Re: (Score:2)
On top of that after looking through the firmware they've found that it's not custom software, but a badly configured OpenWRT build with a standard root password (set to "developer!"), an unsecured wifi ssid and sshd installed and running by default!
Interesting. Maybe "open-source", in the context that they meant it, means that all the users' private data should be open-source, rather than anything about the hardware or software.
Sounds Like Ouya (Score:1)
His attitude about custom firmware was shocking as well:
I'm keeping a track of how many requests we get relating custom firmware, and from what I'm seeing the user base is not as interested in custom firmware as you might think, which is echoed by this thread (we've shipped 60,000+ units, and less than 10 people have commented in the last month in this thread about getting access to recovery mode).That doesn't mean that we're shooting the idea down, you need to keep in mind that in terms of priorities this is way down the list as you'd expect from any feature where it's being requested by less than one tenth of one percent of the user-base.
It really floored me to read this, given the kickstarter page's promises of hackability. Anyone with a reflashable phone (or any pretty much any other Android device whatsoever capable of using custom ROMS) knows that a real recovery mo
Time to do some real hacking ... (Score:1)
get out the soldering iron! :P
Total Scam (Score:1)
This reddit thread has more info:
https://www.reddit.com/r/privacy/comments/2j9caq/anonabox_tor_router_box_is_false_representation/
Summary of problem (Score:1)
The issue people have is:
- he claims they have spent lots of effort developing four generations of custom hardware for this thing and that they need the kickstarter money to put it into production.
- the reality is they are buying a cheap existing router from China, adding a big markup and a modified build of open wrt, and making a really good profit from the thing.
This is really misleading and abuses people's sympathy for hardware startups. He is not a hardware startup, he is an importer and that deception
Insecure (Score:4, Insightful)
Even if everything on it is properly implemented, which is doubtful, the device will be completely insecure for ordinary, non-expert users. To use Tor securely, the endpoint communication software must be properly anonymized, Java and Javascript disabled, etc. Use Tails or Tor browser bundle on an encrypted home partition of a well-patched system instead.
Onion Pi? (Score:2)
I don't see what problem this solves that the Onion Pi doesn't solve?
Re: (Score:3)
The problem that the Onion Pi is not granny-friendly. The problem that the Onion Pi needs to be assembled and requires RP Linux knowledge to set up in the first place.
Some people want the challenge of making the device, others just want to plug it in and go. That's where this comes into play.
Re: (Score:2)
Yes, because pre-configured SD cards don't exist. It's *really* tough.
Everything has some level of configuration, if you've ever used an onion pi, the tutorials and walk-thrus are as granny friendly as the tutorials or walk-thrus to set up any router, really.
It's still just branding (Score:2)
Will fail, but will kick off something greater (Score:1)
* openwrt capable mini-routers are very cheap, i use multiple WR703N for tinkering
* there are many firmware generators out there that should it make simple to create an tor-capable image
We will see an firmware-image that you can directly flash from the vendors webinterface and that turns your router into an tor-client.
Comes pre-backdoored by the NSA (Score:2)
This is horrifying - how gullible do you have to be to back and trust this? It's such a big fat juicy target for the NSA (or FBI or Russian hackers or any other group of
miscreants). It's a 'spy on me!' box for the people they most want to spy on. If they have the full help of the company then they can add cheap hardware to the build so that even if you completely wipe and reflash the main partition their stuff still runs. Even if the company were legit, all you need is one guy or one pwned computer inside i
anonabox Kickstarter SUSPENDED (Score:2)
I was just notified by email that the anonabox Kickstarter project has been suspended by Kickstarter for violating their TOS.
All funding has stopped and backers will not be charged for their pledges, according to the message.
A sad result, but you have to credit Kickstarter for their actions.