Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Open Source The Almighty Buck

Anonabox Accused of Lying About Its Product Being Open-Source On Kickstarter 72

blottsie writes The "anonabox" has raised more than $550,000 on Kickstarter in only three days. But some believe the company's claims that the router-like device, which is said to automatically route users' Internet traffic through Tor, is entirely open-source are false. Anonabox developer August Germar tells the Daily Dot, however, that the device was commissioned specifically to run their code.
This discussion has been archived. No new comments can be posted.

Anonabox Accused of Lying About Its Product Being Open-Source On Kickstarter

Comments Filter:
  • by EzInKy ( 115248 ) on Wednesday October 15, 2014 @11:58PM (#48156791)

    Surely that would settle this silly dispute. Either the code is there, or it is not.

    • by aXis100 ( 690904 ) on Thursday October 16, 2014 @12:10AM (#48156833)

      The issue doesnt seem to be the code.

      People are claiming that the hardware is just a re-flashed existing micro router, eg here - http://www.aliexpress.com/item... [aliexpress.com]

      Anonabox claim they custom designed the hardware, other are claiming it doesnt seem so, mostly it seems like it a moot point if it's cheap and offers the functionality specified.

      • If the code is freely available and anyone who wishes to can flash their devices with it there really isn't an issue here.

        • by gl4ss ( 559668 )

          wouldn't know about that before they ship, not under obligation to give gpl code before giving product having said code.

          however, it might be unlikely for them to even have the board drivers etc to distribute as open source?

        • Only half of the code has been released so far. This is supposed to be an open source software and hardware project and not a single schematic or Gerber file has been released so far.

        • by tibit ( 1762298 )

          An open source router has open source software/firmware and hardware. You can't claim that with an off-the-shelf hardware, unless that hardware was open-source to start with.

          • After claiming that the board and case were their own design, and showing pictures that were photoshopped to hide the logo, they now admit that they bought off-the-shelf hardware and case from a chinese supplier [wired.com]:

            Update 9:15am 10/15/2014: As the Anonabox Kickstarter campaign has exploded to half a million dollars in just over two days (despite its initial goal of only $7,500) some critics on Reddit have called attention to Germar’s misrepresentation of the “custom” hardware board and plastic case used for the device. They point to stock devices available on Alibaba from Chinese suppliers that appear to be nearly identical. This piece has been corrected from an earlier version that included his claims that both the board and case were custom-built for the project.

            In a followup phone call with Germar, he clarified that the router was created from a stock board sourced from the Chinese supplier Gainstrong. But he says that the project’s developers requested Gainstrong add flash memory to the board to better accommodate Tor’s storage demands. Germar also says now that the case was supplied by Gainstrong and was not custom-designed by the Anonabox developers, a partial reversal of how he initially described it to WIRED.

            This is only after their ridiculous claim that the chinese seemed to have copied "their" design was shown to be false.

            Deceptive marketing? Definitely. Open-source hardware? Definitely not. Liars? Heck, yes. Scam? You betcha!

        • The code is DDWRT, which is already free.
      • by mlk ( 18543 )

        >mostly it seems like it a moot point if it's cheap and offers the functionality specified

        I disagree, if the hardware is open source or not is neither here or there but trust in the company providing the product is important and it looks like Anonabox have lost trust.

      • by Anonymous Coward

        Anonabox claim they custom designed the hardware, other are claiming it doesnt seem so, mostly it seems like it a moot point if it's cheap and offers the functionality specified.

        Warren Buffet once said "You can't make a good deal with a bad person".
        If they are proven to have lied, even if in a small detail inconsequential to me, it's enough for me to distrust their character and put me off the business altogether -- who's to say they didn't also lie in more important things?
        Especially considering that this is Kickstarter we're talking about, not a standard commercial transaction.

        That's *if* they are proven to have lied. As far as I can see the jury's still out, so we should also av

      • by pegr ( 46683 ) on Thursday October 16, 2014 @07:33AM (#48157867) Homepage Journal

        No, I'm sorry, but if the vendor of a privacy product lies about how the product was developed, why would you trust them? The first thing you buy with a product like this is trust.

  • by opusman ( 33143 )

    Anyone who contributes money to a Kickstarter project deserves what they get.

    (And I have been sucked in the past, so I know how easy it is).

    Wait until the product is on the shelf, and then buy it. If it's really that great, it will get made.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Thursday October 16, 2014 @12:10AM (#48156837)
      Comment removed based on user account deletion
      • Re:Yawn (Score:5, Insightful)

        by opusman ( 33143 ) on Thursday October 16, 2014 @12:15AM (#48156849) Homepage

        Nope, it means you were lucky!

        • by AmiMoJo ( 196126 ) *

          Or maybe just smart. He picked a project that showed a realistic chance of being completed.

          I'm 2/2 so far as well. I backed PluggyLock and received my hardware, which works well, last week. I also backed Road Redemption, and am currently enjoying the beta. It's actually really nice to be involved in the development of the game.

          • Or maybe just smart. He picked a project that showed a realistic chance of being completed.

            Yep. I'm 6/6 so far - all of them turned out as well or better than I expected. I dunno why anyone would think there's much "luck" involved with picking Kickstarter projects.

        • by mlk ( 18543 )

          > Nope, it means you were lucky!

          Crap. Yes evaluate the projects first. Do a little internal math and check if the company has asked for enough to complete the project. Do they appear to have the skill set required to get the project out the door? Have they lied in the project description?

          I've backed a few projects on Kickstarter (and alikes). I've got some fantastic big name games and cool indy games and the warm glow of knowing I helped them on their way.
          Its a risk but a risk but one you can do derisk q

          • by Enry ( 630 )

            I've had a few failures (Kreyos and the Neal Stephenson sword game) but the rest of about two dozen have given me exactly what they promised and I got some really nice items.

      • by Sowelu ( 713889 )

        No, it means you have questionable taste in Shadowrun games. I backed Shadowrun Returns and regret it. What kind of Shadowrun game lets you hire a decker for a run...then says, only the main character can hack anything, to maintain game balance?

    • by rioki ( 1328185 )

      I would think about it as an investment. You may get a return, you may not. If nobody backs that game, it will never come to market and in some cases there is no alternative that you could buy. Backing "me too" project of course is stupid... You just have to evaluate the project and team and see if they are likely to deliver.

    • Re:Yawn (Score:4, Interesting)

      by JaredOfEuropa ( 526365 ) on Thursday October 16, 2014 @03:26AM (#48157267) Journal
      I've mostly backed stuff that looked like it would not get created by regular companies. Most of this was in the area of Home Automation; a niche market, which means that even for great products the economics may simply not work out. Start-ups as well as existing companies can take some of the gamble out of that equation through crowdsourcing. I've backed 7 projects thus far:
      3 delivered more or less on time
      1 is on track for timely delivery
      1 ran into technical and organisational issues, but they've turned those around and it looks like they will deliver the product after all, if a bit late. Their campaign was overfunded so they didn't run out of cash.
      1 underestimated organisational difficulties (such as obtaining product certification in different regions) and ran out of money. A good many backers did receive their goods and they still think they can fulfil all pledges, but I'm not holding my breath.
      1 I've given up on.
      Not too bad a track record. Of course it's easy enough to let others fund these kickstarter projects and let them take the risk, but where's the fun in that? As long as you understand the risk, I don't see why one shouldn't fund these projects that might otherwise not see the light of day.
    • by radl33t ( 900691 )
      I also agree that anyone who makes a mistake, error in judgement, or relies on good faith in a negotiation deserves whatever bad happens to them. Trust is for losers. And it is the duty of the strong to destroy the week.
    • >Anyone who contributes money to a Kickstarter project deserves what they get.

      An autographed poster and a download and Blu-Ray of a movie? That's what I got the only time I contributed to a kickstarter, and am happy with the deal. You might want to find a narrower brush.
  • by account_deleted ( 4530225 ) on Thursday October 16, 2014 @12:04AM (#48156813)
    Comment removed based on user account deletion
    • by gl4ss ( 559668 ) on Thursday October 16, 2014 @12:19AM (#48156859) Homepage Journal

      well.. from the looks of it..

      the question should be to ask do they understand the difference between an INVENTION and a product.

      clearly they had read about the invention way before and just hashed together a product. they don't seem to have clear understanding of how the product works.

      basically they're just selling a 20$ box for 50$. which isn't too bad. but if they don't understand the product, why the fuck trust with them running it, instead of running tor on your laptop? or better yet, running something like tails on the laptop.. the tor wont help if the os on the laptop is the problem - and how they can vouch for the closed source drivers on the board? and if it's not their board, I doubt it's theirs to give away as "open hardware" either. it seems like it's open in the sense that they used whatever was openly available to them...

      I think they just saw the project on hackaday, asked around for some boards and smelled money and wanted the money upfront from the customers to negate risks - and then did some bullshit to sell it. now that bullshit could technically be in violation of kickstarter rules, so they might have to move to indiegogo and spin up some more bullshit why they moved("big brother forced us to!" most probably).

    • This anonymizer works primarily against local adversaries. The target sites, and $deity forbid tor exit nodes, can deanonymize the traffic quite easily. In addition, it may not be plug & play in all regimes, as exemplified by the chinese tor blocks, which require manual bridge configuration.

      I would also be concerned about life cycle management of such a box. Although, they could offer updates from a hidden service quite easily, as an unattended service it might cause some trust issues. Also, seeing how

    • by Anubis IV ( 1279820 ) on Thursday October 16, 2014 @01:17AM (#48156969)

      Someone else put together a handy picture highlighting a number of the errors present in just the description of the product:

      https://twitter.com/Sc00bzT/st... [twitter.com]

      Some of them seem to be worth a laugh.

  • Not the only problem (Score:5, Interesting)

    by EthanV2 ( 1211444 ) on Thursday October 16, 2014 @12:05AM (#48156815) Homepage
    the problem isn't just the fact that the code and hardware isn't open-source, it's the fact that the developers openly lied on their Kickstarter campaign. Not only is the hardware not open-source but it wasn't even designed by them, it's a cheap Chinese knockoff of a tp-link 3G router! On top of that after looking through the firmware they've found that it's not custom software, but a badly configured OpenWRT build with a standard root password (set to "developer!"), an unsecured wifi ssid and sshd installed and running by default! The scale to which these jokers have deceived their backers is ridiculous, and this Kickstarter needs shutting down.
    • by Anonymous Coward on Thursday October 16, 2014 @01:49AM (#48157041)

      This "knockoff of a tp-link router" really needs to stop. It is not true. Some guy wrote it on Reddit and it's been repeated all over the place since. This isn't Reddit now, is it?

      If you're going to argue that someone isn't being honest, at least try to be honest yourself.

      The mentioned model, a TP-Link MR-3020, is a single ethernet port Atheros chipset device.

      The router used in the campaign is a Nexx WT3020A, which is a 2-port Ralink chipset device.

      Just because something looks similar, and something about it was said on the internet and repeated all over the place a bunch of times, doesn't make it true. But it does seem to make it here eventually.

    • On top of that after looking through the firmware they've found that it's not custom software, but a badly configured OpenWRT build with a standard root password (set to "developer!"), an unsecured wifi ssid and sshd installed and running by default!

      Interesting. Maybe "open-source", in the context that they meant it, means that all the users' private data should be open-source, rather than anything about the hardware or software.

  • Ouya explicitly promised "Hackers Welcome" in their Kickstarter. A week before its launch I witnessed an Ouya engineer (Al Sutton) berating and insulting the customers who were shocked it didn't have a recovery mode.

    His attitude about custom firmware was shocking as well:

    I'm keeping a track of how many requests we get relating custom firmware, and from what I'm seeing the user base is not as interested in custom firmware as you might think, which is echoed by this thread (we've shipped 60,000+ units, and less than 10 people have commented in the last month in this thread about getting access to recovery mode).That doesn't mean that we're shooting the idea down, you need to keep in mind that in terms of priorities this is way down the list as you'd expect from any feature where it's being requested by less than one tenth of one percent of the user-base.

    It really floored me to read this, given the kickstarter page's promises of hackability. Anyone with a reflashable phone (or any pretty much any other Android device whatsoever capable of using custom ROMS) knows that a real recovery mo

  • by Anonymous Coward

    This reddit thread has more info:
    https://www.reddit.com/r/privacy/comments/2j9caq/anonabox_tor_router_box_is_false_representation/

  • by Anonymous Coward

    The issue people have is:
    - he claims they have spent lots of effort developing four generations of custom hardware for this thing and that they need the kickstarter money to put it into production.

    - the reality is they are buying a cheap existing router from China, adding a big markup and a modified build of open wrt, and making a really good profit from the thing.

    This is really misleading and abuses people's sympathy for hardware startups. He is not a hardware startup, he is an importer and that deception

  • Insecure (Score:4, Insightful)

    by aaaaaaargh! ( 1150173 ) on Thursday October 16, 2014 @03:17AM (#48157255)

    Even if everything on it is properly implemented, which is doubtful, the device will be completely insecure for ordinary, non-expert users. To use Tor securely, the endpoint communication software must be properly anonymized, Java and Javascript disabled, etc. Use Tails or Tor browser bundle on an encrypted home partition of a well-patched system instead.

  • I don't see what problem this solves that the Onion Pi doesn't solve?

    • The problem that the Onion Pi is not granny-friendly. The problem that the Onion Pi needs to be assembled and requires RP Linux knowledge to set up in the first place.

      Some people want the challenge of making the device, others just want to plug it in and go. That's where this comes into play.

      • Yes, because pre-configured SD cards don't exist. It's *really* tough.

        Everything has some level of configuration, if you've ever used an onion pi, the tutorials and walk-thrus are as granny friendly as the tutorials or walk-thrus to set up any router, really.

  • I doesn't matter anyway. The vast majority of users (almost 100%) won't read the source or make modifications. From a purely marketing perspective, "open source" is a word like "locally-grown" to add a nice and cozy grassroots feeling to the product.
  • Looks like he is the first to realize that
    * openwrt capable mini-routers are very cheap, i use multiple WR703N for tinkering
    * there are many firmware generators out there that should it make simple to create an tor-capable image

    We will see an firmware-image that you can directly flash from the vendors webinterface and that turns your router into an tor-client.
  • This is horrifying - how gullible do you have to be to back and trust this? It's such a big fat juicy target for the NSA (or FBI or Russian hackers or any other group of
    miscreants). It's a 'spy on me!' box for the people they most want to spy on. If they have the full help of the company then they can add cheap hardware to the build so that even if you completely wipe and reflash the main partition their stuff still runs. Even if the company were legit, all you need is one guy or one pwned computer inside i

  • I was just notified by email that the anonabox Kickstarter project has been suspended by Kickstarter for violating their TOS.

    All funding has stopped and backers will not be charged for their pledges, according to the message.

    A sad result, but you have to credit Kickstarter for their actions.

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...