Anonabox looks like the perfect Kickstarter product: It’s a Wi-Fi router that promises to route all your web traffic through the Tor network, which makes all internet traffic anonymous, protecting you from surveillance.
It appears to be delightfully simple: Plug the internet line from your computer into the Anonabox, and plug the Anonabox into your wireless router. Hey presto — all your web surfing activity is now completely anonymous and private, because it’s going through Anonabox.
Here is how it’s supposed to work:
The man behind Anonabox, August Germar, says his invention was inspired by the Arab Spring. Shocked by news that the Egyptian government had cut off internet access during the revolution, Germar decided to create a router that would keep people anonymous.
Generous Kickstarter users, excited at the idea of affordable online anonymity, have pledged over $US600,000 for the Anonabox. It took the device just 48 hours to raise $US300,000, far beyond its $US7,500 goal.
But the story of Anonabox is rapidly falling apart.
Internet users have discovered that Germar didn’t invent the Anonabox, its workings, its case, or any of the “open source” components he says he developed. Instead, the device is an off-the-shelf router from China. And any developer can unlock its back end with the password “developer.”
To be fair to Germar and Anonabox, it could be that the company is actually working on a Wi-Fi router device that reroutes your web activity anonymously through Tor. Perhaps, to illustrate how the device works in principle, Germar simply borrowed some off-the-shelf imagery. Many Kickstarter products don’t have finished prototypes before they start raising money.
We contacted Germar for comment but did not yet hear back.
Germar does, however, say in the Anonabox Kickstarter page that he “designed a simple, minimalist case in plain white” to house the Anonabox’s inner workings. That’s simply not true.
The Anonabox’s case is a common design used for cheap Wi-Fi routers sold on Chinese shopping websites.
Even worse, many of the product photos used in the Anonabox Kickstarter video are actually Photoshopped versions of Chinese routers, modified to remove any identifying information.
This image shows the Anonabox on the left, with an earlier Alibaba product photo on the right:
But it’s not just the outer case that seems to have come from China. The Anonabox’s circuit board, the key component that Germar says will keep its users safe, is an off-the-shelf Wi-Fi board sold in bulk in China.
Here’s a photograph of the Anonabox’s board from the Kickstarter page:
And here’s a photo of a standard WT3020A board from China. Note that the circled serial numbers are exactly the same:
But it’s not just the hardware of the Anonabox that is worrying privacy advocates. It has been shown that the device’s software would leave internet users dangerously exposed. In fact, the Anonabox would leave its users less secure than if they used a standard Wi-Fi router.
Programmers have discovered that the latest version of the Anonabox software doesn’t even support HTTPS, a basic web standard that makes the internet more secure. And the current version of the Anonabox software has a security hole that can be unlocked by using the password “developer.” Reddit users pointed this out to Anonabox founder Germar during his Reddit AMA, but he seemed unfazed.
We’ll update this story if we hear from Germar anytime soon.