top 200 commentsshow 500

[–]CraZyBob 870 points871 points  (177 children)

Please use Kickstarter's report button on the bottom of the page to let them know this projects breaches their ToS. Include a link to this page, or the places your can buy the Chinese router.

Edit: We did it reddit...

[–]theunnamedfellow 172 points173 points  (71 children)

Aaand it just hit $400k. I have some sand to sell in the desert if anyone is interested...

[–]aDreamySortofNobody 109 points110 points  (29 children)

And his goal was $7500. This guy is in WAY over his head.

[–]tomoniki 38 points39 points  (26 children)

Yeah, projects that go way over will almost always be delayed and have issues with delivery. People often can't scale their production times properly or have the resources to deal with the demand and end up getting crushed.

[–]kanev91 16 points17 points  (4 children)

this project would be very easy to scale i guess

[–]dvidsilva 20 points21 points  (2 children)

as long as the provider on alibaba can keep up

[–]tjandearl 5 points6 points  (1 child)

pfft you order 10 prototype boards from a chinese manufacturer and they're already gearing up to populate 100,000 a day for you before you're done analyzing the prototypes.

The downside is the prototypes are almost always wrong, I never saw schematics and silk screens, and board files go to a manufacturer and become something entirely different so fast than I have when my company outsourced board production to china.

[–]oneonetwooneonetwo 2 points3 points  (0 children)

That's the upside of this.

[–]zeroair 40 points41 points  (8 children)

Penny had this problem exactly.

[–]concrete_puppet 39 points40 points  (7 children)

hands up if you are still waiting on Penny Blossoms whilst that bitch is just lazing about serving cheesecake...ive not seen her make ONE since her first day!

[–]Mitch_Mitcherson 5 points6 points  (3 children)

What's Penny Blossoms?

[–]SpideyIRL 10 points11 points  (1 child)

It's a reference to the Big Bang Theory episode named "The Work Song Nanocluster".

[–]Mitch_Mitcherson 2 points3 points  (0 children)

Ah, thank you.

[–]______DEADPOOL______ 5 points6 points  (1 child)

raises hand

stupid bitch.

[–]TheBellTollsBlue 7 points8 points  (3 children)

Yup... Even projects that don't go that far over have issues.

I was a part of one project where the guy had a mental breakdown due to the stress and ended up hospitalized.

But I guess you have to blame it on the project creator for not putting limits on the rewards.

[–]Gr1pp717 3 points4 points  (4 children)

On that note, I finally got my soylent last week.

[–]cosmo2k10 50 points51 points  (13 children)

Is it open source reclaimed organic sand?

[–]theunnamedfellow 20 points21 points  (10 children)

Yes, I will sell it to you at a good rate my friend - how many cubic yards are you after?

[–]chiliedogg 6 points7 points  (9 children)

Depends on price and shipping. I could use some fill dirt.

[–]theunnamedfellow 12 points13 points  (8 children)

$199.95 is fair. I mean, it's open source if you want to make sand yourself, but I already did it for you, so you pick.

[–]lordparody 8 points9 points  (7 children)

But is it gluten free?

[–]theunnamedfellow 11 points12 points  (4 children)

Of course it is, it's open source! It is what you want to make of it.

[–]Af6foenep 1 point2 points  (3 children)

So it can cure cancer?

[–]ReiceMcK 15 points16 points  (0 children)

Absolutely! Researchers claim that it may hold the key to a cure; complex molecules trapped within the grains may allow my overzealous optimism to mask the ambiguity of everything I say!

[–]TheOtherCumKing 5 points6 points  (1 child)

Can it cure cancer? Research says that 99% of cancer survivors have been in contact with sand at some point. That's a might big coincident if it can't, don't you think?

[–]htilonom[S] 50 points51 points  (17 children)

Verge and others really pumped this waaay out of corporation. I wonder how the makers of Onion Pi feel about it, especially because for 20$ more they sell a device 10x better than the Anonabox https://learn.adafruit.com/onion-pi/overview

[–]vrwan 13 points14 points  (1 child)

Do you mind providing a link to the $20 Onion Pi? I could only find a $90 pack here: http://www.adafruit.com/product/1410

[–]htilonom[S] 20 points21 points  (0 children)

Oops, I accidentally a word. It's for 20$ MORE they sell a better device...

[–]brufleth 8 points9 points  (12 children)

Isn't it more like 90-100 dollars and take a bunch of setup? Not to diminish it because it looks really cool but it ends up costing quite a bit.

[–]malkiy 6 points7 points  (2 children)

Going to need to know it's Free range sand also.

[–]theunnamedfellow 3 points4 points  (1 child)

But of course it is. I can even take a picture of it captive, and take the same picture to look free. No kidding friends, this sand is the real deal.

[–]wsfarrell 2 points3 points  (1 child)

Can the purchase be traced back to me?

[–]cwolve 5 points6 points  (0 children)

Only if you purchase via anonabox

[–]arcainic 1 point2 points  (0 children)

500K and not a grain more!

[–]htilonom[S] 232 points233 points  (96 children)

Yes, everyone should report this!

[–]benjconnor 79 points80 points  (87 children)

I just gave them money, but I'm a regular consumer who doesn't understand how I could do this myself. Is this questionable ethically because they have said on the kickstarter that they created all this themselves and didn't, or is it that the technology already exists in this exact form and they've just put their stamp on somebody elses product?

As a consumer if they are just making this a simpler product for me to buy then I don't mind, as I just want a reliable easy straight forward way to browse anonymously. What are your thoughts?

[–]p0mmesbude 46 points47 points  (17 children)

Are you able to trust that device even though the producers are not telling the truth?

[–]benjconnor 8 points9 points  (16 children)

No. But as an un-educated person in such matters, the fact that I am here trying to better understand puts me in the 1%. I guess the only question I care about is, does it work?

[–]CaptainObviousMC 59 points60 points  (0 children)

Trusting fraudsters to have properly secured a security device is a bad plan.

[–]Neebat 43 points44 points  (7 children)

If you can't trust them, it doesn't work for privacy.

[–]Alenonimo 9 points10 points  (2 children)

Unlike Kickstarter, you can't cancel an Indiegogo pledge.

Now you'll get a product made by someone who can't be trusted and a hardware with chinese backdoors.

Too bad. :(

[–]ThatJanitor 9 points10 points  (1 child)

Indiegogo? I thought they were on kickstarter?

[–]sc2bigjoe 5 points6 points  (1 child)

Yeah and for people like you who don't understand good opsec the first thing you'll probably do is login to Facebook and post about how your being anonymous through anonbox

[–]heshl 1 point2 points  (0 children)

Fucking opsec dude, fucking opsec.

[–]htilonom[S] 162 points163 points  (55 children)

It's questionable ethically for many reasons:

  • They are lying that it's fully open source hardware and software
  • They are using OpenWRT without giving the credit to them or GPL.
  • Author also responded to accusationgs by giving more bullshit that it's custom device, which is not true. https://i.imgur.com/XIjQ9LJ.png

I'm all for building a open source device that will give you anonymity, just don't lie in the process of making it. It's false representation and more importantly, breaks Kickstarter TOS, so probably no one get's the money.

[–]BarelyAnyFsGiven 97 points98 points  (28 children)

That's the real concern. If this is a mass produced Chinese product that isn't open source, it could undermine the whole point of anonymity.

Several Chinese technology companies have been caught up in adding in backdoors to technology (Huawei being the most immediate to mind).

[–]benjconnor 22 points23 points  (4 children)

Awesome. Thanks for your information guys! I've withdrawn my pledge for this. Thanks so much for all of your comments :)

[–]QuiteAffable 30 points31 points  (3 children)

[–]z48 10 points11 points  (2 children)

How do you withdraw a pledge?

At the bottom of that page there is a button/link that say Cancel Pledge.

Upon doing so a box asking why shows up. Use that to explain why to KickStarter. This is better than just changing the pledge to zero.

[–]QuiteAffable 1 point2 points  (0 children)

Thanks, updated my "reduction to zero" to a cancellation.

[–]SuperDuper1969 35 points36 points  (15 children)

Huawei being the most immediate to mind

Huawei - leaked report shows no evidence of spying

http://www.bbc.com/news/technology-19988919

[–]ekaj 10 points11 points  (0 children)

I'm sorry but that doesn't matter shit. There are a lot of known remote code execution exploits for Huawei. If they are intentional or not, it doesn't matter as long as they exist.

[–]Grappindemen 35 points36 points  (2 children)

Yes. Huawei glorious safety brand. No spy happen upon Huawei brand hardware.

This message was sent by Huawei Ascend

(In all seriousness, we know that American brands are forced to do it. Although there is no evidence Chinese brands are forced to do the same, it's plausible. Avoid (only) for semsitive purposes.)

[–][deleted]  (9 children)

[deleted]

    [–]ekaj 18 points19 points  (4 children)

    If you'd spend 5 minutes Googling you'd see Huawei does have backdoors in the their equipment. They say they are remote support accounts for tech support.

    They also have more remote code execution vulns than I can count.

    [–]maxToTheJ 26 points27 points  (1 child)

    Columbian drug dealers "leaked" communications show they don't actually run a drug empire.

    [–]benjconnor 8 points9 points  (19 children)

    Thanks guys! The ethics if his intent is malicious make me angry, but even if he is being a middle man and reliably providing me with a product that does the thing that I want without me having to source parts from a Chinese website, then I don't mind if he has my money for that. I totally understand all of your points and agree with them though.

    [–]htilonom[S] 31 points32 points  (16 children)

    Glad you agree buddy. I tell you what, here's a few links to devices that you can use for the same cause:

    I'm a bit swamped with comments so in next few days i'll write a guide how you can make your own Tor box (or link to already available guides).

    [–]benjconnor 6 points7 points  (5 children)

    I'd appreciate that heaps. How can I follow this?

    [–]htilonom[S] 3 points4 points  (4 children)

    Just bookmark or save this thread. I'll contact you in a day or so ; )

    [–]benjconnor 1 point2 points  (0 children)

    Awesome!

    [–]spike003 1 point2 points  (0 children)

    I'm commenting to save this thread, really looking forward to your guide.

    [–]dontbeanegatron 1 point2 points  (0 children)

    Please include me! Just canceled my pledge, and looking forward to your guide.

    [–]thebumm 2 points3 points  (1 child)

    RemindMe! Three Days

    [–]IceToAnEskimo 1 point2 points  (0 children)

    Commenting to save thread. Thank you!

    [–]HallucinogenicToad 1 point2 points  (0 children)

    RemindMe! 2 days "Build a Tor Box"

    [–]mrforrest 11 points12 points  (3 children)

    or is it that the technology already exists in this exact form and they've just put their stamp on somebody elses product?

    That one. It's pretty shitty ethically. If they were like "Hey, we're recoding some of these Chinese routers with partially open-source code to run all your traffic through Tor," it'd be a bit better. But that's not the case.

    [–]thekeanu 6 points7 points  (2 children)

    I feel like they didn't want to mention the bit about "Chinese" because people will be like:

    Security + Chinese = "Security"?

    But then where do people expect these to be coming from?

    [–]Not47 1 point2 points  (0 children)

    I would rather have the chinese gov reading my emails and tracking me than my own gov.

    [–]allenyapabdullah 5 points6 points  (0 children)

    If the hardware isnt fully open source, powers that be can install a backdoor on the hardware and this will all be for naught.

    So they said it was fully opensource even on the hardware level, which isn't true. Thus a misrepresentation.

    [–]protestor 1 point2 points  (1 child)

    It's possible that their technical expertise is so lacking that they either won't deliver what is promised, or will deliver a faulty (read: insecure, buggy) product.

    [–]brufleth 1 point2 points  (0 children)

    From the ama it looks like they come with an easy to break password that's "developer!" This product is a joke.

    [–]Solitaire_Nemesis 6 points7 points  (0 children)

    I am glad I looked this project up before buying into it. It clearly breaks the kickstarter ToS (resale), and I will make the effort to learn how to use some other hardware/software. Reported!

    [–]anothergaijin 2 points3 points  (2 children)

    Kickstarter doesn't care. If this was a small $10,000 project they might kill it, but if this gets into the millions, which it might, they would be killing off a huge chunk of income (not to mention all sorts of publicity).

    [–]Shabbypenguin 2 points3 points  (1 child)

    And if this doesnt get taken down then kickstarter would lose shitloads of credibility.

    [–]throwaway4321234567 1 point2 points  (0 children)

    Companies don't give a shit about credibility when money is involved.

    [–]fusl 2 points3 points  (1 child)

    Clicking the report button ends up in showing this: http://zoq.fuslvz.ws/snapshot-2014-10-15-14-33-36-G1kPIe8I.png I don't have a facebook or kickstarter account, and now...?

    [–]Ars3nic 2 points3 points  (0 children)

    Click "sign up" and enter bullshit info. You don't even need to confirm your email to file a report.

    [–]From_Pennsylvania 1 point2 points  (0 children)

    Does Kickstarter have a track record of removing ToS breaking projects? An even better question, does Kickstarter have a track record of removing $500,000 ToS breaking projects?

    [–]isislovecruft 232 points233 points  (24 children)

    Hi! My name is Isis. I'm a Tor developer.

    Myself and some of my coworkers use little mini routers flashed with OpenWRT to enforce Tor transproxies on devices we're using, or otherwise testing for proxy leaks. We would all be super stoked if you (or someone else) were to discuss with us on the tor-talk@lists.torproject.org mailing list your OpenWRT configurations, and especially stoked if anyone could recommend pocket-sized OpenWRT-compatible hardware. We'd also be happy to discuss the potential effects on the network, and anything else necessary to get a real Tor Router, because all of us want that too (but we sadly don't have time or funding for hardware development right now).

    [–]ourari 60 points61 points  (0 children)

    One thing this Kickstarter has proven is that there is money out there for a Tor Router. And, by now, especially for a Tor Project certified Tor Router. That just leaves time...

    [–]MisterMondayZ 182 points183 points  (13 children)

    I don't think I trust ISIS for my internet security

    [–]ken27238 62 points63 points  (8 children)

    LAAAANNNNNAAAAAAA

    [–]Tarpititarp 10 points11 points  (6 children)

    WHAT

    [–]thnksqrd 11 points12 points  (4 children)

    Phrasing.

    [–]TheGreatJordanS 17 points18 points  (3 children)

    Danger Zone

    [–]ClownFundamentals 2 points3 points  (0 children)

    Do you not?

    [–]indorock 1 point2 points  (1 child)

    Internet Security Is Sacred

    [–]dvidsilva 9 points10 points  (0 children)

    this should be so much more up :P report their project in kickstarter, they should listen to you.

    and post in reddit or something, my hardware experience is null but I bet you can find a great group of people to work together

    [–]htilonom[S] 11 points12 points  (0 children)

    Sorry for not replying earlier, as you may have noticed, I've been swamped with comments :)

    This is great, as soon as the anonabox bubble pops, I'll set up a big write up on how to use Tor on many "3G routers" or already buy premade devices. Your opinion and input is highly appreciated.

    We'll be in touch!

    [–]thatstevelord 4 points5 points  (0 children)

    If you guys want a hand, I spend a lot of my time pulling apart firmware on Linux-based routers running things like OpenWRT, ASUSWRT, RLX Linux on embedded devices.

    Fundamentally though, the big problems as I see it are going to be things like leakage from the client (browser bugs, 3rd party plugins, transparent proxy leaks etc). It's why I never bothered in the first place. Well, that and PORTAL.

    [–]zewa 20 points21 points  (1 child)

    The wording of the kickstarter is taken from this project: http://hackaday.com/2014/09/06/secure-your-internets-with-web-security-everywhere/

    [–]CaptainStouf 22 points23 points  (0 children)

    I'm this project creator... Thank you for bringing it to the table... Look at the dates (contest judging, KS start date, DNS records of ananabox.com...) It's silly...

    [–]JonTheBold 17 points18 points  (7 children)

    Update: 9:15am, 2014/10/15: The original Wired article has been updated to report that Anonabox's hardware was provided by Chinese firm Gainstrong.

    Thanks for starting this story, /u/htilonom. It stopped me from funding this fraudulent project, and I've reported it to Kickstarter as you recommended.

    [–]russiancatfood 2 points3 points  (0 children)

    TechCrunch also updated their original story.

    The truth getting traction despite any PR spin these guys are trying to pull.

    [–]htilonom[S] 5 points6 points  (5 children)

    Whoa! thank you for letting me know, I'll update the post right away!

    [–]JonTheBold 4 points5 points  (4 children)

    The Daily Dot has an article covering the Reddit controversy, including an update from Anonabox's developer.

    [–]brnout 28 points29 points  (5 children)

    I was giving them the benefit of a doubt of doing at least some work on on this software, but from their Developer forum, they list 5 steps for setting up anonabox from the base bits, and *three of those steps are logging in, rebooting, and testing a URL*!

    http://www.torouter.com/developer/showthread.php?tid=4

    http://imgur.com/qCIS4jx

    So, they have *off-the-shelf hardware* (with a little more flash than standard, though in his AMA he said the base flash is enough without logfiles).

    On that hardware, they install a couple packages (via single command lines) and then copy over a set of *very insecure configuration files* - simple default root password, non-encrypted wifi, etc.)

    So much for four years of hardware and software development by a team include an electrical engineer (oooh.... aaah. I'm so impressed your EE said 'give me more RAM'. That takes mad engineering skillz.)

    [–]UnchainedMundane 2 points3 points  (3 children)

    simple default root password, non-encrypted wifi, etc.

    I've seen a twitter feed covering these, but what puzzled me is why he finds responding to pings insecure - what was the issue there?

    [–]ghostdunks 2 points3 points  (1 child)

    I'm no expert on this stuff, but I'm assuming that responding to pings is the same as Replying to spam/scam emails ie. it tells the sender that there's someone there on the other side, so they have a valid target there. If it doesn't respond to pings, then the attackers move on to another target, believing that no one is there to bother to hack. Think this is like "security through obscurity". Again, not an expert on this, just a thought.

    [–]brnout 1 point2 points  (0 children)

    It's not a security breach along the lines of unencrypted wifi or a well-known root password, but it's still an unnecessary leakage of information.

    Will a typical user need a ping response to the real world? Probably not. As such, it should be disabled by default. If responding to pings is helpful, it could be opened up by those users.

    Responding to ping or really any externally initiated communication is not a good default as it gives more of an exposure footprint to all 'the bad stuff' on the internet. If a quick scan of your IP shows no response, except in a targeted attack against you, most attackers will just move on to another target.

    Especially since this is a device claiming to provide complete security, the default config should be as tight as possible.

    [–][deleted]  (2 children)

    [deleted]

      [–]aDreamySortofNobody 19 points20 points  (0 children)

      This was enough for me to cancel my order.

      "The first generation was the only one with off the shelf hardware"....uhhh, no?

      [–]htilonom[S] 12 points13 points  (0 children)

      Bravo, sorry for not being able to respond before, I'm swamped with discussions about this. People actually think that the anonabox author isn't saying anything wrong.

      [–]Elfer 69 points70 points  (25 children)

      It's pretty fucked up that they claim to have designed it, because otherwise there's really nothing wrong with the project.

      They took existing open-source software and sourced suitable existing hardware to make an unobtrusive, plug-and-play device. People have made more money for doing less.

      [–]Harbingerx81 43 points44 points  (21 children)

      Kickstarter is not the place for that though...I rip off people's hardware and software designs all the time for personal projects, but I know better than to try make legitimate money from it even if it is 90% my own work.

      [–]alkalinelito 28 points29 points  (5 children)

      Exactly, Kickstarter is not for this.

      He can set up a webpage selling this shit, and thats it .

      He can bulk order from china, setup and configure, and sell.

      What does he need kickstarter for?

      [–]patrik667 41 points42 points  (1 child)

      What does he need kickstarter for?

      Make half a million dollars quick.

      [–]user8734934 17 points18 points  (0 children)

      Make half a million dollars upfront. Without kickstarter he would need to produce the product, market, it, and sell it. With kickstarter he put on a good presentation and made 500k without actually selling anything tangible.

      [–]utopiah 4 points5 points  (1 child)

      He can set up a webpage selling this shit, and thats it .

      He can bulk order from china, setup and configure, and sell.

      Well I've never done that before but that sounds like both work and risk, why wouldn't he ask for financial support for his efforts?

      [–]alkalinelito 8 points9 points  (0 children)

      Of course anyone can ask for financial support.

      He just mislead the kickstarter users, thinking they were contributing to the development of new hardware.

      [–]htilonom[S] 102 points103 points  (80 children)

      I've just verified, so they are selling Chinese device with OpenWRT code, which is not THEIRS. Proof: http://anonabox.com/about/code.php

      http://torouter.com/sauce/current.tar.gz extract it and you'll find OpenWRT.

      So it's not even their code.

      EDIT: Whoa more lies. Author replied to accusations that he's just using chinese device https://i.imgur.com/XIjQ9LJ.png

      If by custom he means more RAM, then here's a link with a device that has the exact same amount of RAM and openly says it runs on OpenWRT (while Anonabox author doesn't even credit OpenWRT) https://i.imgur.com/XIjQ9LJ.png

      edit: guys guys guys, I'm talking about visiblity of OpenWRT. If target group are not technically literate people, how do they know what's it built on? I know it shows a logo, but cmmn, is that really all it deserves? They are selling device with OpenWRT as a OS, it requires a bit more recognition and specification.

      Of course, giving specs of hardware and software will reduce sales, because most of people will just put together by themselves.

      [–]Elfer 17 points18 points  (42 children)

      To be fair, OpenWRT is mentioned on the Kickstarter page, if not in the video: http://imgur.com/Tg75uji

      He also mentioned that it's 16 MB of flash memory, not RAM, so I guess there is the potential that it's a custom order (unless there's a similar board demonstrably being sold before this one was sourced from the suppliers)

      [–]htilonom[S] 5 points6 points  (41 children)

      It mentiones why it's BETTER than OpenWRT not that it's BASED on it. Also, check the date of that FAQ. It's pathetic https://i.imgur.com/TMJphVL.png

      edit: yea, they put openwrt logo, which is not:

      • specs
      • intro about device
      • source code page
      • GPL license of OpenWRT

      In all of those places mentioned above they DID NOT put OpenWRT

      [–]Elfer 9 points10 points  (15 children)

      The question isn't whether it's better than OpenWRT, it's "What makes buying your thing preferable to running OpenWRT on an off-the-shelf router?" IMO the implication is that this is a device being shipped with OpenWRT, and the question is "Why not just get a router and put OpenWRT on it mysef?"

      I think that's reflected in the answer as well, all he says is that it's pre-configured, not that they've improved upon the software in any way. He even goes on to say that if you've got the interest, you can go ahead and build one yourself.

      [–]protestor 1 point2 points  (2 children)

      They don't need to post the GPL license on the page - they need to include it only when actually distributing the GPL-licensed software.

      [–]KampfLoeffel 7 points8 points  (21 children)

      Dude. Your reading comprehension is atrocious.

      [–]KampfLoeffel 19 points20 points  (17 children)

      Your claim:

      Anonabox author doesn't even credit OpenWRT

      Places where they references OpenWrt:

      This is enough to fulfill the requirements of the GPL (even the copyright notice would suffice).

      [–]ThenWeEnd 29 points30 points  (3 children)

      I'm on board with you that this is shaping up to be a scam, but they were pretty up front with me about it using OpenWRT when I asked about it (third comment posted to the campaign), so I don't think they're trying to hide that fact... http://i.imgur.com/eoDutJh.png

      They do claim the following on their website, though: "Open Software, Open hardware, Open everything." It'll be interesting to see how they provide details on the open hardware, if this is a Chinese clone.

      [–]htilonom[S] 10 points11 points  (2 children)

      Regarding OpenWRT, I simply stated they did not give any actual credit to OpenWRT other in logo.

      So they didn't put it in specs, they didn't mention it in their source code page, they didn't put copyright notice... I understand they put a comment but it's not exactly visible nor it makes sense to hide it unless you're trying to sell more of the devices.

      [–]ThenWeEnd 7 points8 points  (1 child)

      There are tons of "Copyright (C) 2010-2013 OpenWrt.org" copywright messages riddled throughout the source, and the banner file in the source tarball includes the OpenWRT logo and version it's based on ("Based on CHAOS CALMER (Bleeding Edge, r41992)"). It is awfully strange that they used a banner that doesn't include the OpenWRT reference on the source code page on their website though, even though they left the "openwrt" references in the config files they show. Definitely something fishy going on there, but honestly, I think obfuscating the use of OpenWRT is one of the smallest red flags in the sea of red flags you and others have uncovered about this project so far...

      [–]htilonom[S] 6 points7 points  (0 children)

      Yea, source code gives away but it's still intentionally withheld from:

      • specs
      • intro about device
      • hardware schematics since they're claiming it's open source.
      • source code page
      • GPL license of OpenWRT

      In all of those places mentioned above they didn't put OpenWRT.

      Definitely something fishy going on there, but honestly, I think obfuscating the use of OpenWRT is one of the smallest red flags in the sea of red flags you and others have uncovered about this project so far..

      That's why OP doesn't have anything on the subject. OpenWRT is the least of concerns here.

      [–]lehtinen 7 points8 points  (1 child)

      [–]manvscode 2 points3 points  (0 children)

      LOL. I still can't believe so many people are standing by this product when:

      • August Germar is a liar.
      • The experts have shown it to be insecure.

      [–]CaptainStouf 8 points9 points  (0 children)

      By the way, here is the original project, Hackaday Prize (not yet finished) semi-finalist, and based on the Adafruit onionPi : http://hackaday.com/2014/09/06/secure-your-internets-with-web-security-everywhere/

      There are many obvious similarities and anonabox are even using almost the same sentences I'm using for my HaD project, same arguments.

      The anonabox campaign started one day before the contest judging, and his website has been registered on 18 of september, (after I released the project details). This is a very aggressive move and everyone should be carefull about this campaign.

      [–]AllRoadsLeadToReddit 8 points9 points  (1 child)

      Wow, 200 comments in a /r/privacy post.

      [–]Alenonimo 9 points10 points  (2 children)

      Here's what to do to cancel your Kickstarter pledge:

      Can I cancel a pledge?

      By pledging, you are committing to supporting that person’s project; canceling that commitment is discouraged. If you must cancel, visit the project page and click “Manage Your Pledge.” At the bottom of the next page you’ll see the “Cancel Pledge” button.

      [–]astro_wanabe 2 points3 points  (1 child)

      Thank you for posting this info! Pledge Canceled! Guess I'll just keep using Tor browser bundle and good anonymity practices

      [–]Alenonimo 1 point2 points  (0 children)

      It's not like you can't buy a product that does the same thing from people who actually know what they're doing, you know? Just need to put the money where it's actually worth it.

      Here's OnionPi, that uses Raspberry Pi and Tor to create a safe WiFi zone. Not quite as cheap, and doesn't have ethernet ports but the company seems to be much more trustworthy.

      There must be other products I'm not aware of and, with the success of this Kickstarter, there is a market for someone to start making these devices.

      [–]Pumparnokel 7 points8 points  (0 children)

      Basically it’s plug-n-play flavored privacy via a tiny router that encrypts and routes all the users’ web traffic via the Tor anonymizing network.

      From Networkworld. Sigh, Tor does not provide privacy, it provides anonymity. That are very different things.

      [–]wildfirezg 7 points8 points  (0 children)

      GO FUND YOURSELF

      [–]pvtjace 6 points7 points  (0 children)

      New Shell, Bulk order, Open source software and Boom ready for kickstarters...

      [–]point_of_you 5 points6 points  (12 children)

      Interesting post...

      I want to give these guys the benefit of the doubt - but I'm not sure how to feel on this. Should we be mad? What happens to the money? Does this violate Kickstarter rules?

      [–]htilonom[S] 7 points8 points  (11 children)

      It violates Kickstarter TOS https://www.kickstarter.com/terms-of-use

      [–]benjconnor 3 points4 points  (7 children)

      can you explain it here for people who are lazy? TL;DR

      [–]htilonom[S] 11 points12 points  (6 children)

      Things You Definitely Shouldn’t Do

      *Don’t lie to people. Don’t post information you know is false, misleading, or inaccurate. Don’t do anything deceptive or fraudulent. *

      They said it's their device, that they built four versions of prototypes which is not true. They say it's their hardware and software, while the software code is actually OpenWRT with TOR. Everything without giving credit to OpenWRT or GPL.

      [–]point_of_you 3 points4 points  (2 children)

      It would almost be a shame if they were shut down, though. So much money, and such obvious demand for privacy solutions... :I

      [–]htilonom[S] 6 points7 points  (0 children)

      It's 100% their fault. Why did they needed to lie? It's a good idea, but unfortunately it uses software and hardware that already exists.

      The only reason they lied is if they created only a image of openwrt preconfigured to be TOR client (which is what they're selling)... nobody would pay for it.

      [–]thekeanu 1 point2 points  (0 children)

      In the name of privacy this KS should be investigated.

      Example questions:

      If they're ommitting / lying about some information, can you trust them with your security?

      Are the producers (Chinese?) putting their own backdoors in?

      If they're just getting the pre-built hardware and adding the software, then should they really be using kickstarter for that?

      [–]captainplantit 6 points7 points  (0 children)

      At last happy with the board, we designed a simple, minimalist case in plain white to house it.

      That's the smoking gun line right there, because they clearly didn't design shit!

      [–]fipepighter 10 points11 points  (2 children)

      Looks to me like he's trying to copy what adafruit industries did a few years ago with their version of the raspberry pi

      https://learn.adafruit.com/onion-pi/overview

      Anyone can make an physical tor router with the right components. This guy is ripping people off and taking the money with him. Besides anonymous uses not just tor to conceal their identies but they use several layers of encryption and vpn routing services as well.

      [–]albill 2 points3 points  (0 children)

      Make Magazine even published two scripts for the OnionPi to set it up so even n00bs can do it: http://makezine.com/projects/make-36-boards/how-to-bake-an-onion-pi/

      [–]polaco1782 3 points4 points  (1 child)

      I looked at his source from OpenWRT. Actually its not the FULL source, just his modifications do OpenWRT sources. There are some faulty iptables rules which permits leaking UDP traffic bypass Tor. The default rule for gateway is also to accept forwarding packets from lan to wan.

      Badly written system.

      [–]People_sometimes 4 points5 points  (0 children)

      Thanks man. You saved me and my friend Pablo some money and dignity. I owe you!

      [–]sleekmountaincat 4 points5 points  (0 children)

      i also just cancelled my pledge.

      [–]IIIIIIIIIIl 3 points4 points  (0 children)

      It just goes to show how many people want to feel protected, but have no idea what that even means.

      [–]teetante 2 points3 points  (0 children)

      [–]KupoTheMoogle 5 points6 points  (1 child)

      Needs more edits

      [–]Throbbert 3 points4 points  (0 children)

      Reported to Kickstarter

      [–]paskal91 2 points3 points  (0 children)

      this seems relevant

      [–]IconTheHologram 4 points5 points  (2 children)

      As someone who is familiar with product development and manufacturing of wireless products, maybe I can provide some quick insight. There are few different ways you can develop a product like this:

      1) Create a product from scratch.
      This requires at a bare minimum an electrical/mechanical engineer (sometimes one or the other, sometimes both) to create a schematic of the PCB encompassing all the hardware requirements to build a device capable of supporting the features you are offering. In this case (and I’m not going to pretend to have vast knowledge about hardware and/or software), it looks like the hardware requirements are- enough processing power and memory to run the software, along with standard power and LEDs along with some type of wifi antennae. This product is wireless which means you also need someone with RF knowledge to locate the wifi antennae for maximum performance. However, the goal of this product is not maximum wifi performance but anonymity so maybe you can sacrifice the RF engineer to save costs. Once the PCB is laid out, you OWN the design, meaning no one else can use the same design. You then need to develop the tooling for the casing. Usually the tooling is sourced by the manufacturer itself, as they most likely have built products requiring plastic injection molds in the past. You sign off on the tooling, and in my specific experience, you OWN the tooling (which means no one else is allowed to use it – it’s developed specifically for your product).

      2) Create a product using an existing reference design.
      Seeing as there are many different wifi routers built by many different companies using many of the same components, chances are many reference designs exist for this type of product. Reference designs are made by component suppliers and manufacturers alike. You would take the reference design and either approve it as the type of schematic you want, or add/remove components and features as needed. This a cheaper way to build a product, but you do not own the original reference design, only the specific alterations you made to the original. As in the first example, tooling would then need to be created. There is a chance a specific tooling already exists if the changes you made to the reference design allow for you to use a previously spun PCB, but unless the outer casing is extremely generic, at the very least you would require a license or exemption to use someone else’s tooling, unless the tooling is owned by the actual manufacturer of the product (not very common). There are instances however of a manufacturer providing a turnkey solution including reference design and tooling to fit your specific need, even with the addition/subtraction of components.

      3) Buy an existing turnkey solution and add customized software.
      Simply speaking, you buy an already mature product at bulk or wholesale pricing. You either tell a manufacturer/supplier of your needs and let them find a solution that fits your price point and features, or you source the solution on your own. Either way, you do not provide any input on the actual schematic or form. You can then load your desired software onto the unit at the factory itself.
      In options 1 and 2, there are further steps and costs involved. At the very least, you need FCC approval for any wireless device. This costs time and money. Most likely if you are selling a consumer product you are also getting UL certification to help protect against any product failures/lawsuits. In option 3, the mature product has already been UL/FCC certified.

      It’s very obvious Anonabox did not develop their product according to option 1. It simply doesn’t make business sense, and a company most likely would not be going to kickstarter to look for funding for a complete product development cycle. It is more likely that the product developers used option 2 or 3, and judging by most of the comments and feedback on this product, they used option 3. They are simply taking an existing product of which they had very minimal to no input on the hardware or tooling and are laying their software over whatever the chipset software is. I can say that if a company has any input on the casing, they are acutely aware they are either using a pre-existing tooling, licensing the tooling or have paid out of pocket for their OWN tooling. Same goes for the hardware design. There’s simply no way a company could develop a product without knowing something similar or exactly the same already exists in the market.

      In my opinion they are being purposely obtuse as to how they went about sourcing the PCB and casing. My own perspective on this is the creators of Anonabox found a pre-existing product that would support the software needed, and are using the funding to support a pilot run and first mass production on the product. I can’t speak to how customized the software is, only the way companies develop, design and build products.

      I know I'm leaving out a lot of detail.

      [–]letsgotime 2 points3 points  (4 children)

      If the project, including the hardware is open source, then I want to see the gerber files. Since the project is open source then they would not have any trouble with releasing the files.

      [–]agamoto 11 points12 points  (4 children)

      As someone who has purchased many OEM products in China for resale in other countries, it's very important that you realize that multiple OEMS use the same molds and reference PCB's for their products. They do it to save money as it costs a lot more to create custom boards and plastic cases than it does to simply reuse moulds that were already made for other stuff. The difference comes down to the chips used on the reference boards, the software controlling it all and the overall build quality control. Go to any Chinese fair and you'll find a dozen or more electronic suppliers that appear, at least at face value, to be selling the exact same product. That said, it's pretty obvious to me that these guys have latched onto a particular OEM that promised to make them a batch to their spec using common moulds and a reference PCBs... Should we shit on them for that? I don't think so... It's technically still their design, their software, and their product to support. They only asked for $7500 in their campaign, that's a pretty tiny batch and their MOQ on something like this from an OEM already building something similar is probably around 2500 units.

      [–]agamoto 2 points3 points  (1 child)

      Yeah, I'd have to agree with you regarding the vague responses in that AMA. He's shooting himself in the foot there.

      [–]albill 2 points3 points  (0 children)

      Gl-iNet have even published an OpenWRT image configured for Tor in the last month... You just need to upload it to one of their cheap pocket routers and go.

      http://www.gl-inet.com/w/?p=492&lang=en

      [–]DragoonDM 2 points3 points  (0 children)

      This guy is absolute shit at PR. If he'd just said up front that he was using off-the-shelf hardware with some customization and custom software, he'd probably be fine and people would still be super hyped about the project.

      Instead, he's digging himself deeper and deeper by refusing to acknowledge things that are really, really, blatently obvious.

      [–]Alenonimo 2 points3 points  (1 child)

      Hey, remember the chinese router WT3020 that's coincidentally just like his own totally not copied 100% custom hardware?

      That chinese router is a clone from the TL-MR3020.

      So…

      • Anonabox invented a new device that was stealthly copied by TP-Link, that only then was copied by the chinese knockoff product. Not only that, but TP-Link actually shrinked his board to have one less ethernet port and the chinese company coincidentally expanded it back to the way Anonabox actually designed it.

      …or…

      • Anonabox is a liar.

      [–]_johngalt 2 points3 points  (0 children)

      Wow, fail.

      Why would they even bother with kickstarter if all that's needed is a $20 box and a config. They could have just bought 100 at a time, put the tor config on and sold them.

      [–]morphijuana 2 points3 points  (2 children)

      I came so close to contributing to the kickstarter yesterday, glad I decided to sleep on it. Thanks to OP for doing an investigation for all of our benefits. Reminds me of why reddit is such a valuable resource.

      [–]pistonpants 2 points3 points  (0 children)

      Pledge Cancelled

      [–]trish1975 2 points3 points  (2 children)

      Since you're going to be writing a guide on how to get Tor installed on those pocket routers, would you be able to post a guide on how to do the same for I2P?

      [–]mrphs 2 points3 points  (1 child)

      Not sure if ppl have seen this one: https://twitter.com/kpoulsen/status/522463109945229313

      "One of the #anonabox shots in the Kickstarter video is pretty clearly a 'shopped version of an Alibaba photo"

      [–]fearlessgod 2 points3 points  (3 children)

      Thank you for keeping this updated!!

      [–]giygas73 6 points7 points  (5 children)

      You know what, as bad as I hate this guy for this complete bullshit way he marketed this shit, it's still a pretty good idea. With that much attention on kickstarter and here the project will probbaly just grow and grow now, which imo is probably a good thing, esp. for TOR.

      [–]htilonom[S] 4 points5 points  (3 children)

      Yea, it's a good idea... and not his!

      There's also gazillion TP-Link clones (on which Anonabox is based on) that have OpenWRT OOB and support TOR.

      Additionally, you cannot make claims it's 100% secure and open source when it's not. At AMA he dug up his own grave, he's is incompetent, has SERIOUS lack of knowledge for anything near security which will put peoples lives at stake. Remember, he is pushing this device to the people who are not technically too literate! The image supplied has loads of errors and unencrypted wifi which exposes the users. Actually, for a lot more detail info about the image check @stevelord on twitter.

      Remember Chelsea (Bradley) Manning! Remember all the whistleblowers that got discovered using BAD security! It's a huge responsibility to claim what anonabox author is claiming!

      [–]illeaglealien 2 points3 points  (0 children)

      This is pretty crazy. Is it enough to get kickstarter to pull his funding if they are made aware? Doesn't seem fair to me for this scammer to get all this money with no work on his behalf

      [–]colinlowe 5 points6 points  (11 children)

      I've purchased one unit, yes it does look like the one on the Aliexpress website, which is around $20, so I'm paying $30 for someone to install the software and get it working, I'm ok with that. I've not seen anyone post details on how to install the software on one of these boxes, if it really is easy then I would have expected to see such a post. The Raspberry Pi solution is nearly $100.00, double the price and you have to build/install the software yourself so for me I'm just paying for a service with this project.

      [–]ABoss 6 points7 points  (0 children)

      That's fair, however, in my opinion they should be honest about what they are providing. If they had just claim to be a preconfigured resold device that would have been a fine kickstarter, and I'm sure people would pay for that, like you for example, and that is a great idea. Where they went wrong is just making false claims about the origins of their device and saying things about it that are just incorrect, for me this is reason enough to discard their whole kickstarter campaign.

      [–]blocked 4 points5 points  (0 children)

      gl.inet has a $25 box and has pre-built a TOR firmware. Just upload to the box. Takes like 3 minutes. http://www.gl-inet.com/w/?p=*

      [–]konoplya 1 point2 points  (2 children)

      anyone with a name like August you should be wary of

      [–]TastyFace 1 point2 points  (1 child)

      Is there any reason I can't configure TOR on a normal router? Say, the one we have from Verizon?

      [–]luzzyfogic 1 point2 points  (0 children)

      Thanks, Snowden!

      [–]langbaobao 1 point2 points  (3 children)

      So, we've ascertained that the hardware is essentially a Chinese clone of the TL-MR3020. And you can buy it on Aliexpress for 20$. I'd say the best solution then would be to write a small HOWTO on how to order the router and flash it with OpenWRT and TOR to get the same functionality.

      [–]Wampoose 1 point2 points  (2 children)

      ELI5?

      [–]TorrentZer0 1 point2 points  (0 children)

      https://learn.adafruit.com/onion-pi/overview

      This has been around for a while and does what I believe he is saying his does.

      I'm sure thsi was brought up before, but yeah, I hate liars and scammers on Kickstarter (been burned twice) .

      [–]blahb0b 1 point2 points  (0 children)

      With using just these 2 pictures you can pretty clearly see that its got the same exact lettering and batch date as the ali one

      https://i.imgur.com/dvBjzJO.jpg

      http://anonabox.com/img/2.jpg

      [–]chorzo 1 point2 points  (4 children)

      Is stonemirror just a front for an antagonistic trolling service?

      [–]WumboJumbo 1 point2 points  (0 children)

      These kids got LIT THE FUCK UP

      [–]cannotchill 1 point2 points  (0 children)

      Do people have free money to throw at kickstarter?

      [–]Nikosify 1 point2 points  (1 child)

      i should just send you the bitcoin i would of spent on his stupid product. God how did i just start using reddit!?

      [–]peerurull 1 point2 points  (0 children)

      Nice work!

      [–]gbraad 1 point2 points  (0 children)

      On Taobao: http://s.taobao.com/search?q=WT3020A for around 88 yuan... or about $10

      [–]Revrant 1 point2 points  (0 children)

      I just cancelled my pledge. Thanks for exposing this crap

      [–]freebsdgirl 1 point2 points  (2 children)

      sshd doesn't allow root logins by default fyi.

      [–]deathzor42 1 point2 points  (0 children)

      it does on openwrt: http://wiki.openwrt.org/doc/uci/dropbear Given there config is the default openwrt config they have root logins enabled.

      [–]bennyb0y 1 point2 points  (0 children)

      Nice work man, time well spent.

      [–]UnitedCitizen 1 point2 points  (1 child)

      So... you/reddit basically just wrote this article for PC Mag. http://www.pcmag.com/article2/0,2817,2470615,00.asp

      [–]0x_X 1 point2 points  (0 children)

      lol freedombox is spinning in its grave

      [–]satisfyinghump 1 point2 points  (0 children)

      Awesome investigative work

      [–]Suppafly 3 points4 points  (1 child)

      They will sell the device for about 50$, while the Chinese ones go under 20$.

      To be fair, that's fairly normal markup.

      [–]regalfetal 2 points3 points  (0 children)

      That AMA is a thing of beauty. Every comment by OP downvoted to oblivion.