When launched on Kickstarter, Anonabox project was successfully outlived its promise to encrypt all the Internet traffic of a user using the TOR protocol. The Kickstarter page promised the device delivered “anonymous Internet access and encryption, and helps to bypass censorship in places where access to the Internet is limited.”
But the crowd funding website Kickstarter suspended the hugely successful campaign post series of online criticism on Oct. 17, at approximately 1 p.m. ET.
“It’s our policy to not comment on individual projects,” Kickstarter representative David Gallagher wrote in an email declining to comment on the reason behind the suspension.
“It’s important to note that on Kickstarter, backers aren’t charged until a project’s funding period ends, and then only if the project has reached its goal,” Kickstarter’s Gallagher stated. “We work hard to safeguard the long-term health and integrity of the Kickstarter system.”
Anonabox a 100% open source embedded networking device designed specifically to run Tor is a networking device giving anonymous Internet access and encryption, that aids in bypassing the censorship in places with limited Internet access.
The device was considered as one of the most secure technique to access the Internet anonymously, which does not reveals one’s location, and other personal data that get leaked through ordinary Internet use.
On Oct. 12, California-based developer August Germar posted the pitch for Anonabox. Kickstarter asked for a fundraise of $7,500 to continue the project but it received more than expectations and requirements. It collected around $600,000 from 8,900 backers.
Kickstarter commenters mentioned about the flaws in the project, like the hardware which Germar claimed to have developed by his own has some links to nearly-identical devices on other sites.
“I think I should cancel my pledge,” mentioned one Kickstarter backer on the site. “It troubles me that August was not forthcoming that they sourced the entire hardware package from that off-the-shelf Chinese router.”
“The story about 4 years of development and 4 generations of products to end up on an existing Chinese mini-router already on the market for $20…I don’t like it,” wrote another user.
“I am so pleased to see the money finally going backwards,” wrote one on Wednesday night. “I hope this project crashes and burns.”
Germar, expressed his dismay at the vitriol and said that he is overwhelmed by the demand for the device.
“I had thought this would be like push-starting a car,” Germar says. “Instead, it’s been like being handcuffed to a rocket.”
Below is the comment Germar posted to Kickstarter on Tuesday:
Our board is custom and we have put a lot of work into it. If it were as easy as installing Tor on a regular router everyone could just do it with their current home devices now, but it takes a lot of system resources to make Tor run smoothly. You need at least 16mb flash memory (not ram) just for the Tor binaries themselves. Our current image is just over 10mb which will not fit on most routers you could find even at Best Buy unless you paid $300.
The donors were notified by email on Friday regarding the project cancellation after a Kickstarter review.
The device is cluttered with some more issues. In its default state, it doesn’t provide password-protection to its wireless network. So anyone setting up the device without any amendments in the settings have their device at total risk from the hackers.
“Within a reasonable range you can just start pulling stuff out and attacking the person,” commented Steve Lord, a British penetration tester and founder of the security conference 44Con. “The reality doesn’t stack up to their claims on the software side.”
The root password problem meaning that every device should contain same SSHD host key, a kind of secure shell key used to remotely run commands on the router. This creates a major issue as anyone having the device who has already extracted that key can intercept another Anonabox owner on the same network using SSH to amend the settings on the person’s router.
“The fact that they’re cloning pre-rolled SSHD host keys is a well known bad practice,” he says. “I feel bad slamming this project. The beauty of open source is that these issues can be fixed. But it just makes me worried for their development maturity.”
“This would have been a success even if we’d raised $10,000,” says Germar. “This is a place to start.”
“Project suspensions are permanent,” said Gallagher. “It’s important to note that on Kickstarter, backers aren’t charged and no money changes hands until a project’s funding period ends, and then only if it has reached its goal. We work hard to safeguard the long-term health and integrity of the Kickstarter system.”