27 comments

[ 3.6 ms ] story [ 65.7 ms ] thread
This is too bad. I really wanted this to be a product. Wish they had been more upfront about the whole thing. Using an off the shelf board actually gives them a much better chance of making it happen. Hardware is really really hard to ship :-)
There are already other open source firmware implementations that can be put on inexpensive off the shelf hardware to do the same thing: http://arstechnica.com/information-technology/2014/08/a-port...
That's great! Now where can I send my $50 bucks to have someone mail me one? I've got my own hardware startup to run. Maybe we will put a drone on the Tor network...
Is there any info on why or what happened?
They claim on the kickstarter page to have built the router themselves, with 3 previous generations. In fact however the hardware they sell for 51$ is available for 20$ by chinese producers:

http://www.atupapa.com/17043400030en.html

Their mistake was not to mention that the hardware isn't built entirely by them (mainboard is bought from China). However, I don't think it's fair (the backslash). They bundle the hardware with a software, they will handle the support, future updates so it's not like they are simply reselling a Chinese item. If this sounds outrageous to you then you should be outraged by 99% of the electronics items sold (because you can always buy them cheaper in China).

I'm not a supporter of this anonbox but I don't get all the outrage.

The problem is that they lied.

Under "Four Years, Four Generations" they don't outright say, but make it strongly seem like they created the board itself, and then they even do claim they designed the case.

I hope i don't need to explain why this is a death sentence for the project.

Why was this popular in the first place? Why not just run TorBrowser?
The aim of the project was to make a transparent Tor proxy simple to use, reducing the chance for mistakes to happen. The Tor Browser does not route all of your traffic through Tor, only web traffic.

There are other options though, namely you've been able to configure OpenWRT to do this for years and of course https://github.com/grugq/portal. This project would just make it much simpler and easy to use, but they haven't inspired much confidence in the security aspect.

Here are some interesting threads from reddit:

-A user found an identical device on a chinese website: https://www.reddit.com/r/technology/comments/2j8kyo/tor_rout...

-Updated thread with a lot of info/links: https://www.reddit.com/r/privacy/comments/2j9caq/anonabox_to...

-The infamous AMA from the "developer": https://www.reddit.com/r/anonabox/comments/2ja22g/hi_im_augu...

Edit: formatting

It seems that they're buying parts from a manufacturer and putting them together with a custom configuration of OpenWRT. I went through the listing and nowhere does it say "all components completely designed and manufactured by us". The OpenWRT logo is actually on their page, so they're not hiding what they use. Open up an iPhone (which is built by third parties - not by Apple), and you'll see components from lots of other manufacturers too. The people complaining seem to not know that literally no one - not even Linksys or Apple - builds routers or any other consumer electronic product entirely from scratch.

This product is neither great nor original, but the claims that they somehow lied about what they were doing just ring hollow to me.

From the kick-starter page:

Our first prototypes were pretty clunky, and cost between $200-$400 just for the parts, but they worked well and proved the concept. We knew that the device had to be small enough to easily conceal, built with quality components, and rock solid. But we also wanted to make it inexpensive. We wanted to make it available to as many people as possible.

By our fourth round of prototypes we had created a model with 64mb memory and a 580mhz CPU. This not only runs the software well, it flies!

At last happy with the board, we designed a simple, minimalist case in plain white to house it. The end result is our current model. We decided to name it the anonabox.

And? "We designed a case". "We bought lots of other prototype equipment to make this thing before we put together the final version".

I see nothing here indicating claims that the electronics are designed and/or built by them. It looks like they are very inexperienced at this and it took them a long time to find the parts necessary to build what they wanted. Again, it may be a crappy, unoriginal product. But I just don't see anything to be outraged about.

They didn't design the case either. The product comes complete, in the same case, from a Chinese manufacturer. Zero assembly required... same RAM and CPU specs... 5 different models to choose from... $20. Claiming they did ANY hardware design, assembly, etc. is the fraudulent part.

http://www.atupapa.com/17043400030en.html

Meh. They may well have played with their own designs and then found this. Either way anyone saying this is fraudulent is being pedantic. They created a product that does what it says. End of story.
They put the open hardware logo beside a commercially purchased product they claimed "we designed" at least part of. Lastly the bottom of their page is clearly worded in reference to manufacturing... with "backup suppliers for parts". I just can't make the same leap in acceptance that it was a wording error.
I agree, the only thing they said they actually designed was the case which is different from the linked pictures as far as I can tell. About the board was that it was finally one that was small and did all the things they wanted for the software to run. This smells a lot like a witch hunt.
As someone who backed, then retracted my pledge, my thinking was thus:

When you are looking at a product designed for security, you want complete, up-front honesty. The campaign had claimed (or perhaps strongly insinuated) that it had effectively designed four prototypes. This turned out not to be true (well, allegedly at this point -- it's really not clear). That raises other questions about what they might not be forthcoming about.

In short: I expect a security product to be proactively disclosing things like this. That's how you build trust.

It's your money and you're entitled to your opinion. But by this logic, the manufacturers of your smartphone, the keyboard on which you typed this response, the monitor on which you saw it, and the computer you used to submit it all lied to you by claiming that they "made" these devices. Open any of them and you'll find chips from Intel, Broadcom, Qualcomm, Samsung, Motorola, Huawei, and countless others.

They likely designed four prototypes. That says nothing about creating them from scratch, and they would be idiotic to even attempt to do so. They certainly couldn't do that on $600K.

This has been an interesting event. At one point coming up with an idea, contracting out with 'far east' manufacturers to build the hardware, and modifying open source software to put inside of it was something of a well known business plan. This project seems to have screwed up royally in the marketing aspect of things, but it certainly wouldn't be the first company to buy something in Asia for $X and sell it in the US and elsewhere for $3X.

It does seem to have really validated the concept (or at least a million dollars worth). It would have been even more interesting if this had gotten these guys off the ground and then they had used their installed base to create a better (and more bespoke) product. But the reddit hate has been pretty amazing.