How Anonabox Went From Privacy Savior to Scam in Less Than a Week

A router that promises easy privacy blew up on Kickstarter, only to ignite rumours that it could be a scam.

|
Oct 16 2014, 5:30pm

Image: Anonabox/Kickstarter

The narrative around a hot new device promising easy security for internet users is quickly unraveling.

The creators of the "Anonabox" describe it as a "100 percent open source" networking device designed to run the anonymizing service Tor. 

The idea, its Kickstarter campaign explained, is to allow even those with minimal technological literacy to enjoy a high degree of privacy online. The campaign asked for $7,500 of funding; it's already boasting nearly $600,000.

But just as quickly as the crowdfunding campaign sky-rocketed, rumors started to spread that the device wasn't the dedicated, designed-from-the-ground-up Tor machine pitched, but some cheap, off-the-shelf gear married with a bit of code. Some Reddit commenters even suggested the entire enterprise could be a scam.

It all started with a Wired article, published on Monday. "With This Tiny Box, You Can Anonymize Everything You Do Online," read the headline, and the piece stated that, for the price of $45, you could buy a router that "automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user's IP address and skirting censorship."

That probably sounds attractive both to geeks who have tirelessly configured all of their machines to run through Tor and would like an easier solution, and non-technically-minded people who are just starting to care about online privacy in a post-Snowden world.

Unsurprisingly, the Kickstarter got off to a good start, clearing its $7,500 target within 24 hours. But nobody expected it to do as well as it has done.

At time of publication, over 9,000 individuals had backed the project

By the next day, it had raised over $300,000, according to The Guardian. "It's hard to express the gratitude we are feeling knowing so many of you share our interest and support us," August Germar, one of the developers, wrote on the project page. "As you can imagine things are happening pretty quickly and we are doing our best to keep up."

But it didn't stop there. It then passed the half a million mark. At time of publication, over 9,000 individuals had backed the project.

After its initial success, however, the story took a sudden turn. Reddit users started noting what they thought could be inconsistencies with the product's pitch.

Although pushed as a "100 percent open source" project, hardware and software included, some pointed out that the circuit board posted on the Anonabox's Kickstarter bore a striking resemblance to a chip set from China.

An image on the Kickstarter page shows the 'four generations' of Anonabox. "The first Generation was the only one with off the shelf hardware," the page says. Others are not convinced this is the case.

On Wednesday, August Germar, one of the developers, ran a Reddit AMA. Quickly,  the top rated comment was not one praising the machine, or an acute answer from its developers, but a series of photos alleging that Anonabox's hardware was in fact off-the-shelf.

The photos also showed the outer casing, which was supposedly custom-designed. A Redditor posted a comparison with a "NEXX mini-router," and Wired contributing editor Kevin Poulsen tweeted a couple of pictures comparing the Anonabox case to another router listed on Alibaba.

It doesn't seem to be the fact that Anonabox uses off-the-shelf products that has annoyed people. What's stirred them up is feeling duped.

"He needs to post the hardware design, or change his kickstarter to state that he didn't design the hardware and that it is not "100% open source". End of story,"  one commenter wrote.

There's a technical element too: if the Anonabox is just using readily available Chinese routers that are not open-source, that may leave them exposed to vulnerabilities in that design. The whole point of open-source hardware is to avoid this: to transparently build a device so those in the security community can scrutinise it, and make it more secure.

On top of the general backlash, some are suggesting that Anonabox's code isn't all that open either.

Another commenter in the reddit AMA pretty much summed up the story so far: "This whole thing is bursting in flames faster than anything else i have ever seen before. Incredible."

Andy Greenberg, the author of the original Wired article, rang Germar back, and reportedly pressed him about these details. Wired then published an update at the bottom of their piece:

In a followup phone call with Germar, he clarified that the router was created from a stock board sourced from the Chinese supplier Gainstrong. But he says that the project's developers requested Gainstrong add flash memory to the board to better accommodate Tor's storage demands. Germar also says now that the case was supplied by Gainstrong and was not custom-designed by the Anonabox developers, a partial reversal of how he initially described it to WIRED.

Anonabox did not respond to my phone calls, emails, messages over Kickstarter, or messages over Reddit. We will update this article if we receive a response.

Meanwhile, if there's anything to take away from this, it's that people really will pay for privacy; or at least the promise of it.