Nov 26 2013

more ninjastiks

In July I noted that a company calling itself Ninjastik had popped up selling what looked to be essentially the Tor Browser Bundle on an 8 Gig stick for $56.95 or a 16 Gig stick for $69.95. As I expected, we have now seen one or two more companies attempting to sell products which leverage Tor – in effect they are trading, or attempting to trade, on the Tor reputation. The first such product to gain prominence is the so-called “safeplug” which appears to be made by the pogoplug guys. Roman Mamedov over at the tor-talk mail list suggested that someone might like to buy one of these and run a tear-down to check it out. No-one has yet owned up to spending the requisite $49.00, but that has not stopped a lively discussion about the value or otherwise of an “off-the-shelf” commodity device which purports to offer “complete anonymity and peace of mind”. As some commentators have said, that looks like dangerous advice. Tor is a complex system. It does not, and cannot offer complete anonymity if you don’t know what you are doing. Selling access to Tor in such a fashion looks like the actions of opportunistic snake oil salesmen.

This brings us to the second new device to pop up on the radar, the Open Router Project, or ORP. Here we have a crowd-sourcing plea for funds to develop what, on the face of it, looks to be an interesting device. The developers claim that ORP1 will offer:

a high performance networking router that allows you to run a firewall, IPSec VPN (virtual private network) and a TOR server for your home network.

Furthermore:

Its easy-to-use web interface will make encrypted and anonymised communications for your entire network easier to set up and manage. Now you don’t need to be a geek to be able to ensure that every device you use at home uses the internet with privacy, whether it’s your home PC, smartphone or tablet.

It’s that “you don’t have to be a geek” bit I worry about, particularly coupled with the promise of an “easy to use web interface”. Unfortunately, you /do/ have to be at least a little geeky to ensure that you remain anonymous when using Tor (or even VPNs, especially IPSEC VPNs). And read the “Stretch Goals” bit on the indiegogo site. That looks decidedly geeky, and is indeed described as such.

But we have a genuine problem here. All Tor users and evangelists want to see greater use of network level encryption in general and Tor in particular. Getting foolproof consumer devices which offer that into the hands of a much larger population of users must be a good thing. The devil, however, is in the detail. As some commentators on the tor-talk list pointed out, most people attempting to use such devices will become frustrated by the limitations Tor imposes (no scripts, no flash, blocks on many websites, odd language problems etc.). In the face of such difficulties, and without understanding why these happen, there is a danger that Tor becomes branded as unusable. In the worst case scenario, the poor unsuspecting user can actively but unwittingly de-anonymise him or herself whilst continuing to use the consumer device in the belief that it is still offering protection.

That said, I would love to see a foolproof consumer device which I could give to my kids in the knowledge that it would offer them the kind of privacy and anonymity they need and deserve. But I just /know/ I’d get lots of “support” calls.

Permanent link to this article: http://baldric.net/2013/11/26/more-ninjastiks/

2 comments

    • anonymous on 2013/12/01 at 4:28 pm

    Your last paragraph says it all – you don’t want to support people learning, so how the heck are we supposed to learn? This is not a rant, I tried downloading and getting ubuntu to work but having a job and 3 kids means time is limited. So I bought one of those usb devices and it works great. When I had a problem I got an email in an hour – from the perspective of a rather busy guy it was money well spent.

    As an aside I think if there was a linux support line, we’d have a lot more people using foss like ubuntu. the forums and help pages are filled with ill tempered, low patience tech geeks that seem to want to keep linux a niche. Break the paradigm and we’ll gain adoption.

    Anyway – great website, even the stuff I disagree with is well written and at the very least gets me thinking from different perspectives.

    • Mick on 2013/12/01 at 5:04 pm
      Author

    Thank you for the comment.

    If I give the impression, in this post or any other, that I do not want to support learning, then I am failing somewhere. One of the primary motivations for trivia is to assist others. The most popular posts here appear to be those of a “how-to” or “here, look, this is how I solved a problem that you may also have” type. If you have been reading trivia for any time you must have noticed that.

    In this particular post, the last line is meant to be partly ironic. I know from personal experience that Tor can be problematic to configure correctly. There are many, many points at which the user can make a mistake and completely negate the intended use of Tor. And using Tor effectively and safely entails some fairly major behavioural changes in browsing habits. /That/ is why I used the throw away line I did. I can just hear my daughter saying “Hey, what the hell have you done to Youtube?”, “Why is Google in German?” and “Why can’t I use facebook any more?……….”

    But I’m glad you like the site. There are bits of it I disagree with too.

    (Oh, and I agree with you about the arrogant linux geeks – see my post LMGTFY)

    Best

    Mick

Comments have been disabled.