Does this project spark your interest?

Become a member to follow this project and don't miss any updates


Web security everywhere

Secure your Internet, control your data, fight censorship.
Bring your autonomous all in one privacy device everywhere.

Similar projects worth following
In a world where digital privacy doesn't exist anymore, where journalists couldn't securely do their work, where companies are spyed upon by various entities, and where Human Rights are cynically disregarded, there is an urgent need for an easy-to-use tool to restore digital privacy.

This autonomous device uses the available connectivity to build a secure access-point and bypasses internet filters to connect to a remote network, use a secured internet or even browse anonymously.
Connect your laptop/smartphone to the device's secured wifi access-point, no additional setup is needed. Enjoy a secured internet anywhere, anytime.

It could connect the internet via a public wifi access-point, 3G internet via phone usb/wifi tethering, corporate cable network, or even your own router/ADSL box.

It is very easy to use with its touch control interface and its fully automatized functions.

It could run autonomously during several hours on its internal battery.

This device was semifinalist of The Hackaday Prize contest ! - Link -

Basically, this device acts as a wifi / ethernet router and access point. It could connect to the internet using some random wifi, a wired network, or a tethered android phone (wifi or usb). On the secured side, it acts as a wireless access point with internet forwarding so it works with every kind of device : PC, laptop, smartphone, using Windows, GNU/Linux, Android or even Mac-OSX.

The wireless access-point is also hardened with a random key feature. The access-point security key could be modified on-demand and at boot-time with a random one.

From the touch screen interface, TOR or an OpenVPN tunnel could be enabled. This custom interface could be used for complete operation, full setup and device monitoring.

It only needs a wifi adapter and no setup on the endpoint device (computer, smartphone…) to work. The user interface is also very easy to use with on/off buttons, so it is very easy to operate by non tech people.

In sensitive situations, the complete software and operating system could be installed in a few minutes from a preconfigured and encrypted image. The SD-card could also be removed from the device or even destroyed in a few seconds, causing no harm to the device, but makes it completely empty and useless. This way, sensitive data such as SSH private keys are secure.

The device hardware is open source, and uses only free software. This way, it could be improved by the community when it needs to, and it also helps defend digital freedom and Human Rights.

It also makes a perfect device to fight planned obscolescence : the software is built to be cross-compatible with different boards, offering different features, to adapt to various situations and evolve over time.

The device could be built at home using some easily sourceable parts and laser cut enclosure in a ready-to-build kit (see below), but could also be easily customized and manufactured for specific needs.

Key features

  • Secure wireless access point, with random security key generation features :

- Quick connect to Android using QR code

- AP security forced on WPA2-PSK

  • On-demand OpenVPN transparent tunnelling to a remote trusted network/server (here, it is a second Raspberry Pi) :

- Point to point tunneling with internet forwarding

- Very stable and fast over wireless, cellular and other non reliable networks

- Keeps connected over a roaming connection

  • On-demand Tor transparent proxy :

- Anonymous browsing,

- Access forbidden websites / services based on location

- Force or Block relay nodes based on their location, from the main interface

  • Hardware firewall with dynamically and automatically addressed rules
  • Capable of traversing NATs and firewalls
  • Ad-blocker / DNS filter feature with quick custom rules
  • Touch display control interface
  • Very low power consumption : ~5 Watts, runs on a phone charger
  • Onboard 2600 mAh battery : ~4h running time
  • External 10000 mAh battery : adds ~8h and charges onboard battery
  • Very easy to operate, install and deploy

Why is it an important device ?

  • It prevents people from learning your physical location or browsing habits,
  • It helps defend individuals against traffic analysis,
  • It helps businesses to keep their strategies confidential,
  • It helps activists to anonymously report abuses or corruption,
  • It helps journalists to protect their research and sources online,
  • It helps people to use online services blocked by their local Internet providers

Target audience

  • People who want to fight a form of network surveillance that threatens personal freedom and privacy,
  • Every kind of job/activity that require confidentiality / privacy / security,
  • Every kind of job/activity that require some secure remote access,
  • Journalists / Activists

How you can help

This device is still in a prototype stage. It is actually looking for many things :

  • some technical and security expertise
  • a lot of feedback (reason I don't have any comments is still a mystery)
  • some funding would really help, I'm looking for a solution to...
Read more »

  • The new prototype

    Arcadia Labs03/03/2015 at 19:13 4 comments

    It's been a long time since the last update...

    I now have the planned hardware built and running. Here are the changes :

    • More powerfull : dual core CPU, 1 GB RAM
    • Gigabit ethernet
    • Onboard wifi with external antenna
    • Onboard charging circuit with onboard power on/off and reset buttons
    • 2000 mAh "internal" battery
    • less power hungry (going from +1A to 650mA)
    • Specially designed LVDS capacitive touchscreen
    • A lot smaller than previous prototypes

    I still don't have an enclosure for it, but I think it really looks like a final consumer product, and it is running very well and fast.

    There are also some software updates, but I will make a dedicated log about that.

    What are your thoughts about this one ?

  • Wireless AP advanced features

    Arcadia Labs11/17/2014 at 13:17 3 comments

    I've been very busy with the device lately.

    First, I added some Wireless AP advanced features to the user interface :

    • Random SSID and passphrase generator : each time the Wireless AP is restarted, a new random SSID and passphrase combo is generated. It could be enabled on boot (default enabled).
    • Quick connect : when the Wireless AP is restarted (or SSID / passphrase combo changed), a screen shows these informations (for PC users) along a QR code for quick Android connection.
    • Advanced settings : I added new Wireless AP user settings :
    1. key lenght (32-64-96-128-196-256 bits, defaults 128),
    2. AP Channel (1 to 13),
    3. random SSID (defaults on),
    4. random SSID / passphrase on boot (defaults on),
    5. request new AP SSID/passphrase

    Wireless AP security is locked on WPA2-PSK (hardcoded).

    I also added some hardware monitoring :

    • Device temperature monitoring. An icon appears if the device runs hot (never happens anymore but we never know) and shuts down on overtemp
    • Battery power gauge

    Finally, I finished porting the software to the BananaPi board, but I have an issue with the touchpanel driver. More details on this page. I own the official (and very nice) BPi 3.5" display but it is not touch enabled (yet), so I may have to find another display to complete the porting.

    Some pictures :

  • Clarifying... Again...

    Arcadia Labs10/17/2014 at 20:46 0 comments

    To the many people who are asking if I have something to do with "Anonabox" cancelled kickstarter campaign :

    NO, I have nothing to do with them. They took advantage of this project when starting their campaign a few hours before the contest judging, and used my phrasing, but that's all. The tech savvy people could even check registrar to see the mentionned website was registered long after my project was registered to the contest.

    Edit : Hackaday just posted an article about this here. Thanks for your support, Hackaday !

    Here is also a good analyze about the Anonabox scam.

    I'm also very interested in starting a KickStarter campaign or anything else that could make this device reach market (KickStarter is not available officially from France). I'm open to every proposition, so please drop me a line !

    I just added a small Paypal Donate button on the project homepage... Do whatever you want with it :p

View all 29 project logs

View all 6 instructions

Enjoy this project?



justin.m.riddle wrote 04/24/2016 at 05:41 point

I'd love to order one as well, hopefully we get an update.  Does anyone have the creators contact into?

  Are you sure? yes | no

farrelan wrote 02/24/2016 at 20:04 point

Is this project still active? Very interested in your interface. I have everything setup and working on my own.

  Are you sure? yes | no

elgigglez39 wrote 12/31/2015 at 07:43 point

is there any place to order these, or is it still under development 

  Are you sure? yes | no

Mixon wrote 12/11/2015 at 13:53 point

Oi!, about time to update this. And start to sell ^^. There is a lot of lazy people who want to buy ^^. A+ Project.

Best regards. 

  Are you sure? yes | no

Chris Baldwin wrote 11/26/2015 at 13:52 point

would love to buy one of these

  Are you sure? yes | no

Rince wrote 10/10/2015 at 15:42 point

This sounds like a cool device! I'd love to (beta-)test it and maybe also try to gain access on sites I shouldn't have some.

And yes, it would be great to be able to test it :-)

What do you think of using privoxy as privacy proxy which strips a lot of headers from the traffic between your clients and the internet?

  Are you sure? yes | no

beastin.em1 wrote 04/14/2015 at 01:17 point

This is amazing and exactly what I have been looking for!! Do you plan to re-post the source code so that I can use this device? Thanks!

  Are you sure? yes | no wrote 03/24/2015 at 06:54 point

Wow.  I wish I would have seen this sooner.  Very impressive.  This is actually exactly what I intended to do but time and resources are in short supply and high demand.  You've done significantly better than I could have imagined my own may have turned out.  Belated congratulations on becoming a semifinalist!  Had I seen this at the time, it would have had my vote.

  Are you sure? yes | no

Atwas911 wrote 02/25/2015 at 17:09 point

Overall I am very impressed with this build. Very good attention to detail and very well thought out. A++ for the device itself..

BUT... I do have to comment on one point. This is not the first of these types of devices that I have seen. Devices that act as a gateway to Tor.

Connecting a computer that you have already accessed the internet directly with through Tor will not provide you any privacy protections what so ever. Your computer's unique id's have already been recorded and all you're going to do is update your ip logs with tor exit nodes. There are so many services that get installed that all "call home" to either check for updates, validate license keys/DRM etc.. And each of these has the ability to identify you and do. Not to mention all the "non-torbrowser" exploits and javascript tracking.

As I have said, i've seen several devices that allows people to easily do this and I have not yet seen any of them offer the above said warning.

  Are you sure? yes | no

Arcadia Labs wrote 03/02/2015 at 17:06 point

Hi, thanks for your support !

You're perfectly right about background services. This is why I'm adding the "security profiles" feature. It should open the firewall only for a few allowed services and blocks everything else.

On top of that, there's also the domain filter, where one could add IPs/domains to block.

And if it's still not enough, there exist some tools I could use, like MITM proxy.

About browser / javascript exploits, I'm adding some very explicit warning messages to the interface, where it shows how to use the device safely (install no-script, use private browsing, etc). These exploits are very concerning to me, but I still didn't find a better way...

The vast majority of similar devices I know don't go this far : they usually only provide a Tor gateway and nothing else (firewall rules if you are lucky). This is the reason why I'm not rushing for a release, and prefer working on good implementation...

  Are you sure? yes | no

XLT_Frank wrote 12/10/2014 at 20:33 point

  Are you sure? yes | no

antsnark wrote 12/07/2014 at 08:21 point
Add i2p to the interface, please :-)
I think, it s time to re-purpose my media-player RasPi to sich a thing :-)

  Are you sure? yes | no

Trevor Johansen Aase wrote 11/23/2014 at 19:56 point
Will you have a transparent proxy on the box that strips all adds, malware, etc from the pages before re-serving them? Or is the current plan just a point-2-point transferral of the connection?

I would love this as I use to run Smoothwall (On my rockin dual PII 300mhz) and I only had to re-install Windows a few times a year!

  Are you sure? yes | no

Arcadia Labs wrote 11/24/2014 at 17:36 point
I plan to add some filtering capabilities. Actually I'm using a small proxy filter script based on dnsmasq that is running well and is very customizable.
I think the new BPi based prototype has the processing power for this, maybe even a transparent realtime malware scanner.
My biggest problem actually is about browser cookies and this kind of things.

  Are you sure? yes | no

ali wrote 10/18/2014 at 14:32 point
Hey, thanks for working on this! I've got a couple comments/feature requests:

It would be really great if people can easily share their UnJailPi connection with others over WIFI - would it ever be possible for a nearby client to detect an UnJailPi and connect to it with WIFI? The benefit here is a) the connectivity (3G/Broadband) is paid for by someone completely other than eg. the journalist/activist, b) if a journalist can connect via WIFI, their location will be less visible than if they connected something (their phone or UnJailPi) via 3G.

In terms of reducing the risk for the person sharing their connection to anonymous users, it could be required for guests to connect via a Tor bridge provided by the UnJailPi - traffic leaving the UnJailPi could not be traced back as an OpenVPN connection could.

The Tor bandwidth issue could be resolved with traffic shaping on the box, so each client is limited to X Mb of usage per minute. This wouldn't allow videos, but could allow abuse prevention for 100% Tor access.

It's best not to rely on VPN these days for anything more than encrypting traffic from your immediate ISP - the VPN provider will still have the plaintext, and the traffic from the VPN provider to end service will be unencrypted. Additionally advanced actors are collecting the VPN keys, either with insiders or exploiting the VPN comanies (there are only so many VPN companies). In short, HTTPS/TLS is the only real solution there.

Perhaps allowing owners to block HTTP (port 80) connections would give some protection against mistakes there (similar to the HTTP Nowhere plugin).

It should be possible to keep most of the software quite general, potentially allowing installation on phones to use their 3G, or on OpenWRT capable routers, so I hope the development doesn't make raspi too much of a requirement...

Thanks, best of luck!

  Are you sure? yes | no

Arcadia Labs wrote 10/20/2014 at 01:52 point
Your first idea about sharing UnjailPi connections over wifi is nice, however
I'm not sure to understand well the part about a Tor bridge. Do you mean, we
always have a Tor circuit active for anonymous users, inside a reserved wifi
"tunnel" ? How would it react if both devices enable Tor ? However it's a great

About the VPN part, I never designed the device to connect to third-parties VPN
providers. It is meant to be used with your own server (I'd like it to be a
second unjailpi), you could leave at home or at a secure place and connect to it
when necessary (fast-food wifi etc...).

Your HTTP nowhere is a brilliant idea. From start I want to force http traffic
to https (like https everywhere) but couldn't find a good solutions. Blocking
HTTP could be a first real solutions, but would need some sort of captive portal
for denied connections.

Do you have some expertise about all this ? Perhaps we could talk...

For the moment, the software could run on about every linux computer. Running on
routers could be more tricky, I don't see how it could be usable without some

Thanks for your support !

  Are you sure? yes | no

ali wrote 10/21/2014 at 21:20 point
Good to hear you liked the ideas!

I should probably mention a few caveats:

Connecting to a personal VPN server would lose the anonymity properties of commercial VPNs, since then only one person would be using it (though generally VPN shouldn't be considered anonymous anyway).

Terminating the VPN at the home would still leave traffic onwards in the clear, as though browsing in the clear in your living room.

IMO surprisingly few people would set up a home VPN server themselves due to the effort.

Sharing a connection would probably be a bad idea for the current VPN and Tor modes, since a malicious user could join and purposely emit location/IP data in the traffic, which would be associated with other users' traffic and greatly reduce their anonymity.

Sharing a connection would definitely be a bad idea for VPN mode if the other end was at the person's home, as that would allow allow random people access to the home's internal network.

In general, wrapping the pipe in Tor or VPN is hazardous and requires quite a lot of discipline and technical knowledge to use correctly, because if anything on the end user device is transmitting deanonymised traffic, the rest of the traffic can have its identity compromised by being associated with it. If a user can run the Tor Browser Bundle on their computer instead they would likely be safer because that traffic would be isolated from the rest of the computer's connections.

My suggestion was that instead of wrapping the entire outbound pipe in VPN or Tor, a Tor bridge could be available with the WiFi LAN at eg. and any immediate WAN traffic blocked, so the Tor bridge must be used to reach the internet. With my current understanding I think that's secure and would keep different users' traffic separated. This is completely different from the current VPN and Tor settings, so would be a 3rd option.

Blocking outbound port 80 traffic changes the anonymity profile of it slightly so it might be reduced from "is a Tor user" to "is an UnJailPi user". Personally I don't think that's a show-stopper, but something to be aware of.

Comments to points from another post I saw:

PHP concerns seem legitimate IMO. It'd probably be safest for all admin functionality to be touch screen only and not available on the LAN.

Decades of experience working with people's communications in clear text might not make Telco companies the best communications security advisors ;)

Kaspersky labs' founder has recently been quoted arguing for "Internet Passports", whatever they are, so may not be the best advisors for anonymous technology devices.

However, it's great that you're working to do something about the clearly unsatisfactory communications security situation, especially for regular non-technical people, and I raise all these points so you can be aware of them as you go.

  Are you sure? yes | no

iondream wrote 10/18/2014 at 01:49 point
Finally, a portable attack barrier, just like in ghost in the shell. Do you think a neural jack will be included in version 2?

  Are you sure? yes | no

Arcadia Labs wrote 10/18/2014 at 02:01 point
I never thought about that ! But where would you plug the other end ?

  Are you sure? yes | no

jigo santos wrote 10/17/2014 at 23:00 point
any chance that you will start an indiegogo project for this device?

  Are you sure? yes | no

Arcadia Labs wrote 10/17/2014 at 23:19 point
If there is no way with kickstarter, yes, indiegogo or another one is an option.

  Are you sure? yes | no

sandie wrote 10/17/2014 at 20:21 point
Suspended project on KickStarer was your or not? I would be very happy to donate your work for a device reward. There is high interest / market demand as seen on KickStarter. Hope you will use it!

  Are you sure? yes | no

Arcadia Labs wrote 10/17/2014 at 20:29 point
Hi ! Of course not, Anonabox scam is not a project of mine.
I'd be happy to start a KickStarter based on this device, but I'm not from US. If you have a solution, I'm very interested !
Thanks for your support !

  Are you sure? yes | no

Ivy.Y wrote 09/28/2014 at 03:26 point
Its impressive!!! Small but STRONG!!!

  Are you sure? yes | no

tony.zhang wrote 09/27/2014 at 12:02 point
So nice to see it has been ported into Banana Pi board finally!

  Are you sure? yes | no

Arcadia Labs wrote 09/28/2014 at 21:11 point
You were of great help, Tony... ;)

  Are you sure? yes | no

Yaggi-2013 wrote 09/25/2014 at 16:03 point
Wow ! impressive ! Small and full of functions ! I'd love put it behind my dbm-boosted Yaggi !

  Are you sure? yes | no

Tachyon wrote 09/07/2014 at 12:00 point
Regarding the heat issue...try starting simple. Block off the sides and let convection do the work. This is assuming you make it to be stood up as in the first photo. Note that you'll need to leave an opening at the bottom.

  Are you sure? yes | no

Similar Projects