Close
0%
0%

Web security everywhere

Secure your Internet, control your data, fight censorship.
Bring your autonomous all in one privacy device everywhere.

Similar projects worth following
In a world where digital privacy doesn't exist anymore, where journalists couldn't securely do their work, where companies are spyed upon by various entities, and where Human Rights are cynically disregarded, there is an urgent need for an easy-to-use tool to restore digital privacy.

This autonomous device uses the available connectivity to build a secure access-point and bypasses internet filters to connect to a remote network, use a secured internet or even browse anonymously.
Connect your laptop/smartphone to the device's secured wifi access-point, no additional setup is needed. Enjoy a secured internet anywhere, anytime.

It could connect the internet via a public wifi access-point, 3G internet via phone usb/wifi tethering, corporate cable network, or even your own router/ADSL box.

It is very easy to use with its touch control interface and its fully automatized functions.

It could run autonomously during several hours on its internal battery.

This device was semifinalist of The Hackaday Prize contest ! - Link -


Basically, this device acts as a wifi / ethernet router and access point. It could connect to the internet using some random wifi, a wired network, or a tethered android phone (wifi or usb). On the secured side, it acts as a wireless access point with internet forwarding so it works with every kind of device : PC, laptop, smartphone, using Windows, GNU/Linux, Android or even Mac-OSX.

The wireless access-point is also hardened with a random key feature. The access-point security key could be modified on-demand and at boot-time with a random one.

From the touch screen interface, TOR or an OpenVPN tunnel could be enabled. This custom interface could be used for complete operation, full setup and device monitoring.

It only needs a wifi adapter and no setup on the endpoint device (computer, smartphone…) to work. The user interface is also very easy to use with on/off buttons, so it is very easy to operate by non tech people.

In sensitive situations, the complete software and operating system could be installed in a few minutes from a preconfigured and encrypted image. The SD-card could also be removed from the device or even destroyed in a few seconds, causing no harm to the device, but makes it completely empty and useless. This way, sensitive data such as SSH private keys are secure.

The device hardware is open source, and uses only free software. This way, it could be improved by the community when it needs to, and it also helps defend digital freedom and Human Rights.

It also makes a perfect device to fight planned obscolescence : the software is built to be cross-compatible with different boards, offering different features, to adapt to various situations and evolve over time.

The device could be built at home using some easily sourceable parts and laser cut enclosure in a ready-to-build kit (see below), but could also be easily customized and manufactured for specific needs.


Key features


  • Secure wireless access point, with random security key generation features :

- Quick connect to Android using QR code

- AP security forced on WPA2-PSK

  • On-demand OpenVPN transparent tunnelling to a remote trusted network/server (here, it is a second Raspberry Pi) :

- Point to point tunneling with internet forwarding

- Very stable and fast over wireless, cellular and other non reliable networks

- Keeps connected over a roaming connection

  • On-demand Tor transparent proxy :

- Anonymous browsing,

- Access forbidden websites / services based on location

- Force or Block relay nodes based on their location, from the main interface

  • Hardware firewall with dynamically and automatically addressed rules
  • Capable of traversing NATs and firewalls
  • Ad-blocker / DNS filter feature with quick custom rules
  • Touch display control interface
  • Very low power consumption : ~5 Watts, runs on a phone charger
  • Onboard 2600 mAh battery : ~4h running time
  • External 10000 mAh battery : adds ~8h and charges onboard battery
  • Very easy to operate, install and deploy

Why is it an important device ?


  • It prevents people from learning your physical location or browsing habits,
  • It helps defend individuals against traffic analysis,
  • It helps businesses to keep their strategies confidential,
  • It helps activists to anonymously report abuses or corruption,
  • It helps journalists to protect their research and sources online,
  • It helps people to use online services blocked by their local Internet providers

Target audience


  • People who want to fight a form of network surveillance that threatens personal freedom and privacy,
  • Every kind of job/activity that require confidentiality / privacy / security,
  • Every kind of job/activity that require some secure remote access,
  • Journalists / Activists

How you can help

This device is still in a prototype stage. It is actually looking for many things :

  • some technical and security expertise
  • a lot of feedback (reason I don't have any comments is still a mystery)
  • some funding would really help, I'm looking for a solution to...
Read more »

View all 10 components

  • Looking for the good way...

    Arcadia Labs09/21/2016 at 13:09 2 comments

    After a lot of time thinking about this sad story, I decided to release the project to public domain. I won't sell it and I won't make any real money with it, so in my opinion, this is the best option : with a strong license, it should prevent any fishy corporation / administration to exploit it, still allowing users to do whatever they want with it.

    So I'm left with 2 questions for the Hackaday readers :

    - what would be the best license to use ? I want the device to be free (as in freedom), but I don't want nasty corporations to use it for bad purposes, locking it to the public or make insane money with it (it would not be fair in my opinion)

    - is asking for a donation a bad idea ? Would you give one ? I think getting some money back would be fair, as I lost so much designing a useful tool I'm now willing to give for free.

    Do you have a better idea ?

    I still want to write about the story surrounding this project : we often read about successful stories, failures not so much...

  • One year later...

    Arcadia Labs05/26/2016 at 23:19 4 comments

    I really had to write an update to this project, but it's a difficult task.

    This project has been a major part of my life for almost 2 years. From the 2014 semi finals to a swiss company scam in May of 2016, I encountered almost everything possible and lost a lot :

    • I've been threatened by a major company
    • I dodged 5 scams (from venture capitalists to big well known industries)
    • I lost a lot of money
    • Finally I lost my wife and my home

    So, despite I still believe this device is a very important one, I now prefer devoting my time and skills to other projects. I've lost too much because of it.

    The device is running well, but the code is not secure enough to give it to the public, so I won't release it in the actual state. The device is too critical to be used lightly, or by someone who is not aware about its actual limits. I don't want this kind of responsibility anymore.

    However, I learned a lot, from designing to dealing with lawyers. And it was a great experimentation.

    You are free to email me if you want to discuss about it.

    Thank you hackaday, and many thanks to the hackaday readers who supported this project.

  • The new prototype

    Arcadia Labs03/03/2015 at 19:13 4 comments

    It's been a long time since the last update...

    I now have the planned hardware built and running. Here are the changes :

    • More powerfull : dual core CPU, 1 GB RAM
    • Gigabit ethernet
    • Onboard wifi with external antenna
    • Onboard charging circuit with onboard power on/off and reset buttons
    • 2000 mAh "internal" battery
    • less power hungry (going from +1A to 650mA)
    • Specially designed LVDS capacitive touchscreen
    • A lot smaller than previous prototypes

    I still don't have an enclosure for it, but I think it really looks like a final consumer product, and it is running very well and fast.

    There are also some software updates, but I will make a dedicated log about that.

    What are your thoughts about this one ?

  • Wireless AP advanced features

    Arcadia Labs11/17/2014 at 13:17 4 comments

    I've been very busy with the device lately.

    First, I added some Wireless AP advanced features to the user interface :

    • Random SSID and passphrase generator : each time the Wireless AP is restarted, a new random SSID and passphrase combo is generated. It could be enabled on boot (default enabled).
    • Quick connect : when the Wireless AP is restarted (or SSID / passphrase combo changed), a screen shows these informations (for PC users) along a QR code for quick Android connection.
    • Advanced settings : I added new Wireless AP user settings :
    1. key lenght (32-64-96-128-196-256 bits, defaults 128),
    2. AP Channel (1 to 13),
    3. random SSID (defaults on),
    4. random SSID / passphrase on boot (defaults on),
    5. request new AP SSID/passphrase

    Wireless AP security is locked on WPA2-PSK (hardcoded).

    I also added some hardware monitoring :

    • Device temperature monitoring. An icon appears if the device runs hot (never happens anymore but we never know) and shuts down on overtemp
    • Battery power gauge

    Finally, I finished porting the software to the BananaPi board, but I have an issue with the touchpanel driver. More details on this page. I own the official (and very nice) BPi 3.5" display but it is not touch enabled (yet), so I may have to find another display to complete the porting.

    Some pictures :

  • Clarifying... Again...

    Arcadia Labs10/17/2014 at 20:46 0 comments

    To the many people who are asking if I have something to do with "Anonabox" cancelled kickstarter campaign :

    NO, I have nothing to do with them. They took advantage of this project when starting their campaign a few hours before the contest judging, and used my phrasing, but that's all. The tech savvy people could even check anonabox.com registrar to see the mentionned website was registered long after my project was registered to the contest.

    Edit : Hackaday just posted an article about this here. Thanks for your support, Hackaday !

    Here is also a good analyze about the Anonabox scam.

    I'm also very interested in starting a KickStarter campaign or anything else that could make this device reach market (KickStarter is not available officially from France). I'm open to every proposition, so please drop me a line !

    I just added a small Paypal Donate button on the project homepage... Do whatever you want with it :p

  • Random Security Key

    Arcadia Labs10/16/2014 at 21:42 0 comments

    I just pushed a new update (5_11)

    Along minor changes, there is now the possibility to manually or automatically generate a random security key. This key is being used by the wireless access point software (hostapd).

    A new menu entry allows to use this feature and see the actual key. I have yet to add other access-point related options but it's now easy. WPA2-PSK setting being hardcoded is not necessarily a bad thing for the moment :p

    Another hardcoded variable is key lenght. It is meant to be user-definable between 40-256 bits (for scalable security vs usability), but I didn't add it to the menus yet.

    The random key generation is also possible on boot, but it's still (also) a hardcoded config variable.

    Of course, hostapd and the related interface are automatically restarted when needed to apply the new config.

  • Clarifying

    Arcadia Labs10/16/2014 at 12:37 0 comments

    HackadayPrize semifinals ore now over. Congratulations to the 5 finalists ! You really deserve it !

    Now, move on, there's still a lot of work with this device...

    With the hype created by the (very questionnable) "Anonabox", it is very important I clarify a few things :

    • Tor is not meant to encrypt traffic, "Anonabox" is very wrong about this. Tor is meant to hide your IP address, nothing more : each end of the Onion circuit could see your traffic. Encrypting traffic is OpenVPN job.
    • Tor is not meant to be used all the time : for an example, using it to stream videos, like said on "Anonabox", will cause harm to the Onion network. This is the reason UnJailPi is not fully automatic, and you are still able to activate/deactivate Tor and OpenVPN : you use them when you need them.
    • This device won't protect your privacy if your end-point device (tablet, computer) is compromised already. You will also have to change some of your browsing habits : disable Javascript in your browser, carefully use credentials, and some more. Quoting Kali Linux meme : "With great power, comes great responsability"
    • For the moment, UnJailPi is built on top of a cut-down Raspbian Operating System. It was the best way (IMO) to start with a clean base : Raspbian repos are used widely so there shouldn't be anything really suspiciousn and software updates still remain easy. However I'm actually looking for a more specialised operating system : Moebius, OpenWRT, PORTAL are options.
    • UnjailPi prototypes use Raspberry Pi / Banana Pi boards. Raspberry Pi is a well known board, we can be 100% sure it doesn't have any hardware backdoors. About Banana Pi, I'm sure LeMaker people will be more than happy to have some of their boards handle an audit.
    • I never said anywhere I'm a security specialist. My code is easy enough to prove there are no flaws in it, and if there are, I'd be more than happy to correct them.
    • UnJailPi is still at the HackadayPrize semifinals status : it is still in a prototype stage and final revision is not there yet. The device is looking for some funding, some feedback, and could benefit of some technical help. If you are willing to support this project, feel free to contact me...

    I'm also being asked the differences with Adafruit OnionPi. Here are some of them :

    • OnionPi is fully automatic, Tor is enabled on startup. This was a good start base, but Tor needs to run only when we need it.
    • OnionPi doesn't provide any OpenVPN features
    • OnionPi doesn't offer access-point random key generation features
    • UnJailPi has a very easy-to-use user-interface
    • UnJailPi allows to block/force Tor relays depending on their location
    • UnJailPi is really autonomous with its internal battery (2-3 hours running-time)
    • UnJailPi works with every type of outside access : cable ethernet, private/public wifi, mobile data network with android USB/wifi tethering. There are also plans to include LTE 4G dongles support.


    I'm very open to discussion about this device. If you're interested, please drop me a line...

  • A long-awaited feature...

    Arcadia Labs10/03/2014 at 20:20 0 comments

    Finally, it's there : we can now black-or-white list TOR relays based on location, from the main interface.
    It's a little difficult to explain, so here is the demonstration video (I apologize for the video quality, filming this tiny screen is not so easy) :

    Basically, it allows to force or block relays, based on their location (246 countries....). It was a really important feature from start, but some work had to be done to allow this possibility.

    One could notice the menu is not so nice yet, and this feature still needs a "complete reset" and a easy to read list of white-or-black listed node locations : it may be a little difficult to know the current settings. But hey, it's not a big deal, the hard part is done already.

    Now, I want to be able to determine the exact circuit TOR is using, maybe show it on a map. I already have a few ideas about how to do it, even some code snipplets ready, but it is another story.

    Now, I could easily watch Doctor Who's new season live episodes on BBC from France... :-)

  • Time to thank people

    Arcadia Labs09/28/2014 at 13:09 0 comments

    We are now a few hours to the next vote, so I think I won't work on the documentation anymore until then. The project will make the cut to the next contest stage, or will not, it's now too late to change this fate.

    So, I think it is a great time to thank the people who contributed to this project, either with providing some hardware, or with giving some time, or both. This project could not have gone so far without these people :

    • PiModules donated the main prototype's powering circuit and laser cut enclosure. On the other hand Ioannis is always present when I encounter problems.
    • LeMaker team worked so hard to improve their software and allow the BPi prototye to work in time. They are also of great help with many things along the way.
    • Many people offered their help in one way or another : the swiss people that invited me for a device's show, the hackaday readers who gave some very contructive critizism about the project, the friends and relatives who donated time, advices and critizisms, and of course my best half who supports me day after day.

    Of course, I wish to thank HackaDay team for bringing me the chance to get some attention about this device. Before this contest, I wasn't that sure my device concept could be interesting to people. Now, I don't have any doubts about it.

    This contest is only the beginning about this device. Many more improvements are planned, and I'm already working hard towards a future marketing scheme. Partners and customers are identified already, it is just a matter of time (and money) right now.

    Now, back to coding...

  • Finally, this one is working just in time

    Arcadia Labs09/27/2014 at 02:34 0 comments

    I was not sure I could make it work before the next vote, but finally it is there and I could show it.

    This prototype shares the first prototype's display and enclosure, it is so nice to make experiments without breaking anything... Software is cross compatible with the "official" device. Other than that, this is a completly different beast.

    This prototype is not meant to remplace the actual device which runs very well, but to live side by side with it. Each one offers its own unique hardware features (the Raspberry Pi advantages being the most advanced device, easily buildable, and offers a large support community).

    Hardware :

    The main board is the Banana Pi from Lemaker people. This is a Allwinner A20 SOC featuring a 1GHz dual-core Cortex A7 CPU, with 1GB DDR3 memory, Gigabit ethernet, a SATA port, and battery charging circuitry. The user defined led and onboard on/off button are also very appealing. It shares the Raspberry Pi GPIO scheme and runs a Raspbian-compatible operating system. 

    So it made perfect sense to port the Web Security Device to this board first.

    The most difficult part was about the display, it finally worked only today. This prototype still misses its internal battery, but I already made some progress about it and Lemaker people do a great job helping me along the way with their hardware.

    Software :

    Like I've done with the actual device, it runs a stripped-down version of Raspbian-like OS, cleaned up of every component non-essential to the device. Less software components means better security. I also updated the main software to be 100% cross-compatible with RPi and BPi (except the powering management part for the moment). Next move may be moving both boards to some barebone distro.

    It still needs a lot of work, but this new prototype runs very well already, and is pretty fast...

View all 31 project logs

View all 6 instructions

Enjoy this project?

Share

Discussions

tomadam123 wrote 04/03/2023 at 19:00 point

  Are you sure? yes | no

Luis Páez wrote 02/25/2018 at 23:50 point

Is it possible to use a PIC instead of the Pi?

  Are you sure? yes | no

Jonathan wrote 11/02/2017 at 05:06 point

You said that companies we're showing interest in the hardware. Is there any guarantee that the project will remain open for others to build at home and that it would resist any and all attempts to circumvent the private of the hardware? I hate to ask this, but there have been companies who have caved to the government and other groups either for money or to save themselves from closing the company/legal trouble. I know it may seem blaringly apparent that you care about the public privacy rights and etcetera. I just wanted to hear it in black and white whether it was more than any kind of financial gain.

This seems like something that could take off like a rocket once it gets started. Eventually, groups may begin to look at it for other reasons than what they are now.

I hope that you understand why I'm asking these things. Thanks for your time, in reading, and creating this amazing project

  Are you sure? yes | no

Christopher Leidy wrote 09/26/2016 at 02:49 point

I would be happy to help creator with kickstart or indiegogo campaign. This is a very valuable project. 

  Are you sure? yes | no

yohan wongso wrote 09/19/2016 at 15:23 point

hi guys! this is a nice project. hope you will finish it soon. By the way, I want to learn about cyber security. Can someone help me? contact me please...

  Are you sure? yes | no

Joseph wrote 08/09/2016 at 16:13 point

Very nice article for checking secutity with the RPi. I have made an article on RPi in this website: https://www.completegate.com/2016080659/blog/raspberry-pi-the-ultimate-convenience Please do see it and give your valuable feedback.

  Are you sure? yes | no

Arya wrote 05/03/2016 at 01:26 point

Hi! Seems like the sources are not longer there. For those interested: I've found a copy and forked it: https://github.com/CRImier/WebSecurityEverywhere

  Are you sure? yes | no

justin.m.riddle wrote 04/24/2016 at 05:41 point

I'd love to order one as well, hopefully we get an update.  Does anyone have the creators contact into?

  Are you sure? yes | no

farrelan wrote 02/24/2016 at 20:04 point

Is this project still active? Very interested in your interface. I have everything setup and working on my own.

  Are you sure? yes | no

elgigglez39 wrote 12/31/2015 at 07:43 point

is there any place to order these, or is it still under development 

  Are you sure? yes | no

Mixon wrote 12/11/2015 at 13:53 point

Oi!, about time to update this. And start to sell ^^. There is a lot of lazy people who want to buy ^^. A+ Project.

Best regards. 

  Are you sure? yes | no

Chris Baldwin wrote 11/26/2015 at 13:52 point

would love to buy one of these

  Are you sure? yes | no

Rince wrote 10/10/2015 at 15:42 point

This sounds like a cool device! I'd love to (beta-)test it and maybe also try to gain access on sites I shouldn't have some.

And yes, it would be great to be able to test it :-)

What do you think of using privoxy as privacy proxy which strips a lot of headers from the traffic between your clients and the internet?

  Are you sure? yes | no

beastin.em1 wrote 04/14/2015 at 01:17 point

This is amazing and exactly what I have been looking for!! Do you plan to re-post the source code so that I can use this device? Thanks!

  Are you sure? yes | no

load.nikon wrote 03/24/2015 at 06:54 point

Wow.  I wish I would have seen this sooner.  Very impressive.  This is actually exactly what I intended to do but time and resources are in short supply and high demand.  You've done significantly better than I could have imagined my own may have turned out.  Belated congratulations on becoming a semifinalist!  Had I seen this at the time, it would have had my vote.

  Are you sure? yes | no

Atwas911 wrote 02/25/2015 at 17:09 point

Overall I am very impressed with this build. Very good attention to detail and very well thought out. A++ for the device itself..

BUT... I do have to comment on one point. This is not the first of these types of devices that I have seen. Devices that act as a gateway to Tor.

Connecting a computer that you have already accessed the internet directly with through Tor will not provide you any privacy protections what so ever. Your computer's unique id's have already been recorded and all you're going to do is update your ip logs with tor exit nodes. There are so many services that get installed that all "call home" to either check for updates, validate license keys/DRM etc.. And each of these has the ability to identify you and do. Not to mention all the "non-torbrowser" exploits and javascript tracking.

As I have said, i've seen several devices that allows people to easily do this and I have not yet seen any of them offer the above said warning.

  Are you sure? yes | no

Arcadia Labs wrote 03/02/2015 at 17:06 point

Hi, thanks for your support !

You're perfectly right about background services. This is why I'm adding the "security profiles" feature. It should open the firewall only for a few allowed services and blocks everything else.

On top of that, there's also the domain filter, where one could add IPs/domains to block.

And if it's still not enough, there exist some tools I could use, like MITM proxy.

About browser / javascript exploits, I'm adding some very explicit warning messages to the interface, where it shows how to use the device safely (install no-script, use private browsing, etc). These exploits are very concerning to me, but I still didn't find a better way...

The vast majority of similar devices I know don't go this far : they usually only provide a Tor gateway and nothing else (firewall rules if you are lucky). This is the reason why I'm not rushing for a release, and prefer working on good implementation...

  Are you sure? yes | no

XLT_Frank wrote 12/10/2014 at 20:33 point

  Are you sure? yes | no

antsnark wrote 12/07/2014 at 08:21 point
Add i2p to the interface, please :-)
I think, it s time to re-purpose my media-player RasPi to sich a thing :-)

  Are you sure? yes | no

Trevor Johansen Aase wrote 11/23/2014 at 19:56 point
Will you have a transparent proxy on the box that strips all adds, malware, etc from the pages before re-serving them? Or is the current plan just a point-2-point transferral of the connection?

I would love this as I use to run Smoothwall (On my rockin dual PII 300mhz) and I only had to re-install Windows a few times a year!

  Are you sure? yes | no

Arcadia Labs wrote 11/24/2014 at 17:36 point
Hi,
I plan to add some filtering capabilities. Actually I'm using a small proxy filter script based on dnsmasq that is running well and is very customizable.
I think the new BPi based prototype has the processing power for this, maybe even a transparent realtime malware scanner.
My biggest problem actually is about browser cookies and this kind of things.

  Are you sure? yes | no

ali wrote 10/18/2014 at 14:32 point
Hey, thanks for working on this! I've got a couple comments/feature requests:

It would be really great if people can easily share their UnJailPi connection with others over WIFI - would it ever be possible for a nearby client to detect an UnJailPi and connect to it with WIFI? The benefit here is a) the connectivity (3G/Broadband) is paid for by someone completely other than eg. the journalist/activist, b) if a journalist can connect via WIFI, their location will be less visible than if they connected something (their phone or UnJailPi) via 3G.

In terms of reducing the risk for the person sharing their connection to anonymous users, it could be required for guests to connect via a Tor bridge provided by the UnJailPi - traffic leaving the UnJailPi could not be traced back as an OpenVPN connection could.

The Tor bandwidth issue could be resolved with traffic shaping on the box, so each client is limited to X Mb of usage per minute. This wouldn't allow videos, but could allow abuse prevention for 100% Tor access.

It's best not to rely on VPN these days for anything more than encrypting traffic from your immediate ISP - the VPN provider will still have the plaintext, and the traffic from the VPN provider to end service will be unencrypted. Additionally advanced actors are collecting the VPN keys, either with insiders or exploiting the VPN comanies (there are only so many VPN companies). In short, HTTPS/TLS is the only real solution there.

Perhaps allowing owners to block HTTP (port 80) connections would give some protection against mistakes there (similar to the HTTP Nowhere plugin).

It should be possible to keep most of the software quite general, potentially allowing installation on phones to use their 3G, or on OpenWRT capable routers, so I hope the development doesn't make raspi too much of a requirement...

Thanks, best of luck!

  Are you sure? yes | no

Arcadia Labs wrote 10/20/2014 at 01:52 point
Hi,
Your first idea about sharing UnjailPi connections over wifi is nice, however
I'm not sure to understand well the part about a Tor bridge. Do you mean, we
always have a Tor circuit active for anonymous users, inside a reserved wifi
"tunnel" ? How would it react if both devices enable Tor ? However it's a great
idea.

About the VPN part, I never designed the device to connect to third-parties VPN
providers. It is meant to be used with your own server (I'd like it to be a
second unjailpi), you could leave at home or at a secure place and connect to it
when necessary (fast-food wifi etc...).

Your HTTP nowhere is a brilliant idea. From start I want to force http traffic
to https (like https everywhere) but couldn't find a good solutions. Blocking
HTTP could be a first real solutions, but would need some sort of captive portal
for denied connections.

Do you have some expertise about all this ? Perhaps we could talk...

For the moment, the software could run on about every linux computer. Running on
routers could be more tricky, I don't see how it could be usable without some
display.

Thanks for your support !

  Are you sure? yes | no

ali wrote 10/21/2014 at 21:20 point
Good to hear you liked the ideas!

I should probably mention a few caveats:

Connecting to a personal VPN server would lose the anonymity properties of commercial VPNs, since then only one person would be using it (though generally VPN shouldn't be considered anonymous anyway).

Terminating the VPN at the home would still leave traffic onwards in the clear, as though browsing in the clear in your living room.

IMO surprisingly few people would set up a home VPN server themselves due to the effort.

Sharing a connection would probably be a bad idea for the current VPN and Tor modes, since a malicious user could join and purposely emit location/IP data in the traffic, which would be associated with other users' traffic and greatly reduce their anonymity.

Sharing a connection would definitely be a bad idea for VPN mode if the other end was at the person's home, as that would allow allow random people access to the home's internal network.

In general, wrapping the pipe in Tor or VPN is hazardous and requires quite a lot of discipline and technical knowledge to use correctly, because if anything on the end user device is transmitting deanonymised traffic, the rest of the traffic can have its identity compromised by being associated with it. If a user can run the Tor Browser Bundle on their computer instead they would likely be safer because that traffic would be isolated from the rest of the computer's connections.

My suggestion was that instead of wrapping the entire outbound pipe in VPN or Tor, a Tor bridge could be available with the WiFi LAN at eg. 192.168.1.2:9999 and any immediate WAN traffic blocked, so the Tor bridge must be used to reach the internet. With my current understanding I think that's secure and would keep different users' traffic separated. This is completely different from the current VPN and Tor settings, so would be a 3rd option.

Blocking outbound port 80 traffic changes the anonymity profile of it slightly so it might be reduced from "is a Tor user" to "is an UnJailPi user". Personally I don't think that's a show-stopper, but something to be aware of.


Comments to points from another post I saw:

PHP concerns seem legitimate IMO. It'd probably be safest for all admin functionality to be touch screen only and not available on the LAN.

Decades of experience working with people's communications in clear text might not make Telco companies the best communications security advisors ;)

Kaspersky labs' founder has recently been quoted arguing for "Internet Passports", whatever they are, so may not be the best advisors for anonymous technology devices.


However, it's great that you're working to do something about the clearly unsatisfactory communications security situation, especially for regular non-technical people, and I raise all these points so you can be aware of them as you go.

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates