Online Anonymity in a Box, for $49
A cheap device called the Safeplug makes it easy to use the Tor anonymity network at home.
Tor, a privacy tool used by activists, criminals, and U.S. intelligence to obscure traces of their online activities, is being repackaged for the mass market. A $49 device launched today and targeted at consumers makes it relatively easy to route a home Internet connection through the Tor network. The Safeplug, as the device is called, can also block most online ads.
“It’s meant to be a mass-market product,” says Jed Putterman, chief product officer of PogoPlug, the company that developed the Safeplug and whose main business is providing cloud storage and backup for home use. “We wanted to make a family-friendly way to get the protection Tor offers.”
The most straightforward way of using Tor today involves downloading a bundle of software, including a new Web browser, onto each device a person wants to use anonymously. The Safeplug, in contrast, is a small box that is simply plugged into a home Internet router to allow any Internet-connected device to make use of Tor. The Safeplug acts as a proxy server, meaning that computers on the same network use it as a go-between to access the Internet. The device also has a built-in advertising blocker, which is disabled by default.
Putterman hopes the device will appeal to families who wish to prevent their ISPs or online companies such as ad networks from being able to connect their IP address or identity with their online activity. IP addresses can be used to reveal a person’s location (see “Tracking Trick Shows the Web Where You Are”), and to link diverse threads of online activity into behavioral profiles for advertising purposes. Safeplug may also appeal to those disturbed by recent revelations about NSA surveillance (see “Circumventing Encryption Frees NSA’s Hands Online”).
However, Mehmet Güneş, an assistant professor at the University of Nevada, Reno, who studies anonymity tools, says that users of the Safeplug will only remain truly obscure if they adjust their online behavior in other ways. “Tor provides unlinkability from source to destination, and people confuse that with anonymity,” he says. While using Tor people can easily leak identifying information via the Flash plug-in, other media add-ons, or information they type or send, says Güneş.
The Tor Project’s download page cautions that “You need to change some of your habits,” for just those reasons. It recommends disabling all browser plug-ins.
Another challenge for the Safeplug is that Tor’s design causes it to slow down Web traffic. Putterman suggests that people set their device to apply Tor only to Wi-Fi connections to protect phones, tablets, and laptops, while leaving devices using wired connections for bandwidth-intensive tasks such as streaming TV or gaming to function as normal.
The Tor network keeps Internet traffic private by making it take an indirect route. The process hides users’ IP address from the services they’re accessing, and prevents an ISP or other entities that may be monitoring the connection from knowing what those services are. Data from a Tor user hops via three “relays,” which are run by volunteers, on its way to its destination, a process mediated by encryption technology that prevents any relay from knowing the ultimate origin or destination of the data (see “Dissent Made Safer”).
Owners of a Safeplug can also set it to act as a relay to help out other people using Tor. Today there are over 4,000 Tor relays around the world, but Putterman believes his device will lead to the appearance of many more. “We hope to add tens of thousands of Tor relays,” he says. “Relays don’t use a lot of bandwidth and really help the community.”
Güneş says the addition of more relays would fortify the Tor network: “A larger crowd helps you anonymize better.” The addition of more Tor relays could also improve the performance of the network, reducing the bandwidth hit for people using it.
Data on how Tor is used today is hard to come by. A study by Güneş two years ago found that the vast majority of Tor traffic is ordinary Web browsing, so Safeplug may appeal to people already using the network this way.
There are over three million Tor connections in use today, although the number is declining after a spike this summer. The jump is believed to have been caused by a malicious software package using the network to communicate with its operators.
The original development of Tor was supported by the U.S. Naval Research Laboratory. The nonprofit Tor Project, which now maintains the tool, gets most of its support from the U.S. government, mostly the Department of Defense and the State Department.
Despite its high profile, Tor’s design so far appears secure against all but the most sophisticated and well-resourced attacks (see “Anonymity Network Tor Needs a Tune-Up to Protect Users from Surveillance”).