18 Comments

Summary:

The box takes a minute to set up and promises anonymity for all surfing done through the connected router. It may not prove quite that simple to use in reality, but it’s certainly an intriguing and cost-effective privacy tool.

Pogoplug Safeplug

You may know Pogoplug as the maker of little “personal cloud” devices for streaming media from your home to your smartphone, or, if you’re more up to speed with what the company’s been doing, you may be aware of its Dropbox-battling cloud storage services. But while security has always been a necessary aspect of these plays, Pogoplug is now jumping headfirst into that space with its new product, Safeplug.

Safeplug is essentially Linux-based hardware packaging for Tor, which is slightly-hard-to-use software for people who want to surf the web anonymously. Tor does this using encryption and by bouncing everyone’s traffic around other users’ connections, making it almost – but not always — impossible to see who’s visiting which page. Safeplug also automatically blocks ads.

“We’re huge fans of Tor and are very good at building these small appliances,” Pogoplug CEO Dan Putterman told me, explaining that Safeplug just needs to be plugged into the user’s router. “It takes 60 seconds to install, then all of your in-home internet access becomes completely anonymized. We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user.”

Anonymity is complex

Safeplug with phoneIf only things were that simple. Tor may be good for privacy, but it doesn’t play nicely with all the things you might want to do on the internet – all that bouncing-around of traffic means slower surfing, which becomes an issue with streaming video and gaming, and the anti-fraud mechanisms in online banking services aren’t too keen on anonymized access either.

Pogoplug is aware of these limitations, Putterman said, which is why users can whitelist certain sites so that their use is not run through Tor. Users can also set up Safeplug to work on a per-browser basis, so for example Firefox may always run through Tor while Chrome won’t. I worry that this sort of complexity will bedevil those who expect to just plug the thing in and forget about it.

On the plus side, users can also set themselves up as Tor nodes to help others surf anonymously (the default setting for this is “off” as it has bandwidth implications). Putterman said Pogoplug hadn’t actually talked to the Tor folks before putting their open-source project in a box (“We wanted to have some aspect of secrecy in the development process”) but pointed out that it would “hopefully make a significant impact in terms of the number of relays out there”, thereby making Tor better at what it does.

“Vetted software”

Safeplug runs Tor and a proxy server with “hardened” SSH access, and that’s about it. It costs $49 and is initially on sale in the U.S. Pogoplug plans to also sell it across Europe and Asia, and yes, Putterman is conscious of that fact that some people there won’t be brimming with trust for a security product coming out of the U.S.

“It’s using very vetted software,” he pointed out. “We could have run a VPN or proxy service somewhere else, but we realized the only way to truly guarantee [anonymity and safety] is not to be reliant on any other service. People who are sceptical can look at the Linux level and see exactly what processes are running. Technical users can look inside the box and feel safe that it’s only running Tor.”

Pogoplug has even made firmware updates for the device pull-only, not push – “If we pushed, we’d have to track all the boxes. It’s pull-based for security reasons.”

Safeplug aside, Pogoplug is also seeking to reassure customers outside the U.S. with the siting of its data centers (Pogoplug only used Amazon Glacier for a few months in the early days of its cloud storage product). It has several in the U.S. and one in Israel, and it’s currently setting one up in France. Japan’s next on the list.

  1. Include add stripping and i’m in.

    Share
    1. Oh it does do ad-blocking by default. Sorry, meant to add that detail in – doing so now.

      Share
      1. Please also apprise us of the limitations of using TOR and security issues nagging it . NASA etc

        Share
        1. The security issue with Tor a couple months ago was a Javascript vulnerability. With the addition of NoScript and it being enabled by default, that’s basically taken care of, as long as you don’t reenable it.

          That said, the NSA of course is still doing its best to crack the network, going so far as to set up their own “nodes” themselves. It’s a shot in the dark though, because the user would have to go through NSA nodes all 3 times (which is completely random and unlikely to happen).

          This best thing that could happen for the Tor project now is for more exit nodes to be implemented as the user base grows. If the number of users grow without more exit nodes being implemented, Tor will become much slower than it is now.

          More users is a good thing for anonymity, but it’s terrible when new servers aren’t added to compensate, and unfortunately, the developer of this box doesn’t seem to be adding any.

          Share
  2. Their FAQ claims they include ad blocking.
    But I’m waiting for a thorough review.

    Share
  3. does this thing include a router? if not how does it get into the connection? do users have to setup proxy settings?

    Share
    1. It plugs into your router.

      Share
  4. I am very interested , where and how to get one ASAP….please advise

    Share
  5. I cannot buy from out of US. :( :( :(

    Share
  6. Sounds great in theory… however, talking to a source inside the Tor project, this box basically does nothing more than the Tor Browser Bundle accomplishes for free besides ad blocking. Regrettably, it actually hurts the Tor network because they’re just adding more users instead of actual exit nodes to the network, which, if this product “catches on”, will drag the network speeds down even slower.

    The creators of this box are simply trying to profit from other people’s work without adding anything of value.

    The Tor Browser Bundle is simple enough by itself; you download it, install it, open it, press “Start Tor” and that’s it. A browser window will open automatically a few seconds later, and you’re in. Adding this box is simply giving the NSA and others more places to look for vulnerabilities.

    Share
    1. I have one and it works great.. under options you can make it an exit node.

      Share
  7. The device is good, I just think that the developers should add some of their own nodes to the network to give back.

    Share
  8. So you guys couldn’t afford to actually use it and review it? I can read the product’s marketing materials too.

    Share
  9. All of these reviews so far are really just spewing the details from the press release. Lets see some independant security reviews or just get TAILS or Liberte Linus, even something like ninjastik which is already on USB. If you are really looking for something easy – just download the TBB like others have mentioned.

    Share
  10. I am using it right now and its working great. Speeds are much faster than anticipated 4-10mbps u/d! You are able to act as an exit node with a simple flip of the switch in the interface so these devices in fact will likely help with increasing Tor speeds. To each his own but for 49 bucks I am quite happy. My use case might be different then most – I am using it to quickly see what sites I run look like from different exit nodes across the globe.

    Share

Comments have been disabled for this post