Blog Post

Say hello to Safeplug, Pogoplug’s $49 Tor-in-a-box for anonymous surfing

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

You may know Pogoplug as the maker of little “personal cloud” devices for streaming media from your home to your smartphone, or, if you’re more up to speed with what the company’s been doing, you may be aware of its Dropbox-battling cloud storage services. But while security has always been a necessary aspect of these plays, Pogoplug is now jumping headfirst into that space with its new product, Safeplug.

Safeplug is essentially Linux-based hardware packaging for Tor, which is slightly-hard-to-use software for people who want to surf the web anonymously. Tor does this using encryption and by bouncing everyone’s traffic around other users’ connections, making it almost – but not always — impossible to see who’s visiting which page. Safeplug also automatically blocks ads.

“We’re huge fans of Tor and are very good at building these small appliances,” Pogoplug CEO Dan Putterman told me, explaining that Safeplug just needs to be plugged into the user’s router. “It takes 60 seconds to install, then all of your in-home internet access becomes completely anonymized. We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user.”

Anonymity is complex

Safeplug with phoneIf only things were that simple. Tor may be good for privacy, but it doesn’t play nicely with all the things you might want to do on the internet – all that bouncing-around of traffic means slower surfing, which becomes an issue with streaming video and gaming, and the anti-fraud mechanisms in online banking services aren’t too keen on anonymized access either.

Pogoplug is aware of these limitations, Putterman said, which is why users can whitelist certain sites so that their use is not run through Tor. Users can also set up Safeplug to work on a per-browser basis, so for example Firefox may always run through Tor while Chrome(s goog) won’t. I worry that this sort of complexity will bedevil those who expect to just plug the thing in and forget about it.

On the plus side, users can also set themselves up as Tor nodes to help others surf anonymously (the default setting for this is “off” as it has bandwidth implications). Putterman said Pogoplug hadn’t actually talked to the Tor folks before putting their open-source project in a box (“We wanted to have some aspect of secrecy in the development process”) but pointed out that it would “hopefully make a significant impact in terms of the number of relays out there”, thereby making Tor better at what it does.

“Vetted software”

Safeplug runs Tor and a proxy server with “hardened” SSH access, and that’s about it. It costs $49 and is initially on sale in the U.S. Pogoplug plans to also sell it across Europe and Asia, and yes, Putterman is conscious of that fact that some people there won’t be brimming with trust for a security product coming out of the U.S.

“It’s using very vetted software,” he pointed out. “We could have run a VPN or proxy service somewhere else, but we realized the only way to truly guarantee [anonymity and safety] is not to be reliant on any other service. People who are sceptical can look at the Linux level and see exactly what processes are running. Technical users can look inside the box and feel safe that it’s only running Tor.”

Pogoplug has even made firmware updates for the device pull-only, not push – “If we pushed, we’d have to track all the boxes. It’s pull-based for security reasons.”

Safeplug aside, Pogoplug is also seeking to reassure customers outside the U.S. with the siting of its data centers (Pogoplug only used Amazon Glacier for a few months in the early days of its cloud storage product). It has several in the U.S. and one in Israel, and it’s currently setting one up in France. Japan’s next on the list.

18 Responses to “Say hello to Safeplug, Pogoplug’s $49 Tor-in-a-box for anonymous surfing”

  1. Dave Bushong

    I bought one of these and it came in the mail a couple of days ago. It started up OK, and then forced an update on itself, and then hung forever. Tech support has so far been unable to be of any help.

    Just to let you know, you might want to wait until there are a few more happy customers out there before you buy one.

    And to pogo tech support: please reply to my message to you!!!! I checked what you asked me to check, and replied, but you never told me what to do next!!!!

    • dstorrez

      Dave, you still having issues.. I ran into the same thing and after I updated it locked up. I just unplugged for ten minutes and then it started working like a champ. you may have to query your network to find out what the IP address is for the safeplug.

  2. Dave Bushong

    I have been looking for a review, and not just a re-written press release. I didn’t find one, so I bought one of these.

    It arrived at my home last night. I plugged it in, and went through the online activation. The device began to update itself, and then hung. It never completed.

    I went through three back and forths with customer support, and they suggested a couple of things. They didn’t say “oh, here is the problem. Do this.” Instead, they said to try a couple of things, maybe this will work, maybe that will work.

    So the device does not work, and customer support does not work.

    There is your review. I am extremely disappointed in this company and their product.

    (Note to anyone who cares: I’ve been using Tor for years and I am still a big fan of that. It’s just this product and the company and zero customer support that I am unhappy with.)

  3. Torrie Node

    I am using it right now and its working great. Speeds are much faster than anticipated 4-10mbps u/d! You are able to act as an exit node with a simple flip of the switch in the interface so these devices in fact will likely help with increasing Tor speeds. To each his own but for 49 bucks I am quite happy. My use case might be different then most – I am using it to quickly see what sites I run look like from different exit nodes across the globe.

  4. anonymous

    All of these reviews so far are really just spewing the details from the press release. Lets see some independant security reviews or just get TAILS or Liberte Linus, even something like ninjastik which is already on USB. If you are really looking for something easy – just download the TBB like others have mentioned.

  5. Sounds great in theory… however, talking to a source inside the Tor project, this box basically does nothing more than the Tor Browser Bundle accomplishes for free besides ad blocking. Regrettably, it actually hurts the Tor network because they’re just adding more users instead of actual exit nodes to the network, which, if this product “catches on”, will drag the network speeds down even slower.

    The creators of this box are simply trying to profit from other people’s work without adding anything of value.

    The Tor Browser Bundle is simple enough by itself; you download it, install it, open it, press “Start Tor” and that’s it. A browser window will open automatically a few seconds later, and you’re in. Adding this box is simply giving the NSA and others more places to look for vulnerabilities.

        • The security issue with Tor a couple months ago was a Javascript vulnerability. With the addition of NoScript and it being enabled by default, that’s basically taken care of, as long as you don’t reenable it.

          That said, the NSA of course is still doing its best to crack the network, going so far as to set up their own “nodes” themselves. It’s a shot in the dark though, because the user would have to go through NSA nodes all 3 times (which is completely random and unlikely to happen).

          This best thing that could happen for the Tor project now is for more exit nodes to be implemented as the user base grows. If the number of users grow without more exit nodes being implemented, Tor will become much slower than it is now.

          More users is a good thing for anonymity, but it’s terrible when new servers aren’t added to compensate, and unfortunately, the developer of this box doesn’t seem to be adding any.