8 years ago
16
A project to build a $200 DIY Wi-Fi router to help whistleblowers hide online just disappeared under bizarre circumstances
'ProxyHam' would have let users hide up to 2.5 miles away from it — but now it has mysteriously disappeared, and some suspect the government is at fault.
Continue Reading
http://www.businessinsider.com
Join the Discussion
When I first saw this product there were a lot of comments regarding FCC regulations that were being stretched and perhaps broken. I don't know the details exactly, but the gist is that to get that 2.5 mile range, the router had to operate in protected bandwidths that require ham radio licensure. So the user was caught in a legal quandry from the start: flout the FCC regulations and get busted for that, or get licensed and have an easy way of being identified. So, not too helpful for whistleblowers after all.
But if this is an FCC issue as you say with using protected bandwidths, then there would be no need for this secrecy and likely gag order. It even says in the article: "One initial theory was that ProxyHam fell afoul of FCC regulation — but Caudill subsequently told CSO Online that it wasn't FCC intervention that prompted the cancellation. "ProxyHam devices did not break the FCC standards as the 900MHz antennas were capped at the 1-watt limit."
This sounds alot more like NSA or FBI threatening them and they folded up shop to choose freedom over principles (which I can't fault them for). But the US of A is becoming a very scary place...
This is what happens when democracy dies.
Why would the NSA/FBI be afraid of this? Using high power directional antennas would make it relatively easy to pinpoint where the user is physically located, assuming you could get equipment in the general vicinity you knew they were operating in. The FBI, at least, fairly conveniently already has field offices throughout the country that should make that fairly simple to do.
My guess: some company sent a letter that this was infringing on their patent. As far as I can tell, Rhino Security Labs is just Caudill, and prior to this ProxyHam stuff they made most of their money selling managed firewalls to small companies. I know if I was in that situation I would almost certainly react the same way. He's gotten a ton of publicity for this, will get even more, and if anyone prospective client asks in the future he can just say "My lawyers have informed me not to discuss the matter."
That's not to say that this isn't a government agency leaning on him, they certainly have enough non-technical people in management who would charge ahead, but there's a decent history of people giving talks at Defcon and pulling out because a company threatened legal action.
Yeah, I agree with this - it sounds like a similar situation to what happened with Lavabit some time ago. Either that, or shut down with a gag order by large ISP's?
That is really, really scary. Everytime a privacy/security project shuts down spontaneously with the devs giving little to no info it makes the hair in my neck rise. Just like when TrueCrypt suddenly disappeared.
If it helps, my understanding is that the TrueCrypt situation was that the developer just wanted to be done with the project, and did not want anyone to take it over and see their project potentially destroyed by someone else.
Well, veracrypt (https://veracrypt.codeplex.com/) picked it up and enhanced it, totally open sourced also. Even though some forks might steer away from the original concept of the project, others embrace it and run with it.
These "forks" actually bother me quite a bit. They're essentially saying "screw whatever you wanted, I'm taking your code anyway." Its bothersome to say the least.
Don't you think that's the beauty of open source software? Use a piece or the whole code base and make it yours, bend it to your needs as you see fit. Being locked to an [ideology|mission|vision] is what's wrong, innovation is not achieved either in isolation nor in bondage.
That's the point: Truecrypt wasn't open source, at least not in the FOSS sense. I'm not a lawyer, but my understanding is that there is a ton of ambiguity over whether you can make modifications to the Truecrypt source code and still abide by the license. The source code was only open in that no one really trusts any crypto that can't be reviewed, so the source code was released to aid that.
It probably is the most likely explanation, however shutting down mid security audit (that found no significant problems/backdoors) and recommending alternatives that are closed source and where the companys might cooperate with Agencys can't say that it didn't look off. Also lavabit happened not long before that.
Steve Gibson, and at least a few other people in the crypto community (named Matthew Green) say the same thing. Its entirely possible it's a big coverup, but seems quite unlikely.
From what I've seen of the project, it's being built from COTS (Common, Off-The-Shelf) parts. The idea is out there, now. I'm pretty confident that if it's really workable that someone else will come up with a wildcat design. Yes, the reference design is no longer. But the concept is alive and well.
It's really quite an unnecessary device. Yes it would cut down on costs but there are other ways of doing it. A good example would be: Go to another city/country - buy a chromebook, install linux, buy a data sim card, top up and a smartphone using cash, use smartphone for internet access and share internet connection anonymously
Possibilities:
1) There really was a gag order
2) Some guy in a suit showed the dev what was in his NSA file and threatened to release it
3) The guy in a suit gave him a big bag of cash and a job offer in a building with no windows