Personally, I've set up a cheap router [1] with OpenWrt [2] with similar privoxy functionality, as well as a Wi-Fi hotspot and a webcam + motion(1) [3] for surveillance as an experiment. This might be an alternative if you want a small, low-power combination of hardware and software for privacy- or security-oriented applications right now. The hardware was sadly too slow to handle 2 FPS @ 720P video capture from a Microsoft LifeCam HD 3000 camera but it was usable with a 640x480 no-name cam from eBay.
I'm looking forward to mesh networking on OpenWrt.
[1] A TP-Link TL-MR3020; it's $35 where I'm at. I also had to use a powered USB hub and a USB flash drive for a pivot overlay file system.
[2] OpenWrt is quite possibly the most underrated Linux distribution from an administrative standpoint due to how it manages configuration and packages. See http://wiki.openwrt.org/toh/tp-link/tl-mr3020 for how it handles my particular router model.
On a related note, consider the implications of someone dropping a box like this somewhere where there's open (say, municipal) Wi-Fi and 5 V from solar power or the mains to feed it. NAT on the free Wi-Fi network could be circumvented through Freenet or a TOR hidden service. The attacker would then get an instant remote base of operations not traceable to him personally via billing or otherwise and a webcam to look over whatever. Unless he's caught by security cameras, of course.
I'm not sure it's a better solution for actual (black hat) hackers than paying for a VPS with a prepaid gift card or bitcoin (unless they need the webcam) but there's certainly some spy-movie appeal to it.
While you're totally correct - and these plug computer type systems do get used for penetration tests at least, it's important to realize that Eben et al. don't make the hardware or cause it to happen - the project is to about making a privacy enhancing distro to run on one.
> On a related note, consider the implications of someone dropping a box like this somewhere where there's open (say, municipal) Wi-Fi and 5 V from solar power or the mains to feed it.
Last year I did a talk at BlackHat EU on abusing MiFi hotspots to do this, only using the hotspot to attack the wifi network and tunnelling back over 3G to an out of band C2. I've got a lot further since then and have working PoCs that can do this.
The original vision by Eben Moglen was to use "increasingly cheap ARM, $50-$100 devices that plug into the wall and are not much bigger than an AC adapter." Almost certainly referring to the Sheevaplug. But the reference platform for Freedombox is now a $160+ device with built-in wifi to replace my existing router. If we were going to go that direction I wish it would have used a cheap wifi router with OpenWRT as you have mentioned.
If smartphones ever actually live up to the promise of being a pocket computer, in addition to their mission-critical enterprise gaming and network-locked NSA-friendly voice applications, everyone will already own the hardware for a freedom-hotspot. The phone-as-an-appliance concept has to be burned to its carbon atoms first though, and anti-competitive markets are the worst.
I would have certainly liked something less expensive to play with too, but this $160 thing has two USB ports and an eSATA port which will definitely make things somewhat more interesting -- my SheevaPlug has been struggling to keep up with the USB disk access... I also saw that there is Gig ethernet on this "devkit"-yellow-thing. I am almost convinced of getting one, but I will sleep on it just to make sure this is not just an empty geeko-consumerism moment.
In the end I have to agree. The Sheevaplug was simply not powerful enough for the vision. I hope that we can find something that can drop in price to make this possible.
Great idea. But for the love of everything sacred, they should replace their wall-o-text website with something a little easier to read. I suspect it's hurting their cause.
Freedom-buddy uses the world class TOR network so that boxes can find each other regardless of location or restrictive firewall and then allows the boxes to negotiate secure direct connections to each other for actually sending large or time sensitive data. We believe this blended approach will be most effective at improving the security and usability of personal-server communications and all the services we plan to build into those servers.
Web cleaning Our first service, a piece of software you can use today to start making your web browsing more secure and private, is called "privoxy-freedombox". This software combines the functionality of the Adblock Plus ad blocker, the Easy Privacy filtering list, and the (HTTPS Everywhere](https://www.eff.org/https-everywhere) website redirection plugin into a single piece of software to run on your FreedomBox. Combining these different plugins into software for your FreedomBox means that you can use them with almost any browser or mobile device using a standard web proxy connection.
Are they talking about Squid when they, "standard web proxy?" It seems quite a vague way to explain what's going on. Any insight here is appreciated.
Anyway, this seems like a more sophisticated approach since I last looked the freedomboax wiki. This looks promising.
When they say "standard web proxy" they mean anyone can utilize the box's services by configuring the proxy setting in their browser. Its a "standard web proxy" in the sense that no additional configuration is needed beyond customizing the web proxy setting which is a standard feature in any browser.
I think the idea is more to bring back privacy to the "server" not so much to the "client" side.
Think of the FreedomBox as your personal cloud. Your box will be accessible from the Internet (via dynamic dns) and could handle your email and social shit, but all with the guarantee of not-being-the-product privacy.
I am really happy to see progress on this project. We (as a society) can finally start the //real// conversation about privacy in social media only once we have alternatives to fb and big G.
Until now, the "privacy in social media" debate has been phrased with this threat model in mind:
"Regardless of whether you are using our target DreamPlug hardware, a laptop, or a large rack server somewhere. As you read this packages should already be available in the Raspbian repositories"
I know what you're saying though. I think this project was conceived long before the pi became a reality.
> I know what you're saying though. I think this project was conceived long before the pi became a reality.
You're correct in that. Raspberry Pi was not around back then. Eben Moglen had a talk in the beginning of 2011, if I'm not mistaken that seems to have set this effort off.
I don't think this means one can create documents with a given md5 hash, but if you're concerned about people making software that impersonates your release, you definitely should start worrying about someone producing a compromised 'copy' of your software with the same md5 hash.
Personally, I've set up a cheap router [1] with OpenWrt [2] with similar privoxy functionality, as well as a Wi-Fi hotspot and a webcam + motion(1) [3] for surveillance as an experiment. This might be an alternative if you want a small, low-power combination of hardware and software for privacy- or security-oriented applications right now. The hardware was sadly too slow to handle 2 FPS @ 720P video capture from a Microsoft LifeCam HD 3000 camera but it was usable with a 640x480 no-name cam from eBay.
I'm looking forward to mesh networking on OpenWrt.
[1] A TP-Link TL-MR3020; it's $35 where I'm at. I also had to use a powered USB hub and a USB flash drive for a pivot overlay file system.
[2] OpenWrt is quite possibly the most underrated Linux distribution from an administrative standpoint due to how it manages configuration and packages. See http://wiki.openwrt.org/toh/tp-link/tl-mr3020 for how it handles my particular router model.
[3] http://www.lavrsen.dk/foswiki/bin/view/Motion/WebHome