At DEF CON 23 this summer, an information security consultant plans to unveil ProxyHam, a hardware device that bears much promise for the future of web anonymity.
Benjamin Caudill, who is founder and Principal Consultant for Rhino Security Labs, developed the product in response to the growing threats against web privacy, particularly those arising from national security surveillance-based programs.
“From the US to China and beyond, anonymity on the internet is under fire – particularly for whistleblowers,” the description of Caudill’s DEF CON presentation reads. “National interests are pushing for greater control and monitoring of internet content, often invoking harsh punishments for informers and journalists, if caught. While a range of technologies (such as ToR) can provide some level of anonymity, a fundamental flaw still exists: a direct relationship between IP address and physical location. If your true IP is ever uncovered, it’s game over – a significant threat when your adversary owns the infrastructure.”
ProxyHam is meant to mitigate this threat by extending the range over which a user can make a reliable local Wi-Fi connection. In addition to a Wi-Fi enabled Raspberry Pi computer acting as its processing base, the device consists of three antennas. One is designed to connect to a source Wi-Fi network, whereas the other two are meant to transmit the Wi-Fi signal at a 900 MHz frequency. As such, those who wish to use ProxyHam must be willing to plug a 900-MHz antenna into their computer, which creates a setup along these lines:
In ideal conditions, it is estimated that customers can use ProxyHam to receive a Wi-Fi signal up to 2.5 miles away.
The specific frequency over which the device transmits its Wi-Fi signals is important given the fact that many other wireless household devices, such as cordless telephones, use that same frequency. This enables ProxyHam to blend in amidst the electronic noise of everyday life, which further complicates detection of the device.
These features notwithstanding, Caudill recognizes that ProxyHam does have its limits and that it is meant to fulfill a very particular function.
“We consider this the last or worst case scenario, the absolute fallback plan if everything else fails,” he told Motherboard. “Proxyham is one tool to aid in this effort, but it needs to be combined with user practices for setting up and managing anonymous identities safely. By default on its own it’s not going to be helpful.”
On their own, anonymizing tools and services have run into their fair share of problems over the past year. Tor came under some criticism last fall after an international legal effort codenamed “Operation Onymous” succeeded in seizing 400 Tor-based “.onion” domains.
Meanwhile, a recent study led by researchers from Queen Mary University of London and the University of Rome found that 10 popular commercial virtual private network (VPN) providers were vulnerable to leaking IPv6 data. Anonymity and privacy advocates alike therefore hope that ProxyHam will work in concert with these tools to help protect a user’s IP address.
Even so, it is important to note that although intended to help shield dissidents and journalists from repressive regimes, the device will undoubtedly aid malware authors, Silk Road dealers, and other computer criminals who are on the run from law enforcement.
Caudill plans to begin selling his device for USD $200.00, with the intention of eventually bringing down the cost to USD $150.00. He also plans on releasing the hardware specs, source code, and blueprint of the device so users can begin building their own models.
To learn more about ProxyHam and Caudill, as well as the other presentations planned for this year’s DEF CON, please click here.
Title image courtesy of ShutterStock