In a world where digital privacy doesn’t exist anymore, where journalists couldn’t securely do their work, where companies are spyed upon by various entities, and where Human Rights are cynically disregarded, there is an urgent need for an easy-to-use tool to restore digital privacy.
This autonomous device uses the available connectivity to build a secure access-point and bypasses internet filters to connect to a remote network, use a secured internet or even browse anonymously.
Connect your laptop/smartphone to the device’s secured wifi access-point, no additional setup is needed. Enjoy a secured internet anywhere, anytime.
It could connect the internet via a public wifi access-point, 3G internet via phone usb/wifi tethering, corporate cable network, or even your own router/ADSL box.
It is very easy to use with its touch control interface and its fully automatized functions.
It could run autonomously during several hours on its internal battery.
Basically, this device acts as a wifi / ethernet router and access point. It could connect to the internet using some random wifi, a wired network, or a tethered android phone (wifi or usb). On the secured side, it acts as a wireless access point with internet forwarding so it works with every kind of device : PC, laptop, smartphone, using Windows, GNU/Linux, Android or even Mac-OSX.
The wireless access-point is also hardened with a random key feature. The access-point security key could be modified on-demand and at boot-time with a random one.
From the touch screen interface, TOR or an OpenVPN tunnel could be enabled. This custom interface could be used for complete operation, full setup and device monitoring.
It only needs a wifi adapter and no setup on the endpoint device (computer, smartphone…) to work. The user interface is also very easy to use with on/off buttons, so it is very easy to operate by non tech people.
In sensitive situations, the complete software and operating system could be installed in a few minutes from a preconfigured and encrypted image. The SD-card could also be removed from the device or even destroyed in a few seconds, causing no harm to the device, but makes it completely empty and useless. This way, sensitive data such as SSH private keys are secure.
The device hardware is open source, and uses only free software. This way, it could be improved by the community when it needs to, and it also helps defend digital freedom and Human Rights.
It also makes a perfect device to fight planned obscolescence : the software is built to be cross-compatible with different boards, offering different features, to adapt to various situations and evolve over time.
The device could be built at home using some easily sourceable parts and laser cut enclosure in a ready-to-build kit (see below), but could also be easily customized and manufactured for specific needs.
This device was semi-finalist of The Hackaday Prize contest. Original presentation and up-to-date build logs are still available on this page on hackaday.io.
- Secure wireless access point, with random security key generation features
- On-demand OpenVPN transparent tunnelling to a remote trusted network/server (here, it is a second Raspberry Pi) :
- Point to point tunneling with internet forwarding
- Very stable and fast over wireless, cellular and other non reliable networks
- Keeps connected over a roaming connection
- On-demand Tor transparent proxy :
- Anonymous browsing,
- Access forbidden websites / services based on location
- Force or Block relay nodes based on their location, from the main interface
- Hardware firewall with dynamically and automatically addressed rules
- Capable of traversing NATs and firewalls
- Ad-blocker / DNS filter feature with quick custom rules
- Touch display control interface
- Very low power consumption : ~5 Watts, runs on a phone charger
- Onboard 2600 mAh battery : ~4h running time
- External 10000 mAh battery : adds ~8h and charges onboard battery
- Very easy to operate, install and deploy
Why is it an important device ?
- It prevents people from learning your physical location or browsing habits,
- It helps defend individuals against traffic analysis,
- It helps businesses to keep their strategies confidential,
- It helps activists to anonymously report abuses or corruption,
- It helps journalists to protect their research and sources online,
- It helps people to use online services blocked by their local Internet providers
- People who want to fight a form of network surveillance that threatens personal freedom and privacy,
- Every kind of job/activity that require confidentiality / privacy / security,
- Every kind of job/activity that require some secure remote access,
- Journalists / Activists
How you can help
This device is still in a prototype stage. It is actually looking for many things :
- some technical and security expertise
- a lot of feedback (reason I don’t have any comments is still a mystery)
- some funding would really help, I’m looking for a solution to kickstart from France but I’m open to everything
- Of course, you are very welcome to spread the word about this project !
If you are willing to help, or just want to discuss about the project, please drop me a line !
If you are interested, you could also use this Paypal button :
Connection diagram :
Functions diagram :
- How “Open » is the design ?
For a device like this one, being open in design is not an option : it could be audited, and so it could be trusted. The philosophical nature of being « free » (as in « freedom ») is also very important to this project : protecting online privacy is also defending Human Rights.
So this device is meant to be as much open and free as possible :
– actual prototype is Raspberry Pi based. While R-Pi is not fully open hardware because of the Broadcom chips, schematics, board layouts and many other data are in the public domain. The actual device software is also built to remain compatible with different boards and hardware. Cross-compatibility is a key aspect of this device.
– the custom software is GPL v3, and every software component/library has been choosen considering it’s free software licence,
– the different enclosure designs (when ready) will be in public domain
– I do my best to document the device, and release every source code I’m using in it when it’s ready. I do my best to keep my software easy to understand or customize. I’ve already been asked about a second device with different features, so the software should adapt to different boards.
This project is also a great example of people openness. It could not have reached it’s actual development state without some great people who donated either hardware or time (or both) : battery board and case come from PiModules, and Lemaker people are really of great help with the BPi board. And of course the many people or friends who give me some help, advices and critizisms is a great example of cooperation, and this is possible only because the project is so open
- Is the project reproducible and could the work be extended for other uses ?
This device has been thought to be reproducible, from start : the software is compatible with many different main boards and hardware, even with a computer running Debian. Additional components, such as battery board, touchdisplay, USB wifi adpaters, are either optional or interchangeable with other components. I took this decision to allow everyone to build it at home, using on the shelf or easily available hardware.
This device has been designed to evolve if there are specifical needs : the corporations to whom I showed the prototypes already asked for a 4x ethernet switch instead of the wireless access point so I’m working towards that and plan to port the software to the incoming BPi-R1 board (planned for release in october). This is just one example, and this is why openness is so important to this project.
- Is there an intuitive interface ? (is the entry usable in the real world ?)
It was a primary objective of this device, long before this contest. « Secure » and « easy to use », too often, are opposite concepts, so I thought I could do something about it. The user interface is very easy to use, even if it still needs some work and new features. I built it for myself at start, but now I try to show it to many people to get some feedback. People seem to appreciate the ease of use of the user interface, I made it for non-techy users so I think I succeeded in it.
I use this device personally very often in many situations (see the project logs), so it’s now proven to be usable (and usefull) in the real world.
- Is it/could it be manufacturable ?
It is not only manufacturable, but it is especially easily manufacturable : the used component are interchangeable and easily available, and I’m using an already available enclosure (with a custom part) in the last prototype.
I also posted a Doodle poll about the device, and it appears the laser cut enclosure road is the best solution for the final design : it could be easily built at home and/or mass-manufactured, still allows for some customizations, and has a very professional look.
For the first move into marketing, I want to design and sell ready-to-build kits, with every parts needed : mainboard, display, battery, enclosure. I also want my own Arcadia Labs one-man company to assemble the kits, propose ready-to-run devices, and customize kits for specific uses.
This solution also lowers manufacturing cost, and could also add business and attention to very nice and innovative companies : Raspberry Pi foundation, PiModules, Adafruit, LeMaker, and others.
I think reinventing the wheel is a waste of ressources, especially when other companies already build well designed components.
Early example of a ready-to-build kit.
- First 2mn video for The Hackaday Prize
- Second 5mn video for The Hackaday Prize
- Tor relays force/block feature video
- UnJailPi port on the Banana Pi presentation video