I received a handful of emails from readers asking if I had an EDC (Everyday Carry) kit and what it contained. I decided I would refresh my kit them post an article about it but my first through was securing your Internet connection when outside of a trusted network.
WIFI you should be worried
There are literally hundreds of articles on the internet and clips from news style shows talking about the dangers of using unprotected WIFI on untrusted networks. An untrusted network is any network you don’t directly control (work, library, coffee shop, hotel, airport, etc).
Even though many sites use protected TLS connections these days, attackers can still perform Man In The Middle style attacks. They can also harvest DNS queries and do a tone of reconnaissance.
So obviously protecting your connection when out an about is critical.
The Anonabox has had an interesting past with a canceled Kickstarter campaign but it is one of the most recognized names in hardware WIFI VPN/TOR devices.
Anonabox offers multiple types of devices:
- Original : The original TOR gateway that had a hard coded WIFI password and required a hard-wired WAN connection. Obviously this isn’t a good device for travellers or users on the move.
- Fawkes : An updated TOR gateway that has the ability to use WIFI as for WAN and that has an admin interface to upgrade the firmware or change WIFI passwords.
- Tunneller: A VPN client (does not support TOR) that supports many third party VPN services that provide OpenVPN configuration information.
- Pro: The nec plus ultra of the Anonabox line that supports everything and has a more powerful processor. HideMyAss and VyprVPN have dedicated pre-configured screens and you get a 30 day free trial of each.
Of course I chose the Pro version to test and was excited about how it may be able to fill a gap in my everyday carry kit.
Anonabox is the most well know product but it is far from the only one. The 2 other main competitors in this space are:
- InvizBox : I have the new GO on pre-order and will test and review it when it arrives.
- Tinyhardwarefirewall : This company sells $30 mini hardware firewalls configured to work with their own VPN solution (costs about $90 a year). I have heard lots of positive comments about them but can’t seem to get my hands on one in Canada.
There are several dozen write-ups
There are several dozen write-ups of these devices on the internet and I didn’t want to write a me too article. You can go read any of those to see the interface or get a basic review.
I want to look at the more important aspects of the device.
The Anonabox main review
When configured to use TOR, The session establishment is quick and solid. Using Wireshark, I double checked that there was no DNS leaking. Any traffic that cannot be routed over TOR is blocked. This is a good thing.
Tor is good but not perfect
Now for all the talk about the wonders of TOR, I still feel it isn’t practical for the average user. Using TOR means your connection is encrypted and routed through several (3-10) different TOR nodes before it exits the TOR network and back to the internet. This means you are introducing latency (aka delay) in your internet browsing. TOR is not a good choice for any internet activity that requires fast connectivity (such as streaming). When using the Anonabox Pro with the default TOR configuration, Browsing the internet was noticeably slower introducing a 0.5-1.5 second delay in all web page loads (compared to going through the Anonabox without any security enabled).
Once you setup your device with its own password, the manual recommends you setup a secure WPA2 password for the WIFI connection (client to Anonabox) which you should do immediately. You can go in and use any WIFI password your little heart desires.
Password protected Root
When connecting to the management interface of the Anonabox via WIFI, you can add (and should add) a password for ROOT. I wish I could change the name of the Root account too but having a custom selected password is good.
IT should prevent using the same password for ROOT and your WPA2 WIFI password.
When I log into the management interface, the connection is NOT encrypted. I wish they enabled TLS when loging in.
Anonabox HideMyAss Interface
So configuring an HMA VPN is super easy. You supply your username and password and chose which of their servers you want to connect to. Therein lies the first problem.
You get this incredibly long list of servers to browse through. As an example, there are 8 separate servers for Toronto (Canada). Which one should I pick? When should I switch to another one? There is no option to choose the fastest one of the bunch.
Also many geo-restricted services detect an HMA connection and prevent streaming content (think HULU, Netflix, etc).
In all fairness, setting up an account with the 30 day trial took 2 minutes and had me up and running almost immediately. I noticed that depending on which server I chose (Toronto server since I am testing this while in Toronto), I got wildly different performance metrics. Some connections had a 25-35% speed decrease while 1 of them brought me to a snail paced connection (decreased my normal internet speed by as much as 95%). Remember that there is no automatic way to choose the best connection for a region. It’s a game of trial and error.
I have to mentioned that there are many websites that claim HMA will easily hand over customer records to authorities. HMA says their service should not be used for illegal activities but even as a law abiding citizen, I dislike the idea of my VPN provider kneeling over quickly and handing my info over.
Additionally it has been reported that HMA will block the account of any user that receives a DMCA copyright violation notice. I don’t condone illegal activities but this means they are storing too much information for my liking. Remember that some streaming sites with geolocated locks have Terms of Service that make it illegal to stream their content outside of the US, which means if you stream it, you are a pirate and could have your records turned over or account blocked.
My HideMyAss VPN connection never dropped and I felt it was easy enough for the average Joe. If you are ok with the type of logs they keep and how quickly they cooperate with law enforcement then go on.
Anonabox and VyprVPN.
VyprVPN was touted as the fasted VPN service around and I was excited to test it. I signed up within 2 minutes and was up and running with it in 3 minutes.
You have one location choice per region and the speed was good. Choosing locations relatively close meant I had consistently good performance, at least for the first hour.
Then my connection stopped working and after a couple of support requests with Anonabox and Vypr, I found out my Vypr account had been frozen. You would think an account error message would pop-up somewhere to alert you.
It seems they flagged my account for verification to avoid VPN fraud. What the heck does that mean. Right now I have about a dozen different VPN accounts with different services I use for testing (ProXPN, tunnelbear, UnlimitedVPN, etc) and I have never had this happen. They said a manual configuration was also detected and were wondering why? I could only imagine they saw the Anonabox connection as a manual configuration since I wan’t using any of their software. In order to reactivate my 30 day trial, they wanted credit card information, proof of my home address and more.
For a VPN being used on a privacy device, I felt this was a pretty bad situation. I found VyprVPN support slow (took a couple of days for my ticket to get escalated to the point where someone could tell me what was going on) and extremely rude. When I explained that I was testing the connection for a blog review and requested the 30 day trial be re-activated, they said “too bad. give us the information we need or we won’t reactive”. When I said I wouldn’t provide it “They said my request to have my account deleted was accepted and would be done shortly”.
So bottom line, Anonabox… Get rid of VyprVPN and I recommend everyone chose another provider.
You can use VPN and TOR together
Yes you can but no you shouldn’t the privacy gain is minimal and the performance connectivity is so huge, it makes the entire thing non usable.
Using the USB 2.0 port on the Anonabox Pro
The marketing claims you can plug a USB device into the Anonabox and share the contents with user.
Unfortunately there are no instructions provided in the booklet or online on how to configure it. Plus there is no configuration option in the management interface.
My guess is that this will be added with a future firmware update so we’ll have to see when it is made available.
As I write this, the latest firmware for for the Anonabox pro is version 3.9 and there is plenty of room for improvement to the interface.
Since I couldn’t use VyprVPN, I switched to HMA to test IP leaks. As mentioned above in TOR, I had not DNS leak and was happy to learn that HMA also didn’t leak DNS.
WebRTC detection listed my HMA IP address but also successfully detected my local IP (not so good).
Comparing Anonabox Pro Tor speeds with the TOR browser
I was wondering how the Anonabox pro would perform against the TOR browser (speed wise). The average speeds were close (performed 12 different tests each and used the averages). The TOR browser was always consistently faster though. I’m not sure why but could be that the Anonabox pro has a tough time keeping up with the encryption/decryption activities.
- I liked the small, sleek and light device. It is easy to carry everywhere and is powered by a micro-USB cable (provided in the box). This means I can hook it up to my portable battery and use it all day.
- The packaging is nice but the manual is a little too basic. I wish it had a more technical guide online for geeks.
- Setup is easy
Not so good
- The first unit I received had a WIFI connection (both its main connection and the WIFI uplink client connection die regularly). I tried everything and finally Anonabox support replaced it which fixed this issue. I won’t penalize them for this, since electronics do die and support was quick.
- No support for USB sharing yet
- TOR connection is good but not as good as the TOR client.
The bad and the ugly
- Configuring another OpenVPN service is complicated and I wasn’t able to do it. I have been in security for over 15 years and am able to setup complex firewalls so this was a bit of shocker to me.
- The preferred VPN solutions have bad privacy and confidentiality records so they aren’t preferred solutions. I wish they offered more robust privacy oriented VPN partners.
- VPN tests showed noticeable drop in download performance which is bad. When comparing this to my high end Asus router using the same VPN provider, my Asus performed much much better which leads me to believe there is an implementation issue.
- I couldn’t find instructions or a management interface option to configure .onion hosting, even though it is advertised.
The summary of the summary
I only found the Pro useful and stable when connected to the TOR network which surprised me. I really wanted to be able to use it with a good fast and privacy-enhacing VPN service.
TOR worked well every time but then again the TOR browser was consistently faster.
So overall I loved the idea. I was extremely hopeful that this device would be part of my everyday carry but sadly it won’t be.
I’m hoping someone at Anonabox will read this and push for the improvements the device needs but only time will tell.
Right now I cannot recommend the Anonabox Pro (or other variants).
I am anxious to test the Invizbox in 3-4 weeks when it ships. I am also talking to Tinyhwardwarefirewall to see if they can ship me (to Canada) a mini device for testing.