As we learn more about how much data the intelligence community collects and what their capabilities are (Vault7), it reinforces the mantra of having good security hygiene. If you weren't using VPN while on (untrusted) WIFI connections, then you should be.
I consider untrusted any WIFI network I don't directly control. I even use VPN (normally) when on LTE because I don't trust my wireless carrier.
VPN hardware galore
Appliances properly designed and maintained should make most tasks easier and safer. VPNs and TOR are no exception. Kickstarter and IndieGogo are full of entrepreneurs promising easy security. Unfortunately most fall flat because they are simply re-badged Chinese products with a crappy interface.
The worst of the bunch are un-maintained products with tones of exploitable vulnerabilities leaking your data with every transaction. Invizbox was a Kickstarter funded company and their first product, a small gumbox sized WIFI anonymization router worked as advertised. It's major drawback was the requirement to have a physical connection to the internet and it was slow. Oh so slow.
The design team came back with a vengeance and released the InvizBoxGO late last year. The invizboxGo is a small battery powered device that will secure your WIFI connections and work as a battery backup if you need it.
The InvizboxGo is sold with an optional "white labelled" VPN service. When you buy the VPN service, you receive the "enhanced" TOR experience which basically means it uses VPN for the first hop to the TOR network thus protecting even that flow of traffic.
It also supports "pluggable transport" (description). Basically pluggable transport is a technology which allows you to change how the TOR traffic looks thus allowing you to bypass anonymity blocking tools (corporate or governmental).
A coming soon feature to force connections to htts when available (like a hardware implementation of https everywhere).
You can also review the Invixbox firmware sourcecode on . The team hopes that this transparency will:
- prove there are no backdoors
- allow researchers to find and highlight vulerabilities
- give the team immediate trust
InvizBoxGo Easy Setup
I ran the InvizboxGo through a gauntlet of technical tests (while on VPN) and it passed every single one:
- does not leak DNS queries when in VPN mode (go here to test)
- does hide your actual IP address (go here to test)
- does not leak IP or DNS information via JAVA or Flash ( Go here to test)
- protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and Invizbox did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
- InvizboxGo is not subject to WebRTC leaks when in VPN mode (go here to test
I conducted my tests via VPN because that is what most users will likely use. If you are technical enough to use TOR, you can do your own testing.
Yes it did slow down my connection to the internet but that depends on a tone of factors. The amount of slowdown will be based on your ISP (potential throttling of VPN traffic), connectivity between you and your chosen VPN endpoint, number of hops, traffic on the net, encryption overhead, etc Overall there was a slowdown (which is normal) but not enough for me to panic.
The killer feature
The InvixboxGo was delivered with the promise of auto-update. The creators promised to keep the device updated to add functionality and patch vulnerabilities. This update should be automatic if you keep your device connected regularly.
So far I have received one update (during my 2 months of testing) and think this is a big plus if they keep it up.
Issues with the InvizboxGo
My first complaint is that it works well for most captive portals (hotel and airport) but I have not been able to connect it to a corporate portal or WIFI requiring username/password to connect. I was told this issue is logged and that they will investigate.
The second issue is that the device doesn't have a physical ethernet port. Most of my connections are WIFI but recently I have stayed in top tier hotels that have only had Ethernet in the rooms which meant I had to use another Ethernet to WIFI device then use Invizbox to secure my connection.
I would have liked some kind of additional add on that would allow me to use an Ethernet connection (for WAN) when required.
Overall this is a fantastic unit that I enjoy using. It is fairly speedy, reliable and easy to use.