Awesome Stuff: Security Hardware For The Masses

from the stay-safe-now dept

Securing your computer and phone are something that is increasingly important, especially in light of all of the stories about privacy intrusions we’ve been discussing the past few months. For the most part, the average person has tended to rely on software-based security offerings, rather than hardware. While company may invest in hardware solutions, that’s always seemed to be a bit too much for the average consumer. However, perhaps that’s changing. This week’s awesome stuff covers three crowdfunding campaigns, looking to build different types of secure hardware for the mass market.

  • First up, we’ve got the amusingly named, Don’t Snoop Me Bro (or DMSB for short). It’s a VPN in a box. You hook it up to your network and turn the key (literally, it has a physical key) and it turns on a VPN tunnel via a VPN service routing your data through another country. These guys sent me a prototype to check out, and it looks interesting (though won’t work with my network setup). They’re still deciding what VPN service provider it will use, and it seems like that’s something that could make a difference in terms of overall usefulness. Of course, you can already pay for a VPN service that just runs on your computer (I’ve got a couple), but the DSMB guys properly note that those aren’t always the most user friendly and they only secure the one device, rather than the entire network (of course, they also work outside of your home/office). Still, if you’re looking to VPN tunnel your home network, this is an interesting project to check out:
    The project is seeking $65,000 and has only raised around $5,000 with less than a month to go. Even though it’s an IndieGoGo project, they chose the Kickstarter-like option of only getting the funds if it reaches the goal, so it needs to reach that target to get funded. There’s still plenty of time, though, so go check it out.
  • Another project with a great name is the Tuit mobile security ring. With all the talk of Apple trying to make security easier via their fingerprint ID reader, lots of people have pointed out that it’s dangerous to have a security token that can’t ever be changed — such as your fingerprint. Of course, plenty of people like the general ease of use of the fingerprint reader over a pin or password. The tuit project seems to be an interesting attempt to offer a better solution overall, creating a ring that uses NFC (near field communication) to unlock your (Android only, it appears, though there are stretch goals for Windows) phone just by touching it with the ring on your hand. In other words, the theory is that if you’re holding your phone, it’ll unlock automatically, but no one else can do that, unless they take your ring or hold your hand up to it. It’s obviously not perfect security since someone could get the ring in some way, but it does seem like a nice idea in terms of good convenience for the user (since many people don’t use any lock screen at all because it’s too inconvenient) while still creating some security, especially if the phone is taken from you. Also, as they note, you can still use a password to lock the screen and make it much more complex, since you won’t have to type it in so often.
    These guys have a big hill to climb, as their goal is $100,000 and they’ve still raised less than $10,000 with about two and a half weeks to go. Not sure if people just aren’t that interested, or if they haven’t been able to get enough attention for the project.
  • Finally, we’ve got the not so wonderfully named Qi4BOX, which is a USB key that encrypts all your local documents and documents in your Dropbox account. I’d imagine it’s really only useful for those who are big time Dropbox users, but it’s an interesting approach as a way to try to make the documents you put on Dropbox even more secure, without making it more user-unfriendly.
    As with all the projects this week, this one still has a ways to go, with about three weeks left. The folks behind it are seeking $30,000 Canadian, but are still only about a quarter of the way there. Perhaps the market for securing Dropbox documents isn’t that big.

That’s it for this week… stay secure.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Awesome Stuff: Security Hardware For The Masses”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

True security is impossible, as it would require complete openness and transparency on every level – design, manufacture, assembly. You’d also need everything to be open-sourced on the software side, right down to the BIOS and all the firmware and microcode. And while you’re at it you better compile all that code yourself and have a way to get reproducible binaries from said code regardless of the build environment. And of course always keep the secure device in your windowless, soundproof, EM-shielded basement that you never let anyone else into. Then you should be fine, at least until they crack quantum computing.

Anonymous Coward says:

Re: Re: Re:

On the software side those problems you describe have been solved by TOR and MAME.

MAME has a way to build binaries consistently over many platforms that is why every ROM they produce is exactly the same no matter what machine you use at least as SHA1 is concerned.

About EM-shielding, well you can always knit a bag with metal treads.

knitkitjewelry blog: Knitting with Wire

kobakant blog: Circular Knitting Machines

Open source firmware can be found already.

Open hardware

It is not impossible is just hard.

Still I agree 100% security may be impossible, but you can have high security using open source and open hardware.

All that hardware can be made at home except from the silicon, those still need some specialized equipment mainly optics and high vacuum quality chambers to be produced properly.

Because it is still difficult this could be a market where anyone with some electronics knowledge and capable of building things could start a business.

Still, people can be more secure if they really want to.

John Fenderson (profile) says:

Re: Re: Re:

True security is impossible

I can’t help but nitpick this a bit. You probably mean 100% security, and if so, then you’re right.

But effective security is totally possible, because whether or not something is secure isn’t a technological question. It’s an economic question: something is effectively secure if the cost of obtaining the information exceeds the value that information. It’s not a matter of “can they break in”, it’s a question of “is it worth the effort”.

The vast majority of information you wish to keep secret (personal correspondence, credit card numbers, medical records, etc., etc.) is actually fairly low-value in market terms. It’s high value to you, but not to anybody else. For example, your credit card # is only worth a buck or two on the black market.

It doesn’t take anything near 100% security to make it uneconomical enough to get that information that thieves wont’ bother.

If you have information that is high value to everybody, then you should be taking extraordinary measures to secure that information. For example, you should not be placing it on any device that is connected to a network, you should be paying attention to the physical security of it, etc. In short, there is no, zero, all-in-one technological solution for this sort of problem. Real security is all-encompassing, involved technological aspects (encryption, etc.), physical aspects (safes, guards, etc.), and behavioral aspects. Being weak in any of these means that your security as a whole is weak.

Anonymous Coward says:

Ah yes, capitalism strikes again! Privacy theater can be yours for only 10 easy payments of $19.99. We don’t need to bother providing pesky details like security protocols, implementation standards, source code, or VPN provider choice.

You can’t trust anyone, so Trust Us. We’ve put the key in your hands!

P.S. Here’s a random quote from Bruce Schneider that may or may not have anything to do with the product we offer.

Anonymous Coward says:

See: It makes no sense to me to lock DSMB in to a specific VPN provider. Zero sense at all. It makes more sense to make it modular. All it has done is make a single point of failure for the whole system. Do they seriously believe the NSA wouldn’t jump at the opportunity to have everyone using a single system connected to a single service?

Anonymous Coward says:

Honestly I would not trust any VPN right now including TOR. The NSA just has far too much power and if they’re tapping your connection at the ISP level no VPN will save you from that. I’d maybe trust it if the decryption was done via an alternate route. “Over the phone or whatever.”
Still that’s watched as well so it could never be 100 percent.
There has to be unencrypted communication fist or how else would you make the handshake? Magic? Akio, bum?
Plus tapping at ISP level allows them to directly inject malware without even having to open an infected site. It could be done anytime they feel like it as long as your connected.

Yes it could be safe, but what happens once the NSA forces them to start handing over their global keys that the software relies on?
Only a few things could happen-
1. They give the key up, shut the fuck up, and continue to run an unsafe services.
2. They refuse and keep their service running at the risk of some extremely serious charges based on absurd laws.
3. The refuse and close their doors.

Their price to keep us “secure” is just too high for me. I hate actual terrorist just as much as anyone. I’m sorry, but I do not fear their fake spoon fed confession terrorist that mostly consist of 40 to 50 year old borderline retards that can hardly take care of themselves.

Whoops I’ve veered off the orig topic. Did I mention I make a n awesome apple pie? 😉

Anonymous Coward says:

Re: Re:

Honestly I would not trust any VPN right now including TOR. The NSA just has far too much power and if they’re tapping your connection at the ISP level no VPN will save you from that. I’d maybe trust it if the decryption was done via an alternate route. “Over the phone or whatever.”

There is no reason to not trust the concept of encrypted communication over the internet. That is blind fear of black NSA magic which simply does not exist. The biggest fear to be had of the NSA is their political magic along with the big scary men holding guns that follow their commands.

Even they have admitted that standard implementations of encryption are generally secure. Their workarounds is to force everyone else to talk to them and circumvent you, the user. If your VPN provider isn’t playing their game, then there isn’t too much they can do about that except sick their gun-wielding goons at them. So the trick is to find a place where they can’t send their gun-wielding goons without international incidents occurring. And THEN you can start worrying about the VPN following proper protocol.

Which btw, proper protocol is using all those popular standards that you seem to feel are ineffective against their spying. Those popular standards are still mathematically difficult, and the NSA hasn’t found the spell they have to cast to make their computers able to break them in real-time. So it’s therefore logical to believe that as long as you can trust the VPN provider (The hardest part by far) and trust that you have the proper protocol in place (You’re using a program like OpenVPN) then you’re safe. Your communications are being watched, but there isn’t an easy way for the NSA to make any sense of them.

We all know it’s impossible to have 100% security, but it’s like a game of outrunning bears, you only have to be faster than the other 90% of people who are also running away.

Anonymous Coward says:

The ring and Q4 box (I’m just going to call it that) seem like good ideas.

With the ring, I have problems trusting any security implementation that uses wireless no matter how weak the field supposedly is. It reminds me of the attacks on credit card RFIDs that were supposed to be about the same range as the ring. Where does one put their hand anyway? On doorknobs, on counters, they shake them with other people, the whole time waving around their half of the security token. I would almost prefer if it was in card form or QR code form that had to be visually recognized by the phone for it to unlock.

John Fenderson (profile) says:

Re: Re:

I have problems trusting any security implementation that uses wireless no matter how weak the field supposedly is.

A thousand times this. There is no signal so weak that it can’t be read at a distance. Radio astronomy is all about reading microvolt signals over vast distances. At worst, a weak signal means you need a bigger antenna.

Ninja (profile) says:

Raspberry Pi or any compact computer plus stuff like Ipcop (standalone firewall) and you have the perfect security for very little. I’m imagining you would be able to set a vpn via such solution (maybe not using Ipcop but rather the full Linux installation with the proper software) before your router.

The first solution seems to be the best idea in my opinion. Poorly executed though, you could provide a dumb-proof ui so the person can set up a custom vpn.

Matt (user link) says:


That ring seems like as good an idea as any. Although, it would make more sense to me if they were to create a component that can be stored on your person, at work or at home that can deactivate the ring. Maybe a phone number that could be called. Interesting idea, but the ring does seem like just another trendy security measure with no real value above any of the others.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
09:00 Awesome Stuff: Monitor Everything (5)
09:00 Awesome Stuff: Cool Components (1)
12:42 Tech Companies Ask European Commission Not To Wreck The Internet -- And You Can Too (4)
09:00 Awesome Stuff: Play & Listen (1)
09:00 Awesome Stuff: Beyond Chiptunes (12)
09:00 Awesome Stuff: Updated Classics (3)
09:00 Awesome Stuff: Celebrating Cities (1)
09:00 Awesome Stuff: Crafts Of All Kinds (5)
09:00 Awesome Stuff: One Great Knob (13)
09:00 Awesome Stuff: Simple Geeky Toys (2)
09:00 Awesome Stuff: Gadgets For The New Year (18)
09:00 Awesome Stuff: A Post-Holiday Grab Bag (0)
13:34 How Private-Sector Innovation Can Help Those Most In Need (21)
09:00 Awesome Stuff: Towards The Future Of Drones (17)
09:00 Awesome Stuff: Artisanal Handheld Games (5)
09:00 Awesome Stuff: A New Approach To Smartphone VR (5)
09:00 Awesome Stuff: Let's Bore The Censors (37)
09:00 Awesome Stuff: Open Source For Your Brain (2)
09:00 Awesome Stuff: The Final Piece Of The VR Puzzle? (6)
09:00 Awesome Stuff: The Internet... Who Needs It? (15)
09:00 Awesome Stuff: The Light Non-Switch (18)
09:00 Awesome Stuff: 3D Printing And Way, Way More (7)
13:00 Techdirt Reading List: Learning By Doing (5)
12:43 The Stagnation Of eBooks Due To Closed Platforms And DRM (89)
09:00 Awesome Stuff: A Modular Phone For Makers (5)
09:00 Awesome Stuff: Everything On One Display (4)
09:00 Awesome Stuff: Everything Is Still A Remix (13)
09:00 Awesome Stuff: Great Desk Toy, Or Greatest Desk Toy? (6)
09:00 Awesome Stuff: Sleep Hacking (12)
09:00 Awesome Stuff: A Voice-Operated Household Assistant (19)
More arrow