Anonymity is something that seems next to impossible in this era of government surveillance. Even Tor and VPNs are no longer seem to be enough to protect user privacy. Once your IP address is discovered, your Game Over!
However, a method have been devised that not only allow users to anonymously connect to public Wi-Fi network, but also let them connect from about 2.5 Miles away.
Security researcher Benjamin Caudill has developed a device that adds an extra layer of anonymity to whistleblowers, journalists, dissidents and, of course, criminals.
ProxyHam, it’s a “hardware proxy” that allows users to connect to a long-distance public Wi-Fi network over an unidentifiable low-frequency radio channels, making it more difficult for government agencies and spies to unearth the real identity and source of the Internet traffic.
By relying on a 900 MegaHertz radio connection, ProxyHam effectively connects to a far-away Wi-Fi, with a range of between 1 and 2.5 Miles, depending upon certain interference factors.
Therefore, in case if spies manage to completely trace the target’s internet connection, they will find only the IP address of ProxyHam box transmitting a low-level radio signal thousands of feet away in some direction
Caudill tells Motherboard that he and his colleagues are also working to add additional features likeself-destruction to the ProxyHam. Future iterations might be small enough as to fit Proxyham into a book to make it easier to hide.
“If you throw this in a library it would take you years to be able to identify it,” Caudill said.
Caudill is planning to sell ProxyHam at cost for $200, “as a service to the community,” and he also hopes that he’ll be able to drop the price to $150 soon.
Nice. I flush My IP addy every day, so I don't know if that makes a diff...
it do not ;)
LOL! Yes, You can see what I'm on now, but when I reconnect tomorrow, I will have a different IP.
you have a "Dynamic" internet connection then, there's also "Static" (same address all the time)
Sort of. I have to run a program called "flush" that removes previous info so that it has to ask for an IP again.
The tool, ProxyHam, is the subject of a recently canceled talk at DEF CON 23 and its creator has been seemingly gagged from speaking about anything related to it. Something’s off, as this doesn’t seem like a typical cancellation.
Privacy is important, and if recent events are anything to go by – such as the FBI pushing to limit encryption and force companies to include backdoors into consumer oriented products and services; or the recent Hacking Team incident that exposed the questionable and dangerous world of government surveillance; striking a balance between law enforcement and basic human freedoms is an uphill struggle.
Over the last several years, reports from various watchdog organizations have made it clear that anonymity on the Internet is viewed as a bad thing by some governments, and starting to erode worldwide.
Whistleblowers, journalists, human rights activists, or anyone who wishes to express their opinions against the state are being tracked and targeted by the very governments they’re discussing or protesting.
The documents leaked by Edward Snowden prove that privacy is a basic right that’s easily dismissed by some governments, and the Hacking Team incident shows there’s a booming business market in helping them succeed.
Organizations such as Hacking Team or Gamma International have developed the tools and tactics needed to help oppressive governments, enabling them with the ability to track people no matter their location or how they connected to the Web.
While tools such as Tor or VPNs can help, the problem is that once a person’s IP address has been linked to a physical location their anonymity ceases to exist.
Given that governments often control the infrastructure being used, unmasking people in this fashion has only gotten easier over the last decade or so.
While it is true that criminals can be flagged and arrested using pinpointing techniques and lawful interception tools – and that’s a good thing – normal citizens expressing their basic human rights are also targeted and arrested (including journalists), which is horrendous.
Not every government is guilty of such acts, but several of them are, and that’s why it’s important that people be empowered to speak freely and to do so anonymously if there’s a need.
Designed to augment existing privacy tools, ProxyHam is a Raspberry Pi computer with Wi-Fi enabled. There’s three antennas; one is used to connect to a public Wi-Fi network, and the other two are used to transmit Wi-Fi signals over a 900 MHz frequency.
By using a 900 MHz radio, ProxyHam can connect to a Wi-Fi network up to two miles away, and blend-in with traffic on that spectrum. So if the person using it were to be tracked via IP address to a physical location, all anyone would find at that location is the ProxyHam box.
Caudill had planned a talk at DEF CON 23 centered on ProxyHam, which would’ve included a demonstration and the release of full hardware schematics, as well as source code. While everything needed to develop a device would’ve been offered, pre-configured units were planned for sale at a cost of $200.
On Friday, the talk was canceled. Caudill was vague in his responses to the public. Based on brief public remarks, it’s clear that he cannot speak about the topic or explain further.
In fact, all he can say is that the talk is canceled, the ProxyHam source code and documentation will never be made public, and the ProxyHam units developed for Las Vegas have been destroyed. The banner at the top of the Rhino Security website promoting ProxyHam has gone away too. It’s almost as if someone were trying to pretend the tool never existed.
Talks have been canceled at DEF CON before. So in that sense, this talk isn’t the first and it won’t be the last.
However, given the topic, the nature of the tool, and the current privacy climate – it’s a strange coincidence that a tool with such value and usefulness would be promoted and then removed from the public.
I don’t believe in coincidences.
Could have Caudill changed his mind? Yes, but that’s unlikely, because he was excited to release this tool and share the information with the public and protect those who are most at risk for using their voice.
Therefore, while it is pure speculation on my part since no one can speak on record, it would look as if a higher power – namely the U.S. Government – has put their foot down and killed this talk.
It isn’t perfect, but a tool like ProxyHam – when combined with Tor or other VPN services, would be powerful.
Such a combination would make tracking dissidents or whistleblowers (even with custom malware or tools from the likes of Hacking Team) increasingly difficult the more that ProxyHam was developed.
In fact, while the first version offered strong support to existing privacy tools, further developments were planned that would’ve not only improved things, but made them more affordable.
While the chance for abuse is also a valid point to make, and law enforcement certainly would, criminal elements have abused VPN and Tor before, so that’s not a strong argument. Honestly, criminals have been twisting legitimate tools and resources for their own gain for quite some time now.
At the same time, that criminals could abuse the tool is the only argument a government needs to make.
When faced with legal threats, most researchers will bend because there’s no other option available to them. No one wants to face fines and jail time over code.
Caudill isn’t talking, and clearly he can’t. Offering his apologies in an email when asked for comment, he responded to questions by repeating what was said on Twitter:
“…ProxyHam development would cease immediately, all existing units and prototypes destroyed, no further information or source code would be made available, and the DEF CON talk on whistleblowers and anonymity would be cancelled…”
Again, ProxyHam was under development for more than a year and Caudill was excited for it to go public. Now that’s all gone, and there’s nothing to suggest this was his intention.
Rather, given the state of things as they pertain to privacy and legal matters here in the U.S., it appears that his hand was forced – legally – complete with gags and destruction orders.
If a government agency killed this project, then it’s a sad day for privacy and security research.
Salted Hash as reached out to DEF CON to see if they can offer any additional details. Updates to this story are on page two.
Shortly after this story was posted, readers on Twitter pointed out that there doesn’t appear to be an FCC license for Caudill listed. Salted Hash has reached out to confirm the status, because it is possible the FCC intervened on the talk for that reason, or because there were devices for sale. (Thanks:@t0x0pg & @Err0r10 )
Shortly after this update was posted, Caudill responded to questions about the FCC stating that no, licensing had nothing to do with it. The 900MHz licensing was something they were just starting to look at, but the ProxyHam devices were limited to 1Watt as required by the FCC.
“Proxyham devices did not break the FCC standards as the 900MHz antennas were capped at the 1-watt limit,” he said.
“[There’s] no IP related issues,” he said. The answer was the same when it came to potential issues with the FCC.
The FCC question resurfaced because if encryption were used, it would violate FCC part 97 against armature radio operators encrypting. There’s also the issue of sales, which under FCC part 95 (sub one-watt consumer use device), requires validation – a slow and often expensive process.
Adding context, Michael Harris, Principal Security Analyst and Adjunct Instructor at the University of Missouri, commented via email:
“Many Hams have experimented with IP over ham bands, lower frequencies have throughput issues as one might expect and gear up a the 1.2 Ghz range is still too expensive. The current sweet spot is in the 800 to 900 Mhz range but is saturated by many other services fighting for that space from legacy cell phones to industrial controls doing short haul data to many spread spectrum and frequency hopping commercial radios.
“That general frequency range is a really noisy place to be and a proliferation of ProxyHam devices in that range would cause lots of problems in whatever particular band was selected. There is a huge fight over that frequency range going on already not just here but worldwide.”
So if patents were not a problem, and if the FCC wasn’t a problem – as confirmed by Caudill himself, why was this tool forced out of the public’s reach? We may never know.
There is another possible reason, one that I felt was too extreme when I first pinned this rant: a National Security Letter.
If a NSL was issued, unless Caudill goes the way of Lavabit, he has little recourse and almost no defense against this. There have been cases where a NSLs have been used inappropriately, but it’s rare to actually see proof in such cases until long after the fact.
But again, this is pure speculation. The point of the rant was that people need privacy tools, and ProxyHam would have made a great addition to the existing mix, but now we’ll never get it.
For the record, I asked Caudill about getting a NSL, Caudill would only answer, “No comment.”
Somebody put some serious fear into this guy...thinking the same thing going to happen to Walker, Trump, or anybody that plans to "buck" the system... they'll bail in fear of their live's if they get too close