Open router project launched to improve network privacy

But could the push back against the NSA's comprehensive surveillance with new privacy-enhancing technology be jeopardised by community reluctance for large-scale collaboration?
Written by Stilgherrian , Contributor

All of this NSA surveillance stuff in the news has resulted in some geek-folk thinking about how they can avoid being surveilled, and help others do the same — including the geek-folk at Redfish Group, a Brisbane-based embedded systems product design company.

On Tuesday, Redfish launched ORP1, an open router project that's intended to help maintain users' online privacy across all the devices in their home. ORP1 will be a high-performance networking router with an easy-to-use interface that can run a firewall, IPSec virtual private network (VPN), and Tor server.

More specifically, Redfish launched an Indigogo crowdfunding project to raise AU$200,000 to cover the cost of gearing up for ORP1's first production run. Roughly half of that total is for the physical production of ORP1 routers. The rest covers system and compliance testing — things like US Federal Communications Commission (FCC) certification for electromagnetic interference and the Australian and European equivalents — as well as industrial design, user interface development, and finalising the software.

Open router projects already exist, of course, including OpenWrt, DD-WRT, and TheGrugq's PORTAL, but they're essentially add-on or replacement software for existing consumer-grade router hardware. ORP1 runs on purpose-built hardware, and both software and hardware designs will be open source.

"I've really wanted to get an open networking platform out there for a while now, and we just felt that a router was the way to go, especially with all the NSA revelations and people's worrying about the different US tech companies providing equipment to us which may have back doors," Redfish managing director Justin Clacherty told ZDNet.

"Over the years, it's always been a little bit of a bugbear of mine that I can't get a decent-quality [router] system unless I spend stupid amounts of money... Consumer routers will do the job for a home, but if you've got a small business and need to run a couple of IPSec tunnels, it just starts to bog down very quickly."

Clacherty said that in tests, the ORP1 can deliver routing and firewall functionality at the full gigabit-per-second line speed with "almost no impact" on the router's 32-bit 800MHz PowerPC processor. Full-duplex IPSec encryption has been running at 700Mbps, and it's expected that by the time the device goes to manufacturing, it'll be capable of running IPSec at full line speed using 15 to 20 percent of CPU capacity.

If Redfish's crowdfunding campaign is successful, the ORP1 will fill a valuable niche in the marketplace: A high-performance router that's available commercially with all the right certifications, rather than having to be built by a hobbyist, which has the potential to dramatically improve privacy protection for ordinary households.

Provided the interface is easy enough to use, that is — and Clacherty says they're putting quite a bit of effort into the user experience.

The fact that it's running open-source software on an open hardware design adds trust, with fewer ways for the device to be compromised. But it does mean that another variant of Tor is being created, and another distribution of the Linux operating system — albeit a minor one. While code updates can and perhaps should be automated, it does represent another place where things have the potential to go wrong. Bugs love the crevices between modules.

It was a failure to update web browser software distributed as part of the Tor Browser Bundle that led to the FBI being able to compromise Tor users. And it strikes me that the continual fragmentation of software projects into myriad versions could make them harder to secure — because the more projects you have, the fewer eyes there'll be looking at each one for problems.

The more I think about it, the more I think that any push to counter the comprehensive digital surveillance by the NSA and its friends will need a coordinated response. But it sometimes strikes me that the what we can perhaps describe as the crypto-leftie end of the digital political spectrum tends to avoid building big, organisational structures. Because organisation is fascism.

That could be a mistake.

Editorial standards