I'm still holding out for this being a hoax, a big joke, and that they're going to cancel the kickstarter any minute. It'd be quite the cute "lessons learned" about anonymity scams. However, I will be treating it from here on out as a genuine scam. (As of May 2nd, the kickstarter has been cancelled, after the strangest attempt to reply to this imaginable. Good riddance.)
This absolutely ridiculous thing was brought to my attention by a friend and since it was late at night I thought I must be delirious in how absurdly over the top fake it seemed. So I slept on it, woke up, and found that it had gotten a thousand dollars more funding and was every bit as flabbergasting as I thought it was.
Since I realize that not everyone has spent their entire lives studying computers – and such people are the targets of such scams – I figured I'd throw together a quick list of not even everything wrong with this kickstarter. I am a professional computer security researcher. I care a lot about anonymity and privacy on the internet, and I hang out with the world's leading experts on the topic. I especially care about defeating state-sponsored censorship. That's why I get SO MAD about the series of scams seeking to take advantage of people who just want to be secure. At best they just lose their money, at worst they get a horrible unsafe mishmash of code that makes them worse off than when they started.
Yes, they followed me on Twitter after they caught me calling them a scam. Precious. Orange is in fact the best color but the over-the-top coolness is the first "I have a bad feeling about this" sign. The nearly 1:1 ratio of followers to followed on a scale of thousands is another classic sign of social network fudgery. Whatever. On to the actual kickstarter:
What EVEN! What do I say? Well, first off, everyone who actually knows anything about onion routing knows that the correct way to capitalize Tor is Tor, not TOR. That's a minor, superficial thing that a lot of people get wrong, but if you're claiming to be an expert I expect you to know how to spell the name of the most important piece of software in the field. But. Ten times speed. TEN TIMES SPEED. What is this miracle? How are you increasing speed by adding extra routing steps? Why aren't you in a bidding war between the major ISPs to sell this technology for millions of dollars? It's an absolutely revolutionary breakthrough that could benefit everyone on the planet, and you don't need a kickstarter to license your apparently already working algorithm!
Sever™ is an embedded forced routing,
What does "forced routing" mean? Like this, which "assumes the network is centralized", ie the opposite of peer-to-peer?
peer to peer internet networking device
Tor does this for free
with inherent DNS security protections built in,
Uhh this requires a boatload of clarification. Like, a doctorate's worth.
individual packet encryption,
Lots of things do this for free
a data containment engine,
??? Like a hard drive or...
and IP obfuscation capabilities.
A proxy. This is a thing that many things can already do. The limitations are subtle but important – just ask all the people who've been busted for crimes commited from behind an obfuscated IP.
Its engineered to make what you do online private, faster, and untraceable! Its designed to work with your existing internet hardware and setup takes only minutes.
Hmm hmm. Promising the moon. Dinging one point for "its/it's" confusion.
Sever™ enhances secure network communications, secures wired and wireless devices and networks including mobile devices, PCs, servers, and other Internet Protocol based systems.
You are saying "Internet Protocol" because it sounds impressive.
We're also in the process of building a Sever™ App for your mobile device extending your protection, while away from home. This interconnection will provide security, anonymity,
Oh, tell me more, I'm curious how this isn't going to compromise anything on the anonymity front (this is a non-sarcastic one. Well, half-sarcastic)
and malware protection wherever you are.
W h a t ? That makes no sense. Anonymity and encryption are completely orthogonal to antivirus. They have nothing to do with each other. Where is this mysterious anti-malware coming from?
Cute gif.
Heads up! If you're an online gamer get ready to experience a disgustingly cool boost in network performance. Your data travels faster than theirs!
This makes no sense. This makes no sense. THIS MAKES NO SENSE! You can't add a peer-to-peer anonymity routing system, which adds a ton of steps and overhead to the route your packets take, and somehow get "disgustingly" faster! I asked about this on Twitter and your response was utter gibberish.
Path of least resistance? You mean... the entire point of the internet? The thing that engineers and designers have spent the past couple of decades optimizing? Do you even RFC, bro? Do you think that packets are routed around in circles pointlessly for funsies? Do you have some sort of internet laser which bores through time and space? $199 retail suddenly sounds pretty reasonable for that sort of raw unbridled network-defying power.
Let's skip over the spiel about "villains," it's just fluff.
Sever™ is designed to work with your existing internet hardware. It's very easy to use, you simply plug it in with an Ethernet (CAT5) cable between your modem and router. Or you can use Sever™ as a wireless router itself.
Weirdly, I can't find an ethernet port in any picture of the hardware. There's just something that looks like it could be a USB port or could be an HDMI port depending on how you squint.
Features
I had to resort to the website to find entire sentences about what these might mean. For some utterly horrible reason, all the text on the site is an image. There goes all the money I spent on this retina screen!
- DNS Security – Sever™ with DNS protection blocking malware communications dead in their tracks
This appears to be vaguely related to some idea about malware c&c, but this statement itself is meaningless.
- Dynamic Packet Encryption – Sever™ encrypts at payload level rolling encryption protocols throughout the transfer data lifecycle
Did you just open a technical dictionary and pick random words? This says absolutely nothing about the actual encryption.
- Randomized Port Dispersion – Sever™ transmits your information through port dispersion, making it impossible for man in the middle attacks or port congestion
Okay, first off, randomized ports on the client side is something bog standard IP stacks already do. They always have. Your computer is doing it right now. Second, that in no way, shape, or form could possibly stop MITM attacks. They can either intercept you or they can't, and you can hop ports until you're blue in the face. Third, "port congestion"? Is this a problem you think you have? Is port 80 clogged? Pour some draino in there.
- Forced Routing
This doesn't seem to be defined anywhere.
- Unique Peer-to-Peer Network – Sever™ goes far beyond the capabilities of TOR and provides you with optimized throughput for up to 10X your current internet speed.
Absolutely magical. And they call me a witch.
- App Store
Uhh... ... ... ... ... ... what?
Benefits
- Makes you anonymous
- Secures your network
- Increase network speeds up to 10X
- No one can intercept your communication
- No one can track your online purchases
- Protects you from trackers
- Protects against crypto-lockers, malware, and bots
- Access the internet from any country
Deep breath. All right. How, how, how, how, how, how, what, and how? You have solved problems that thousands of brilliant people all over the world have been thinking about for a long time now. They're going to rename the Nobel Prize to the Sever™ Prize™!
The Anti-Villain Box is an open source hardware platform and an open source software platform. We developed a powerful dual development environment using state of the art mini computers capable of running multiple instances of linux. This is one sick open source development platform.
Good luck finding their github though. In fact they seem rather unclear on the concept of open source.
Sever™ allows you to take advantage of anonymity code designed to auto encrypt and hide application payloads as a default. We’re opening Sever up to you, the world. So go invent amazingly cool things with it- get crazy - make stuff that no one ever thought possible with Sever™.
Good job thoroughly conflating anonymity and privacy which are different things. Encryption (privacy) does not give you anonymity.
Sever™ shreds your data into billions of tiny data packets,
Are you like encrypting half of a bit per packet or what? I thought you were trying to prevent congestion, not drive it up by orders of magnitude.
encrypts each one with a powerful new encryption algorithm developed to STOP villains dead in their tracks and keeps you, what you do and your data from those you don’t want to have it.
Walk up to any encryption expert on the planet. Ask them what the #1 sign of encryption snake oil is.
Spoilers: it's "new, and totally secret, algorithm". Real systems ship publicly peer-reviewed stuff and keep the "new algorithms" in papers for the next conference.
Sever™ will not ask or expect you to share your data with us or anyone else. Its your data, its your children’s data and its your business data. Sever makes sure it stays that way. We’ve designed Sever with up to 10TB of SSD Flash memory.
So everyone was joking that $199 retail is really good for 10TB of flash, which costs many thousands of dollars. Of course, the trick is that the base model is a whopping sixteen... megabytes. This is only mentioned on the website. But – what are the terabytes conceivably for?! It's a router.
This means you can now do some pretty amazing things with your data knowing that your the only one in the world who can access it. Sever™ has built in data analytics. This means your can see your cyber life and do things with it that only you can do. Save money & time while understanding your cyber life like never before.
Not even a sick screenshot of orange and silver graphs of my C Y B E R L I F E? I'm disappointed.
Are you ready to bounce through the secure deflector path?!
I just... I can't. The website ends on the note of pointing out that their dinky Linux router supports PHP. It's like they were specifically trying to make me mad. A Denial of Abadidea Attack.
This is the scammiest thing I have ever seen and their attempts to argue with the grownups are the bright orange icing on the bright orange cake of scam.
But at least their photoshopping is pretty good.
So I received a reply:
And replied with this:
Jesus.