As promised, the Open Wireless Movement's new sharing-friendly, privacy-minded router operating system was unveiled at HOPE X in New York last weekend.
The OS, a joint project of Electronic Frontier Foundation, Fight for the Future, Mozilla, Free Press and others, is in "hacker alpha" and not ready for everyday use. It is designed to allow people to safely share their Internet connections with their neighbors; while also providing anonymization, encryption; a secure updating protocol that is designed to foil spies, hackers and cops who compromise routers with "lawful interception" tricks; and network-wide privacy-by-default for all users. They're looking for developers to help them build out and perfect these features:
Allow small business and home users to easily enable an open network, so guests and passersby can get an Internet connection if they need one, while keeping a password-locked WPA2 network for themselves and their friends or coworkers.
Let you share a bounded portion of your bandwidth on the open network, so guest users cannot slow down your Internet connection or use a large portion of your monthly quota.2
Provide state-of-the-art network queuing, so most users can expect an improved Internet experience—especially with latency-sensitive applications—compared to what commonly available consumer grade routers are delivering today.
Offer a minimalist, secure, and elegant Web user interface to set up and configure the router. Advanced, non-minimalist administrative options are accessible by SSH.
Advance the state of the art in consumer Wi-Fi router security and begin turning back the growing tide of attacks against them. Most or all existing router software is full of XSS and CSRF vulnerabilities, and we want to change that.
Include a secure software auto-update mechanism. In addition to using HTTPS, firmware signatures and metadata are fetched via Tor to make targeted update attacks very difficult.
Calling All Hackers: Help Us Build an Open Wireless Router
[Peter Eckersley, Jacob Hoffman-Andrews and Ranga Krishnan/EFF]
Yesterday, Dell was advising customers not to try to uninstall the bogus root certificate it had snuck onto their Windows machine, which would allow attackers to undetectably impersonate their work intranets, bank sites, or Google mail. Today, they apologized and offered an uninstaller — even as we’ve learned that at least one SCADA controller was […]
Last February, Lenovo shocked its security-conscious customers by pre-installing its own, self-signed root certificates on the machines it sold. These certificates, provided by a spyware advertising company called Superfish, made it possible for attackers create “secure” connections to undetectable fake versions of banking sites, corporate intranets, webmail providers, etc.
Today and tomorrow only we are offering an additional 15% off the entire Boing Boing store (some exclusions may apply). Simply use coupon code: BLACKFRIDAY at checkout! Below are a few of our favorites from the store: First Generation Lytro 16GB Camera: The First Consumer Camera to Capture the Entire Light FieldAdobe Training Videos: Lifetime Subscription: 6,000+ Adobe […]
Today only in the Boing Boing Store we are offering an extra 15% off of the below VPN deals just use coupon code: VPN15 at checkout. proXPN VPN: Premium Lifetime Subscription Surf the web with ultimate peace of mind – both at home and on the road – over proXPN’s fully-encrypted, lightning-fast servers. Your lifetime premium subscription […]
These knitted gloves are here to save the day (and your hands) with an ultra-comfy, double-layer that will allow you to stay warm and use your phone. Now you can take photos on the fly, text, Tinder, and more without letting freezing temperatures get in your way. Plus they work with all touchscreens, so no […]