Say hello to Safeplug, Pogoplug’s $49 Tor-in-a-box for anonymous surfing

You may know Pogoplug as the maker of little “personal cloud” devices for streaming media from your home to your smartphone, or, if you’re more up to speed with what the company’s been doing, you may be aware of its Dropbox-battling cloud storage services. But while security has always been a necessary aspect of these plays, Pogoplug is now jumping headfirst into that space with its new product, Safeplug.

Safeplug is essentially Linux-based hardware packaging for Tor, which is slightly-hard-to-use software for people who want to surf the web anonymously. Tor does this using encryption and by bouncing everyone’s traffic around other users’ connections, making it almost – but not always — impossible to see who’s visiting which page. Safeplug also automatically blocks ads.

“We’re huge fans of Tor and are very good at building these small appliances,” Pogoplug CEO Dan Putterman told me, explaining that Safeplug just needs to be plugged into the user’s router. “It takes 60 seconds to install, then all of your in-home internet access becomes completely anonymized. We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user.”

Anonymity is complex

Safeplug with phoneIf only things were that simple. Tor may be good for privacy, but it doesn’t play nicely with all the things you might want to do on the internet – all that bouncing-around of traffic means slower surfing, which becomes an issue with streaming video and gaming, and the anti-fraud mechanisms in online banking services aren’t too keen on anonymized access either.

Pogoplug is aware of these limitations, Putterman said, which is why users can whitelist certain sites so that their use is not run through Tor. Users can also set up Safeplug to work on a per-browser basis, so for example Firefox may always run through Tor while Chrome(s goog) won’t. I worry that this sort of complexity will bedevil those who expect to just plug the thing in and forget about it.

On the plus side, users can also set themselves up as Tor nodes to help others surf anonymously (the default setting for this is “off” as it has bandwidth implications). Putterman said Pogoplug hadn’t actually talked to the Tor folks before putting their open-source project in a box (“We wanted to have some aspect of secrecy in the development process”) but pointed out that it would “hopefully make a significant impact in terms of the number of relays out there”, thereby making Tor better at what it does.

“Vetted software”

Safeplug runs Tor and a proxy server with “hardened” SSH access, and that’s about it. It costs $49 and is initially on sale in the U.S. Pogoplug plans to also sell it across Europe and Asia, and yes, Putterman is conscious of that fact that some people there won’t be brimming with trust for a security product coming out of the U.S.

“It’s using very vetted software,” he pointed out. “We could have run a VPN or proxy service somewhere else, but we realized the only way to truly guarantee [anonymity and safety] is not to be reliant on any other service. People who are sceptical can look at the Linux level and see exactly what processes are running. Technical users can look inside the box and feel safe that it’s only running Tor.”

Pogoplug has even made firmware updates for the device pull-only, not push – “If we pushed, we’d have to track all the boxes. It’s pull-based for security reasons.”

Safeplug aside, Pogoplug is also seeking to reassure customers outside the U.S. with the siting of its data centers (Pogoplug only used Amazon Glacier for a few months in the early days of its cloud storage product). It has several in the U.S. and one in Israel, and it’s currently setting one up in France. Japan’s next on the list.