Hands-on How fast things change: once upon a time (last week), Tor was seen as a tool for the paranoid and the criminal. VPNs were aimed at safeguarding traffic over insecure hotel and conference Wi-Fi networks – or for business.
But following a Congressional vote this week to effectively scrap digital privacy rights and give US ISPs the right to sell pretty much any data they can gather on you without needing to seek permission (or even inform you)... suddenly it doesn't seem so crazy.
With President Trump having already indicated he will approve the "congressional disapproval" vote of FCC privacy rules, it is only a matter of days before your personal information becomes the property of some of America's largest corporations.
What can you do about it? We've advised several things: particularly, setting up your own trusted VPN – if you're confident on how to do it – and installing browser extensions that will encrypt website connections. There's also the Tor network, which has its up and downsides.
Of those, using a VPN is top of the list because it acts as an effective block to your ISP being able to follow you around the internet. But signing up for a VPN provider, or getting on Tor, securely can still be a hassle and requires enough steps to put most people off.
Fortunately there may be a simpler solution: the Invizbox Go.
More than a year ago, we wrote about the Invizbox – an Ethernet connected box that gives you an instant connection to Tor, protecting your privacy in one simple step. The product was good, if not perfect. And it differentiated itself by relying on open source software as well as allowing for firmware upgrades.
The main point of it is to route your internet traffic through Tor or a VPN, and do this separately from the computer you're using. This potentially thwarts attempts by ISPs – and to be honest, the Feds – to track you, because all packets must go through the box, and out to the internet via Tor or your VPN provider. Any efforts by snoops to smuggle out a signal from your computer, to unmask your true public IP address and work out where you are and what you're doing, will still go through the router, and out via Tor or the VPN, thus confusing the digital trail back to your home, office or hotel room.
With that in mind, we were really interested in the company's next iteration: a portable Tor router that uses Wi-Fi rather than a cable and includes VPN access, as well as acting as a Wi-Fi extender and a USB charger. The company raised its goal of €100,000 on Kickstarter and in January this year, it shipped.
Unfortunately for Invizbox, literally days later the digital certificate included with the box's VPN service expired, requiring a firmware upgrade that, thanks to the product's security standards, was not a quick and easy solution.
And so the Invizbox Go has sat in a drawer at El Reg offices waiting on the ideal time to pull it out, update the firmware and test the product.
And that time is now.
Let's jump straight to the conclusion: if the fact that your ISP can now sell your personal data has you looking for a solution and you're willing to pay for it, and you're not happy with setting up your own VPN, then the $99 Invizbox Go is a potentially terrific option.
You can pay that and get two months VPN for free (thereafter $5.50 a month) or you can pay the company more upfront (for one or two years) and save on VPN fees. If you are really serious, $399 will get you a lifetime of VPN, the company promises.
By the way, we must state this: if you choose to use Invizbox's VPN, you are essentially trusting them completely with your privacy. Your internet traffic will flow through their VPN systems and out to the world. Therefore, your unencrypted connections to the 'net can be examined by the company, or they can be compelled by governments to grant access. Similarly, if you use Tor, you are trusting whoever is running the Tor exit node you happen to be using to not snoop on you. It is essential that you encrypt as much, or all, of your traffic as possible – using HTTPS Everywhere, and so on – if you route through Tor or someone else's VPN.
With that said, the box itself is the same size as an iPhone and what it does is create its own Wi-Fi network that you connect your devices to. One you've gone through setting up the gizmo (a five-minute job), the box handles all the VPN and Tor issues for you, so you connect to it and away you go.
That's a pretty neat solution for a lot of people. Especially since it comes with very little hassle: you turn the box on by pressing on its case and you put its SSID top of the list of networks for your phone/laptop to connect to, and you're done. What's more you also have a phone charger and a Wi-Fi extender if needed.
There are, of course, some practical issues:
- The box has to be charged. It charges through a USB cable so you can connect it to your laptop port while using it. But if not connected and charging, it should easily last a whole day. So treat it like your phone in terms of battery power and you should never run out of juice.
- You have to connect it to an available wireless point. You'll only have to set it up once but you will have to do so at each location: at home, at work, at your favorite coffee shop. This requires you logging into the box and connecting to the wireless point through its interface. It's an additional step but not a big one.
- You don't have a choice of VPN supplier – Invizbox has partnered up with IPVanish and you sign up for them through the box. Fortunately IPVanish appears to be a respected VPN company and – crucially – one that promises not to log or sell your data. But if you have your own VPN service already, you won't be able to connect to it through the Invizbox.
- You have to choose Tor or VPN. You can't do Tor over VPN. And if you want to use Tor you need to select it in the Invizbox interface. If you want to switch to VPN, you need to go in and change your choice. Fortunately the interface is extremely simple and easy to use, but if you switch a lot between the two, it will, again, be an extra step.
In terms of security, Invizbox seems to be doing a very decent job of ensuring that it is difficult to compromise either the box or your account.
When it arrives, the box comes with its own custom and complex password – no defaults here – and of course you are free to change the SSID and the password. An included card also has VPN login details that are, again, custom and complex.
The company is constantly updating its firmware – it's on 1.2.1 right now and updates have been put out at the rate of roughly once a month. Your Invizbox can be set up to update automatically every 24 hours or if you want control of the process, you can download and upgrade yourself offline.
We wouldn't go so far as to say the system is NSA-proof (what is?) but if you are serious about protecting your personal data in the wake of Congress' decision to kill off privacy protections and you are willing to spend $100 upfront and another $65 a year on a VPN – and you trust the VPN provider to be true to its word – then this is a product you should seriously consider. ®