Thursday, July 3, 2014

iCloak Stik Aims To Put Robust Online Privacy In The Hands Of The Many, Not The Few

Meet iCloak Stik: a plug and play device that’s being designed to make robust online privacy accessible to the many not the few – by enabling an average computer user to route their browsing via the Tor or I2P anonymizing networks so it can’t be tracked.

The device will also let users select a particular country where they want to appear to be coming from, which can defeat regional content locks.

Every time you connect to the Internet with iCloak it will also generate a new random MAC address — meaning the hardware itself can’t be traced either.

All your browsing activity disappears without a trace once you shut an iCloak session down. This is because it’s effectively a clean instal every time you use it, which thwarts tracking techs like cookies and adware, along with more pernicious malware that might lurk on a computer that’s been around the cyber block a few times.

Sound interesting? Of course it does. Online security and privacy are continuing to rise up the digital agenda thanks to disaster vulnerabilities like Heartbleed, coupled with the slow drip of intelligence agency surveillance leaks from the Snowden files, and a growing realization among Internet users about the sheer volume of data mainstream digital services are amassing on their users — and using to manipulate the things we are exposed to.

The mainline Internet has become both an experimental corporate playground and an enabling Panopticon for omnipresent state surveillance. Little wonder there appears to be a growing appetite for privacy online.

So how does iCloak work? It’s a USB stick with a security hardened OS pre-loaded that’s designed to boot into RAM when a computer is rebooted, meaning online activity becomes sandboxed away from your standard OS and hard disk. The device works with Mac, Windows PC or Linux computers, and will be able to handle both 64-bit and 32-bit machines when it launches, according to CEO Eric Delisle.

The iCloak OS is based on Ubuntu, with some admin tools removed to make it even harder for hackers to meddle with. It’s also read-only, so again the idea is to lock it down as much as possible to provide a robust and secure environment for accessing the Internet.

The iCloak OS itself lives on a hidden partition on the USB drive so it’s not visible if the stick is plugged in and accessed on a live computer.

iCloak is similar to the Tails Projects but it wants to be a whole lot more accessible — aka: usable by the average computer user, not level 10 security geeks. So while Delisle says his startup is a big fan of Tails, and plans to contribute source code to that project, it also reckons there is room for improvement on the mainstream accessibility front.

“We’ve built a very basic, simple clean interface that provides several tabs — one of those tabs is your connection tab, and that just allows you to, whether you have an Ethernet card or a wireless card, to get connected to the Internet. The tools for doing that are in there, then the other main parts — there’s things like support and information — but the other main part is just an apps tab,” he says, describing the iCloak interface.

“We’ve kind of taken that modality of apps because it’s become so prevalent in people’s lives with tablets and phones and iPads and the like. That’s where we’re putting all of the things that you can do when you’re in iCloak.”

Unlike Tails, Delisle says the iCloak user won’t need to burn their own disc to use the system, or jump through complex set up hoops. The concept is reboot and get cloaked.

“iCloak Stik was heavily informed by a lot of open source projects that I’ve used for years,” Delisle tells TechCrunch. “Things like the Tor network, I2P, different kinds of encryption. Projects like live CDs or live OSes. And these are things that as a technologist it’s been fairly comfortable for me to use. But there’s just no consumer level way of people using this stuff. So that’s what we have done. We have taken the complexity out of it and we built a tool… that when you reboot the computer it basically renders that computer untraceable.”

“We’ve automated a lot of the things that we would do, as security guys, to keep ourselves safe and now, obviously, we’re passing that on in a consumer product so that grandma or my brother or my friend can take one of these things. And at least when they decide that they want to be private they can be,” he adds.

Delisle, a self-described serial entrepreneur, has been funding iCloak himself so far, but the last push to get the project to market — and do some market research to test the appetite for more mainstream privacy tools in the process – is taking place on Kickstarter.

They’re aiming to raise $75,000 and are already almost half way there with 24 days left to run so things are looking good for iCloak. If they hit the funding goal they’re aiming to ship to backers in September. Retail price for the device will be $50 for the standard iCloak Stik or $100 for a pro version that bundles additional software with it, such as a word processor, so users can do more than just private browsing when in a cloaked session.

Any third party software that DigiThinkIT, the company behind iCloak, is bundling with the device is open source and is also being modified to simplify the experience to make it as accessible to a mainstream user as possible.

In terms of specific features, the basic iCloak Stik offers anonymous browsing (StartPage is the default browser); a secure password storage and manager called iCloak Ring (which will also be able to function as a standard app on live computers, not just when cloaking your digital activity via iCloak); and a separate visible partition that your regular computer can access for storage uses.

The iCloak Stik Pro adds in GNU Calc for editing Excel spreadsheets; the AbiWord word processor; a messaging app for sending anonymous messaging; and a Bitcoin wallet to facilitate anonymous payments.

“We have a roadmap of some really interesting things,” adds Delisle. “For example we’re working on a concept that we came up with called identity sets [to allow people to appear to have a different identity than their own].

“Some of the tools that we’re making, like iCloak Ring, we’re going to be providing as apps that people can actually download to their iPhone or Android or whatever. So there will be components of the system that people will find useful outside of an iCloak session itself.”

“I think we have a real opportunity to help a lot of people, and in helping a lot of people create a good business out of it too,” he adds. “I think we’re hitting a nerve. And probably one of the greatest things is it’s hitting a nerve worldwide; this is not an American thing. This is a human thing.”

Delisle confirms the startup will be open sourcing all the iCloak software so third parties can verify the code. It’s also working directly with Tor with the aim of becoming the first officially “Tor certified” product.

“The idea here is we want to build our tools in a way that when a consumer gets them they don’t necessarily have to just trust us. They don’t have to trust that we did the right things. We want them to be able to trust themselves and give them the tools to verify what we’ve said and what this thing is supposed to do. One of the ways of doing that is using trusted third parties to take your stuff, tear it apart, audit it and on their own behalf say yes this does what they said it was going to do. And we’ll get Tor to do that,” he says.

He’s also hoping to play a part in expanding the Tor network — by putting Tor relay installers on all the iCloak sticks. “Because the larger the network grows, the safer we all are,” he adds.

No comments:

Post a Comment