The recent public discussions about online privacy have many Internet users concerned about who has access to their online activities -- and with good reason. Most of us are at the mercy of service providers and network equipment vendors who have little incentive to protect our privacy. The US government routinely collects information about Internet users’ online behavior, and content owners can compel ISPs to collect and share information about users' online activities without any proof of harm. So how can we as individual consumers and small business owners protect ourselves and the people we care about?
As security expert Bruce Schneier described recently in this article in The Guardian, the best thing you can do to protect your privacy is “hide in the network” by anonymizing your online activities and encrypting your communications with open-source software. Don’t Snoop Me Bro provides these capabilities in the DSMB Tunnel, an inexpensive, easy to use appliance that requires no configuration and is activated by the turn of a key.
Virtual Private Networks are a network security technology that has been in use for over fifteen years. When you use a VPN, an encrypted link is established between a local endpoint in (or near) your computer and a remote server. Your traffic is encrypted and routed through this link, protecting the content as well as information about its origin. VPNs are widely used, especially by businesses, to allow employees to securely access their company network when traveling or working from home. More recently, consumer VPN services have become available. These are used to provide encrypted connections to a server in the Internet rather than a company network.
But VPN services -- even ones targeted at consumers -- can be challenging to configure, putting privacy out of reach for non-technical users. That’s how the idea for the DSMB Tunnel was born: we wanted to make a device that would establish an on-demand VPN tunnel with no user setup.
The DSMB Tunnel is a small device that sits between your computer and Internet router using an Ethernet cable. By placing the device between your Internet router and ISP modem you can protect all the traffic associated with your ISP account. When you turn it on, it automatically establishes a prepaid VPN connection with a destination server in the country of your choosing. Our goal was simplicity, and we made a network appliance with the most straightforward interface we could come up with: to protect your network, simply turn the key on the front of the device. There’s no software to install, no firewall to configure.
When the key is turned to ‘on’, the light on the front turns green and all of your traffic travels through an encrypted tunnel to a VPN server in the country of your choice. When your traffic reaches the VPN server, it is decrypted and forwarded to its destination carrying the address assigned by the VPN service as the sender’s network address. The unecrypted traffic no longer has the network address assigned by your ISP, removing traceable links to you or your ISP account.
Traveling through the VPN adds a small delay when the Tunnel is ‘on’. However, we’ve verified that we can watch streaming videos and surf the web just fine. Nevertheless, for latency-sensitive applications like gaming, we recommend that you turn your Tunnel to ‘off’. When it’s ‘off’, the Tunnel is invisible on your network and there is no added delay. And, to protect users further, if the VPN service fails while the switch is in the secure ‘on’ position, traffic is blocked so that you will never unintentionally send out sensitive traffic without protection.
CAD rendering of production DSMB Tunnel
Our goal is to bring low-cost, easy-to-use privacy to anyone who wants it, not just skilled IT professionals. To do this, we set our fundraising goal to cover the startup costs for high-volume production. This will allow us to sell our product at the lowest possible price.
Here’s where you come in: at less than 1,000 units, the cost for components to build each DSMB Tunnel adds up to a pretty hefty price tag. The more interest we have, the better deals we can negotiate with our vendors -- which means that we can offer Tunnels at lower prices. We want to be able to sell them at $150 (with a full year of VPN service included), and that price is possible at a quantity greater than 1000.
Our design is built around the OpenVPN application and other open-source software based on the popular OpenWRT Linux distribution. The first prototypes (shown above) have cases made from laser-cut acrylic and an alpha version of our software running on a custom development board. We’ve identified all the components and materials for our beta testing phase, and we’ve begun testing in-house. If this campaign is successful, this fall we will continue to refine the software, electronics, and housing to maximize stability while keeping production costs low. Further, we will continue to explore VPN service provider alliances. Some manufacturing, such as the housing and circuit board fabrication, will be performed by trusted vendors to keep prices as low as possible. Nevertheless, we will ensure quality control by always performing the final integration and testing ourselves.
Each DSMB Tunnel comes with one year of prepaid VPN service. In the interest of preserving Tunnel owners' privacy, we will keep no records associating a particular unit with your identifying information. The service provider will have no knowledge of the identity of the Tunnel owner because the services are bulk purchased by DSMB. We’ve had a great experience with the VPN service provider that we have been using for the prototypes, but we have not decided on a final VPN provider for ongoing large-scale production.
At the end of the year of VPN service, users can, of course, purchase an entirely new device. Or, if you want to keep your Tunnel and simply buy another year of service, you can purchase a Secure Data (SD) card from us that is preloaded with the information for a new VPN account. Again, we will never provide the service provider the identity of the end user.
While consumer VPN service is not a new innovation, the Don’t Snoop Me Bro approach to consumer VPN service is. The most similar device available today is a VPN router. Typically, VPN routers do not include VPN service which, if included, would drive the price to over $300. Further, these systems require configuration by someone with networking expertise. In contrast, the DSMB Tunnel is an affordable easy-to-use VPN appliance with prepaid service requiring no end-user setup. We believe that we can make online privacy available to as many people as possible.
We are really excited about the possibilities of the DSMB Tunnel and technology like it, especially products that could help protect medical, legal, and proprietary information for individual consumers and small businesses. We want to make protecting your privacy is as easy as turning a key. Thank you for taking the time to explore our product, and we hope that this is the start of something awesome!
Version 1 of the Don’t Snoop Me Bro Tunnel will be simple but secure, easy to use, and with good performance:
Key switch interface. Easy-to-use, intuitive operation.
Automatic OpenVPN tunnel establishment. Turn the key and an encrypted tunnel comes up automatically between the DSMB unit and the VPN server in the location of your choice.
One year prepaid VPN service. Your DSMB unit is preconfigured to access a VPN account that has been prepaid for one year and allows you to establish tunnels to a range of US and offshore locations.
Bridge mode when tunnel is disabled. When latency is important or privacy is not needed, the DSMB tunnel can be put into bridge mode, invisible to the network.
Two color LED to indicate tunnel state. A green LED indicates the tunnel is active and your privacy is enhanced. A red LED indicates you the tunnel is not providing any protection.
Web-based configuration. The DSMB tunnel will work out of the box with no configuration. But if you want to make changes, a password protected web page can be accessed on the unit.
Selectable tunnel endpoint location. VPN end-points are located all over the world. Users may select which location suits them and change as often as desired.
Configuration reset to factory defaults. A button is provided to return the unit to the factory configuration.
Connection test mode. A diagnostic mode is provided on the configuration web page that allows a user to establish a tunnel and verify the IP address and associated geo-location of traffic emerging from the endpoint.
Below are the specifications of the functional prototype shown in the video.
Housing dimensions: length 5.073” x width 4.0775” x height 1.477”
Housing material: Laser-cut acrylic
Power usage: 0.5 Watts @ 3.3 Volts
Processor: 400mhz MIPS
One Gigabit Ethernet Port (1000Mbps)
One Fast Ethernet Port (100Mbps)
- Power Jack
We are currently testing endpoints in the following countries: UK, Germany, Canada, The Netherlands, Switzerland, South Africa, US (several regions), Russia, Ukraine, Thailand, Singapore, Hong Kong, Japan, Brazil, Chile, and Mexico.
Don’t Snoop Me Bro is a small company working out of Somerville, Massachusetts. On this project we are collaborating with our friends at DGF Technologies, who bring a great deal of expertise in electronics, software, and fabrication. Together, we have a variety of backgrounds, but a shared passion for privacy and security. Conversations within the group led us to the idea for the Tunnel, and we spent this summer turning our idea into a consumer product. Our range of unique perspectives has allowed us to create a product that will be usable for the widest possible audience. We’re on a mission to help you to protect your privacy, and we’re so excited to bring this product idea to you!
Video by Erik Heumiller / www.heumiller.com
Logo Design by Benj Gleeksman / www.mistergleeksman.com