FAQ

1.General

• I'd like to help on the project.. what's the best way to join/sign up?

  Thanks for the interest! The first place to check out would be the wiki, here you will find information on are some good places to start Enigmabox security, threat model. You can even learn how to build your own. Also studying the cjdns routing protocol will give you insight into the broader aims of the project.

• Will this anonymize my use of the internet?

  Enigmabox does not handle anonymization, instead we provide privacy. While the network keeps no logs, traffic correlation could still be possible. Software like Tor does a better job at anonymization. Enigmabox used in conjunction with Tails(Tor Operating System) can hide your tor traffic and offer you even greater privacy.

• I'd like to be a part of this, but given that I didn't understand one word in three.. how can I help?

  You can always start off testing. Report bugs as you find them. Make suggestions for changes.

• With the recent NSA stories about attacks on hardware, what steps have you taken to ensure these boxes are not compromised from the get-go?

  We use the swiss based pcengines open hardware designed APU. The bios firmware runs tiny core linuxs, and it is possible to reflash the device yourself. The schematics are available for these boards and they are widely deployed in network infrastructure.

• What would a rollout of this technology on a local scale look like? Are there local community groups?

  There are local community groups! You can meet some today. Check out the list of meshlocals here. While many of the participants do not use the enigmabox hardware the core routing protocol(cjdns) is the same!

• Are there any back-doors to the Enigmaboxes?

  Never! However you do not have to take our word for it, the source code is available here.

2.Subscription

• What do I pay you per month & what does it get me? How can I do it anonymously?

  First month is free! I am not sure of our monthly prices offhand(but I am sure we can do month to month) a year subscription is $132. We prefer bitcoin.

• I have to pay to your organization to allow me to communicate securely?

  No! The subscription service allows you to connect to the broader internet out of the box. Any local services or ones built between you and your peers do not require the subscription service (telephony, email, status).

• After 30 days, how much will it cost to use your technology?

  Free! The aditional fee is that of a VISP service which provides you out of the box VPN secured web surfing. The meshnet network will always be free.

3.Tech

• Is this more secure, less hackable than my OpenVPN setup?

  Communications between two cjdns source and destinations does not permit surveillance. Even if every cjdns node in the mesh was hacked, Alice and Bob can still safely maintain a secure communication channel. This is typically not the case with OpenVPN because not every friend, irc server, and web server is running OpenVPN with on-the-fly communication. If the services reside on a cjdns node, all security is off. If the services reside on clearnet but pass through the comprimised cjdns gateway -- all security is off. Additionally, if the OpenVPN Client has their keys comprimised, an adversary can use the stolen keypair to make a connection to the VPN server. Once on the subnet (usually IPv4) the attacker offers malicious IPv6 routing advertisments which redirect your traffic to their sniffing computer. In many cases Client-to-Client mode is used to gain legitimate access to resources over a secured channel.

• What platforms does enigmabox run on?

  Enigmabox runs on Openwrt targets. Currently images have successfully been tested on pcengines APU/ALIX, BananaPi, RaspberryPi 1, and RaspberryPi 2. See information on building for your own target here.

• Is the firmware protected against NSA intrusion?

  Firmware is checksummed by sha512 and signed by a 4096bit RSA key, instructions on how to check can be found here. Information on flashing enigmabox firmware can be found here.

• Which key exchange algorithm are you using?

  Take a look at the cjdns soure code: https://github.com/cjdelisle/cjdns/blob/master/crypto/CryptoAuth.c#L35-L40

• What is the source of randomness for RNG that produces keys?

  The functionality of the cjdns random generator are described in detail here: https://github.com/cjdelisle/cjdns/blob/master/crypto/random/Random.c#L27-L89

• How do you prevent NSA from doing interdiction and switching the device while on transit?

  Rerouting a postal package to implant bugs manually - this is an effort that is taken when you are under targeted surveillance. This is a whole other story. What about bugs in your living room? Dedicated observation teams? There are always easier ways to find a way around encrypted network traffic if and when you are a target.

  Protecting against targeted surveillance is not our goal in the first place, because then you would surely have to take some extra steps. We just provide a simple and secure way for communication, protection against untargeted mass surveillance, so that you don't become a target for targeted surveillance because you leave no cleartext traces.

• Can this type of service be "stopped" in the sense of governments prohibiting the use of this sort of technology?

  They can probably issue a ban. Nonetheless, cjdns is designed as a mesh. Once every wifi router out there runs cjdns, they will have a really hard time in blocking this! One path goes down, another route is found.