
Plug anti-PRISM solution raises half a million dollars in 9 days on Kickstarter - gawenr
http://press.meetplug.com/53920-plug-anti-prism-solution-raises-half-a-million-dollars-in-9-days-on-kickstarter
======
DanBC
This is a "USB NAS Dongle", with different software.

The hardware is already made and available. Here's the manf listing for the
Wanser-R: ([http://www.mrt-communications.com/WANSER-R.html](http://www.mrt-
communications.com/WANSER-R.html)) Here's the Alibaba page for the MRT
communications NAS Dongle device ([http://www.alibaba.com/product-
free/103191249/NAS_Dongle.htm...](http://www.alibaba.com/product-
free/103191249/NAS_Dongle.html))

Here's an Amazon listing for something similar
([http://www.amazon.com/Addonics-NASU2-NAS-
Adapter/dp/B001OC5J...](http://www.amazon.com/Addonics-NASU2-NAS-
Adapter/dp/B001OC5J9U?tag=duckduckgo-d-20)) and the manf page for that
([http://www.addonics.com/products/nasu2.php](http://www.addonics.com/products/nasu2.php))

I'm not sure I want someone doing weird things to my file system.

I really hated the way they described what it does. I also disliked the "new
technology" to "instantly transfer files, no matter how many".

I have no idea if they've implemented the encryption in any kind of sensible
way. I guess we'll hear later if someone breaks it. I guess it's nice that
there's more encrypted traffic going over the Internet - regular people using
encryption means encrypted traffic is not automatically suspicious and needs
the same legal process of warrents to intercept it.

~~~
downandout
Yes, the real magic here is not the technology....it's their marketing. I'd
love to find out the particular shade of lipstick they put on this pig...it
would be interesting to know the referrers for the traffic to that page.

------
GhotiFish
I fail to see how plug is anti-PRISM.

All your devices need to install plugs software, at which point you provide a
login and a password, and _bam_ , you now have full access to your files
connected to your plug...

what?

So we go out and contact plugs central server, provide a username and
password, and now we have remote access to all our files.

ALL of them. Plug syncs everything.

PRISM, the program that secretly told internet service companies to provide
access and tell no one. and plug, the device that makes every single file you
have visible on a network connection that they hold the keys to.

Plug is going to have to go a long way to convince me that they can't be
compelled to release my credentials to a government authority, even if they
said they never would and they really really meant it, that still means they
have complete and total access to my life.

Anti-PRISM here isn't meaningless, it's outright wrong. Your product is only
anti-PRISM if your product assumes the author can't be trusted in addition to
not trusting the lines the data is sent on (At least they did that).

~~~
coopdog
From the security FAQ: "Plug uses asymmetric cryptography. When Plug is
installed, the application generates a RSA-2048 pair of keys, identifiable by
the user's email, and with a private key protected by the user password. This
private key, which is what authenticates a user in the Plug system, is stored
in your Plug and your devices. We don't know this key because we don't have
your password, so we cannot - us or anyone else - steal your identity."

So it really does seem to be zero knowledge, and therefore could be the magic
UI that finally makes proper asymmetric encryption tolerable to the general
public.

The NSA could still steal the key off of any of the devices, but it would be
hard to do that systematically on a global scale. The closed source nature of
this software probably still makes it a no-go though, they can just coerce
them to patch it ala skype.

I wonder how this would fair against TSA also. If your entire home server
looks like a folder, and they can copy that folder at the border, they now get
every file you care about rather than just the ones on any one device.

------
p4bl0
The usage of "anti-PRISM" is becoming meaningless. It's like the new rockstar
node.js on rails ninja. Just a buzzword. If you think that using your own
server instead of DropBox, switching from Gmail to another email provider, and
encrypting the content of your files and emails will protect you from PRISM,
well, you just don't understand at all what PRISM is all about.

First, nothing prevent government to listen to what happening on the backbone
cables (and they do, we now have the confirmation, they don't just ask a
finite list of service providers for the content of their users). Hiding the
content is one thing, but what these government programs mostly consist of is
to recreate people's networks. This is the main point. Sure it's always good
to encrypt stuff, but it's not sufficient to be called anti-PRISM. Most of the
"anti-PRSIM" thing I read about are not anti-PRISM at all, it's just used as a
buzzword. And it's a shame that a community such as HN fells for this.

~~~
MisterWebz
It seems you don't know what PRISM is either. AFAIK, PRISM allows them to
retrieve data from several companies that have given them access to do so. One
of the leaked slides also mention the capturing of data from the fiber cables,
but that wasn't part of PRISM

I do agree with your point however, I'm just nitpicking

~~~
p4bl0
Okay, if you call PRISM just that part of the big picture, you're probably
right. But then what's the point of being anti-PRISM? It would be like saying
"this meal is anti-food poisoning because one of the many ingredients has been
thoughtfully tested against known problems.", not that convincing to me.

------
bpolania
In this case what exactly does anti-PRISM means? How I see it it would be
PRISM 2.0, since the NSA will now not only have access to your cloud files,
now it will have access to your personal physical drives.

will I need to have a Plug account to access my drives? Will I be able to
access those drives from outside my house or office? Will my users/password
for that account will be stored at some king of Plug centralized server?

~~~
DanBC
It's a USB NAS dongle.

> _With Plug, all your devices are connected with each other thanks to a zero-
> configuration, private and encrypted VPN (asymmetric encryption based on
> RSA-2048 /SHA-1 keys). We had excellent speed benchmarks on this network. It
> goes through any main NAT & firewall we tested, it's decentralized when
> possible, and it doesn't require any user configuration. It's safe and does
> the job._

> _When Plug is installed on your computer, our application intercepts all the
> input /output operations performed on your files, using several patent
> pending technologies. When Mac OS X, Windows or Linux want to store or
> access data, they ask our application instead of manipulating the hard
> drive. When needed these operations are redirected to Plug. Thanks to this,
> we give you the best experience possible. We show in your OS all the files
> you have in your Plug, even if they're not actually in your computer. We use
> your local storage memory as a cache, to store both the files recently used
> and the ones you want to keep for offline-viewing._

I don't blame you for not knowing what the heck it is; I had to plough through
a bunch of nonsense to find the above two paragraphs.

~~~
BraveNewCurency
But all the magic is in their client-side software. It's more like having your
home directory on NFS, but it allows you to keep some files locally, and it
keeps revisions, and it transparently sets up VPNs for you, etc.

So, if you're a techie, it's "just a NAS". But if you're a non-techie, it's
100 times more useful than a NAS.

------
belorn
So its a closed source freedom box project with smaller scope, through it has
an prototype app-layer for the phone and other similar devices.

I really hope someone would just make a competing kickstarter project to make
a similar app-layer for the freedom project.

------
dal
Closed source, low performing hardware. Who would want this?

~~~
lucb1e
If the 100mbps connection is low performing to you, then I'm wondering what
kind of files you want to stream.

~~~
dal
What are you talking about? Quote from the kickstarter:

"Under the hood, the average transfer speed for your data will be around
30Mb/s"

That is megabits/s, pretty far from 100mbps. At home between my boxes I've got
1Gbps, why should I be unable to utilise that speed? That's just another
argument to why it should be Free Software so I/we can run it on any hardware.

~~~
lucb1e
Oh I missed that, point taken

------
downandout
It's an inexpensive way to create a SAN with some software to tie stuff
together. Assuming your router doesn't already do most of this, I suppose it
could be useful for home users. I find the anti-Prism claims to be getting old
quickly, and probably dubious in this case considering users with no security
knowledge are being encouraged to create a single access point to all of their
data. This obviously resonates with people, but I'm rather surprised at the
success so far.

~~~
BraveNewCurency
> I'm rather surprised at the success so far.

I think their difference is in their client-side software. All existing
solutions (dropbox, etc) are single-folder sync-all-the-files.

This solution is more like NFS, but with extra features (keep files locally,
keep revisions) and mapping of Document/Video folders between OSes.

------
lucb1e
Okay so you just plug this in to storage on one side, and internet on the
other. Then it works on LAN, but apparently also outside your LAN? They showed
that in the video. So there must be some sort of udp/tcp hole punching to get
through the NAT?

And then the files sync at the speed of my 832kbps upload speed? So much for
"one memory on all devices" when you barely reach 100KB/s reading speeds from
your "memory", divided by the number of users/devices, except for any cached
files. But the whole point was: no more moving, copying, downloading or
uploading, so caching files (which they showed) is in direct violation with
that vision and should not needed to be used.

Seems this product is just not for me and it's going to disappoint a lot of
users (500k backed shows they put a lot of trust in it). I'm happy to store
things in a cloud, but files will be encrypted before transmission and it has
to be open source software (preferably even already existing utilities).

~~~
millerm
Just to clarify, the is no synching. The file requests are on demand. Only the
metadata (oh, there is that word again) would appear when listing a
file/folder. Just like the rest of the net. It's not a synchronization service
but a file access system. That the reason you can have 1TB space on a phone.
It's a NAS device, or is it a SAN? Anyway, it just a Linux server that
connects to the Internet so you can get your goods. I'd rather they open up
the entire OS and software though. People need to know this is secure and not
just trust someone, again.

~~~
wWIwsijeC20
> I'd rather they open up the entire OS and software though. People need to
> know this is secure and not just trust someone, again

With open source software, too, you have to trust someone. In this case this
someone is the people who review it. Of course it's always possible to check
the source code yourself, but I doubt that most people would invest the time
to audit a codebase that has been worked on for two years or more, by several
developers. And even if they invest the time, chances are that weaknesses are
overlooked (see, for example, Cryptocat). And even if the source code does
exactly what is claimed to do, how do you know that the compiler works
correctly? Does the machine code really correspond exactly to the source code?

It always comes down to trusting _some one_. With open-sourced software, that
person is usually "someone on the internet". With Plug, you have to trust the
people who produce it. It is their business interest to provide a relatively
secure product, and from kickstarter they got a lot of resources to put into
this.

I for one would rather trust a company with a financial interest in providing
a secure product, than a couple of volunteers who are in it for other reasons.

Edit: Grammar

------
throwit1979
Um, there's also the client side of this.

You can lock up your data all you want, but with the NSA deeply embedded in
telecoms and mobile device manufacturers, once you try to access said data in
a manner consistent with the project's marketing, e.g. on an apple-engineered
device running Verizon's comm middleware, the NSA gets your data anyway.

This is the same problem projects like Moxie's silent circle have. It's
trivial for the authorities to grab data between the device's interface and
the software - they don't need to decrypt a damn thing.

~~~
DanBC
They claim the Internet connection between plug and the computer accessing
that plug is encrypted.

~~~
throwit1979
Right, but they have no control over interception rootkits installed on the
_client_. And all of their marketing material suggests that the client in
question will usually be your phone. After the VPN software decrypts the data
and before it is emitted from the speaker and/or displayed on the screen,
there is a cleartext data stream that could be intercepted by a rootkit that
the feds could order your telecom provider to silently install.

------
TerraHertz
If 'kickstart fund the Plug, to obtain cloud-like secure home storage' is
code-speak for 'kickstart fund the purchase of some blackmarket nukes, and
vaporize the NSA datacenters' then this just might work.

But seriously, there's some fundamental reality denial going on here. You're
going to try and solve this problem with a gadget? Uh... and that problem
would be that the Rule of Law has broken down, fascist criminals have taken
control of the government, and seriously intend to impose a total information
surveillance regime by whatever methods are required. Including, apparently,
several hundred million rounds of hollow point ammunition.

Yeah, with gadgets like this you might make the process slightly more tedious
for them. Assuming they don't enjoy simply dragging people off to indefinite
secret detention and crushing fingers until encryption keys are given up. But
that's a very shaky assumption. At best.

Also, closed source. Ha ha ha... Plot twist: Cloud Guys Corp are really NSA,
preparing a backup plan in case their major net service provider taps go sour
due to current temporary difficulties.

------
MortenK
What could be really nice would be a kickstarter to get that poor Snowden out
of Russia on a private jet and onwards to one of the countries offering him
asylum.

~~~
dano414
yea-I agree. It seems like his story is getting buried?

~~~
GammaDelta
I think Mr Snowden would much rather that we were discussing things like this
than his plight. :)

------
phy6
Plot twist: Information on donors leads to new selectors.

~~~
eksith
This is why the project would have been better off as open source with
anonymous donations. Decentralization is still the best way to defeat
aggregation.

------
deletes
I guess you have to first install and register plug on the mobile device
before you can use it. This would forbid connecting from any random computer.

~~~
chalst
A USB device can boot the needed software when it is plugged in, and the
device can have its authorisation interface (say a numeric keypad). It should
be able to interface to Windows and OSX devices without much rigmarole.

------
ra
The Kickstarter page [1] doesn't lean heavily on the anti-PRISM angle, so I
think the title is misleading.

In this case "Anti-Prism" means (not cloud but) USB attached HDD storage!

[1] [http://www.kickstarter.com/projects/cloud-guys/plug-the-
brai...](http://www.kickstarter.com/projects/cloud-guys/plug-the-brain-of-
your-devices)

------
lttlrck
So it's proxy for actual real-life protest against PRISM? If enough people buy
these it will force the government to change policy?

Anti-PRISM...

------
Gauhier
Did Edward Snowden backed the project ?

~~~
Kliment
Fairly sure all his credit cards and accounts are frozen.

------
melkisch
best kickstarter project i have seen so far

