The news over the past few years has been spattered with cases of Internet anonymity being stripped away, despite (or because) of the use of privacy tools. Tor, the anonymizing “darknet” service, has especially been in the crosshairs—and even some of its most paranoid users have made a significant operational security (OPSEC) faux pas or two. Hector “Sabu” Monsegur, for example, forgot to turn Tor on just once before using IRC, and that was all it took to de-anonymize him. (It also didn’t help that he used a stolen credit card to buy car parts sent to his home address.)

If hard-core hacktivists trip up on OPSEC, how are the rest of us supposed to keep ourselves hidden from prying eyes? At Def Con, Ryan Lackey of CloudFlare and Marc Rogers of Lookout took to the stage (short their collaborator, the security researcher known as “the grugq,” who could not attend due to unspecified travel difficulties) to discuss common OPSEC fails and ways to avoid them. They also discussed their collaboration on a set of tools that promises to make OPSEC easy—or at least easier—for everyone.

Called Personal Onion Router To Assure Liberty (PORTAL), the project is a pre-built software image for an inexpensive pocket-sized “travel router” to automatically protect its owner’s Internet traffic. Portal provides always-on Tor routing, as well as “pluggable” transports for Tor that can hide the service’s traffic signature from some deep packet inspection systems.

Counter-surveillance for everyone

There are plenty of reasons why an average person should care about OPSEC today, Lackey explained in his introduction to the session. “We're not really talking about people hiding while doing lots of bad stuff,” he said. “There are a lot of reasons why you'd want to hide. Especially post-Snowden. Part of it is to avoid global dragnets—you want to make sure if someone is monitoring everything, you don't want to get caught up in that.”

Monitoring also could result in profiling based on “somebody living next door to you making a phone call," Lackey added, “which because of the way the software works could end up flagging or profiling you… but it’s also just an issue of ‘none of your damned business.’”

Even encrypted connections provide metadata about an individual’s activities, as do patterns in an individual’s Internet traffic—which Ars found when we monitored the Internet traffic of NPR’s Steve Henn. But there’s a great deal of traffic that remains unencrypted, as Rogers noted during the presentation.

“Before the Snowden leaks, about one percent of Internet traffic was SSL protected,” he said. “Now it’s about three percent.”

The tools in PORTAL aren’t rocket science, Rogers told the Def Con audience. “The difference is that we’re packaging [tools] together and showing you how you can use these tools so you don’t have to think about it, and you can avoid the problems caused by human error.”

Virtual private networks provide some privacy, Lackey and Rogers said, but they don’t provide real anonymity—some VPN providers (particularly those in the US) keep logs of traffic, and they don’t provide end-to-end protection. Tor protects traffic for much of the trip—at least until they reach the exit node used to access the website or Internet service being requested. But Tor has hazards as well—in its basic form, it alerts those doing the monitoring that Tor is being used and can result in the user being targeted or blocked.

While there are other Tor-based tools to help protect anonymity, such as the Tor Browser bundle and the TAILS “live” CD and USB-bootable operating system, these are prone to accidental errors—like not waiting for Tor to be ready for traffic or simple misconfiguration. TAILS is restrictive, because it isolates the user within a Linux environment without access to local storage—not a great option for people who want to work with the operating system and software they use for their work.

“TAILS is a great project and piece of software, but it makes security assumptions about hardware which are probably not true today,” Lackey told Ars in an email interview after Def Con.

Privacy in your pocket

That's where the “travel router” comes in. Lackey said that a customized, secure router that allows people to just connect with their existing device over Ethernet or Wi-Fi is the “sweet spot” for maintaining anonymity. It isolates encryption and obfuscation from the user’s computer and eliminates the risk of the user forgetting to turn protection on. “The big advantage of something like PORTAL is being able to isolate failures to a dedicated outboard device and with a conceptually simple UI/UX,” Lackey told Ars. “It's a physical device, and when it's present and connected in line, traffic must pass through it. It never has your sensitive information on it.”

There are other low-cost routers available for privacy, such as the PogoPlug Safeplug. But Safeplug only offers basic Tor protection—making it impractical for use in countries such as China, where Internet surveillance systems watch for and shut down Tor traffic. The same goes for Onion Pi, a Raspberry Pi-based Tor appliance.

Portal includes the full capabilities of Tor—including pluggable transports for Tor, which can conceal Tor traffic from many of the network monitoring tools that look for patterns in packet data. There is an ever-expanding collection of pluggable transports, including:

Bananaphone, which turns Tor traffic into “natural language” streams of words.

Obfs4 and Scramblesuit, which obfuscate Tor by encrypting everything in Tor Transport Layer Security packets, eliminating the plaintext headers that identify the traffic.

Flashproxy, which wraps Tor traffic in WebSocket format, disguises it with an XOR cipher, and bounces it through short-lived JavaScript proxies running in other computers’ browsers.

Format-Transforming Encryption (FTE), which encodes Tor traffic to look like another protocol, such as SSH—avoiding detection by “regular expression” network filtering.

Meek, which disguises Tor as ordinary web traffic sent to Google, then forwards it through a third-party server.

The main drawback of PORTAL is that it currently isn’t a hardware product—it’s a Github download that must be “flashed” onto a TP-Link compatible pocket router. “The whole build process, management, etc. wasn't available at Def Con,” Lackey said. “Turning this into a tool directly usable by end users, or at least "power users" or sysadmins responsible for a group of users, is important, and something we're working on. Watch this space. Being able to flash your own devices is great, but for [more than] 95 percent of users today, they don't even want to do that much (nor should they be expected to!), so we're working on a solution.”