Indiegogo GitHub
Support us in
Indiegogo

General

Based on Debian
System Type Server&Gateway
Desktop No desktop
Type Protection & anonimization system & distributed services.
Supported hardware Odroid XU3 and C1
Architecture ARMHF
Gateway and torify any operating system Yes
Opensource Yes
Live DVD/USB No
Non-Anonymous Developers Yes
Persistence (applications&data survive reboot) Full

Kernel & Forensics

Threat CageOS Protection
Several Exploit GrSecurity
Memory-based protection schemes PaX
Mandatory access control scheme SELinux
Cold Boot Attack TRESOR
Potentially hostile/injected code from non-code containing memory pages KERNEXEC

System

Threat CageOS Protection
Toolchain compilation (fortify) libc patches
MAC Spoof MAC Address randomizer
Hardware Serial number identification HDD/RAM serial number changer
Vulnerable on bootloader Bootloader password protection
Vulnerable on boot partition modifications /boot partition Read only. Needed to change only on kernel upgrades
SSH root login directly Disable SSH root login
Physical reboot Disable control+alt+del on inittab & /​etc/​acpi/​powerbtn-acpi-support.sh
Brute force attack on services Fail2Ban
ICMP Flood Protection IPTables not answer ICMP requests
Network accept all port connection IPTables DROP policy by default
Virus infection on other network OS Clamav
Intrusion Detection System Suricata
Hidden software exploits RKHunter
Software security holes Debian Security repositories
Untrusted Cronjobs Block cronjobs for everybody in cron.deny
Binaries with root permission Disable unwanted SUID/SGID binaries
Insecure network programs Block rlogink,telnet,tftp,ftp,rsh,rexec
IP spoof sysctl hardening configuration
IP spoof Darknet preconfigure
TOR extra security SocksPort 9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr
DNS leak protection Usage of OpenNIC
Hidden code on apps Verifiable builds
Take advantage of already logged in sessions Bash usage of VLOCK and/or TMOUT to protect your bash login
Direct access to HDD data Full disk LUKS encryption
Exploits of shared resources & hardware Docker
SSH Old protocol weak SSH only protocol V2 allowed
Computer stealing Secured&encrypted backup on decentralized storage grid
Rootkit Use OpenSource & RKHunter
Software backdoor Use OpenSource
Hardware backdoor Use OpenHardware
Packet Sniffing Using HTTPS Everywhere

Security

Responsible for building Tor circuits Tor client running on CommunityCube
Exploit Quantum protection Yes, suricata
Intrusion Prevention System Yes
Browser exploit protection Yes
Protection against IP/location discovery Yes & agent
Workstation does not have to trust Gateway No
IP/DNS protocol leak protection Only if you configure manually

Updates

Operating System Updates Persist once updated
Update Notifications Yes on LED and TFT display
Important news notifications Yes on LED and TFT display
Decentralized System Updates Using APT P2P

Fingerprint

Network/web Fingerprint Maximum possible protection with Agent (pc (windows/linux/mac) & mobile (android/ios)
Clearnet traffic Routing model it's described in Network page
Surf the deepweb with regular browser Yes but not recommended
Randomized update notifications Yes
Privacy Enhanced Browser Yes, Tor Browser with patches
Hides your time zone (set to UTC) Yes
Secure gpg.conf Yes
Enable secure SSH access Yes, through physical TFT with external network disconnect
Auto Disable logins Only logins are possible on configuration mode, activated through physical TFT with external network disconnect
Internet of the Things protection Yes, it's described in Network page

Misc

HTTP Header Anonymous Yes
Big clock skew attack against NTP Tot blocked
VPN Support Configurable through TFT
Ad-bloking track protection Yes
Root password configuration Yes, mandatory on first boot and later on TFT configuration panel
Wifi password configuratio Yes, manadatory on first boot and later on TFT configuration panel
Internal WIFI device without password or WEP encryption No

PLEASE DONATE AND SHARE!

Indiegogo

Thank you for your awesome support!