In cryptography, the "man in the middle" is usually an attacker -- but when Keezel wants to get between you and the Wi-Fi connection in your hotel or your home, it's for your own good.
After a long crowdfunding campaign, the company is getting ready to ship its Wi-Fi security device, also called Keezel, in October. Any orders it picks up at the IFA trade show in Berlin this week will be fulfilled from a second production run in November, said Keezel CEO Aike Muller.
One problem Keezel aims to solve is that hotel and other public Wi-Fi services are often unencrypted, leaving your data wide open to eavesdropping by others in the area. If there is authentication, it's often only for billing purposes, and performed by a captive portal after the traffic has gone over the air in the clear.
Keezel, on the other hand, protects your devices' communications with it from eavesdropping using WPA2. It uses its second Wi-Fi interface to emulate a client connecting to the hotel's network infrastructure, then sets up a VPN connection over that and back to a server or service of your choice. All your data is then encrypted as it passes through the hotel's network.
As a bonus, in hotels that limit Wi-Fi connections to one device per room or per voucher, Keezel becomes that device, hiding your laptop, phone and tablet behind it, Muller said.
Since Muller came up with the idea for Keezel when working as a consultant, the team has found a bunch of other uses for the device. Those include businesses wanting a simple way to secure employees' remote connections, even when they are using personal devices, and as a quick way to set up point-to-point VPNs (although this requires two Keezels, one for each end of the connection.)
The latest use is as a security layer for connected home appliances. Smart lightbulbs often contain dumb security flaws, and many of them are never patched. Rather than leave your entire home network at risk of some hacker finding your lightbulb and using it as a staging post for an attack, you could to use Keezel to isolate it from other devices on your home network, co-founder Friso Schmid said.
Future software updates to Keezel could also block ads or prevent access to malicious websites, Muller and Schmid suggested.
Keezel recently upgraded its design with a new Wi-Fi chip that covers the 5 GHz band, so it now supports 802.11 b, g, and n. There's no point in adding 802.11ac, Muller said, because the dual-core ARM chip at the heart of the device wouldn't be able to keep up.
The basic version of Keezel can be pre-ordered for US$99: To make the most of it, you have to provide your own VPN. The company also sells premium versions including access to its VPN service for a year ($129), two years ($169) or a lifetime subscription ($429).
Keezel doesn't operate the VPN service directly. Instead, it aggregates three services, connecting users to the best one for their area and adding a layer of anonymity to the process. Keezel doesn't see what its customers are doing with their VPNs as it doesn't handle the data, while the VPN providers don't know who the users are, as Keezel only identifies them with anonymous tokens that it reshuffles every week. The company selected its three VPN providers on the basis of their quality of service and their promise not to keep logs, Muller said.
The device is a slippery half-egg shape, with a USB micro port and a single LED at one end, and a USB A port at the other. It houses an 8000 mAh battery, enough to power it for a full working day, which Muller enthusiastically defined as 10 hours or more. The larger port can be used to recharge the battery of a smartphone with less stamina, he said.
That USB port has a couple of other interesting uses, too: You can plug in a USB-to-Ethernet adapter to protect your use of wired connections, or a 4G dongle allowing you to connect over a VPN from pretty much anywhere. Keezel includes drivers for Apple's Ethernet adapter and its clones, and for all Huawei 4G modems, Muller said. The company is still evaluating the compatibility of other devices.