Winston: An IoT Privacy Protection Device

A profile picture of founder of Winston Privacy, Rich Stokes
(7 minute read)
The degree of manipulation in the modern world is unprecedented.

In a world where many terrifying aspects of George Orwell’s sci-fi dystopia 1984 have come to pass, Winston Privacy is protecting its users against constant security and privacy intrusions. We sat down with Richard Stokes, Winston’s CEO, to learn about the current privacy landscape and how Winston keeps its users safe and secure. Let’s hear what he has to say:

What is Winston?

Winston is the world’s first device that ends all non-consensual third-party tracking on a network. Most Americans are aware they’re being tracked, but unaware of the degree and extent.

A picture of the Winston Privacy Device
The Winston dimensions: 117mm x 117mm x 24.8mm, 66.85mm deep with kickstand.

Privacy software has existed in some form or another for about 20 years. It’s generally been pretty niche, appealing to a highly technical audience. Winston is different. You simply plug it into your home network, and in 60 seconds:

  • All internet traffic is encrypted.
  • Your IP address is anonymized.
  • Over 90,000 tracking sites are blocked.
  • Your internet is accelerated, thanks to how much traffic we block.

Third parties are currently the biggest privacy threats. While most people don’t fear Google, Facebook, Apple, or Amazon because these are American companies (and under a lot of scrutiny), there are thousands of small companies collecting your data, aggregating it, and selling it without your knowledge.

These thousands of “Little Brothers” (as opposed to Orwell’s governmental “Big Brother”), are grabbing as much data as possible through any means necessary. Many of these companies are even outside US jurisdiction, so legal protections aren’t effective against them.

Why is Winston a Hardware Device (Instead of a Firewall, VPN, or Ad Blocker)?

We created Winston as a hardware device so it can protect and regulate all the traffic going to every device on the network. If your device is on a Winston-protected network, your privacy protection is greatly amped up. The same can’t be true of firewalls, virtual private networks (VPNs), or ad-blockers. As an example, let’s compare Winston to a VPN.

A VPN is essentially a tunnel to a centralized endpoint. Most VPN users incorrectly believe they’re completely anonymous. A VPN doesn’t anonymize you, however. It simply changes your IP address, and there are many tracking technologies that can identify you without relying on your IP. Additionally, while a VPN provides some security protection against eavesdroppers directly on your local network, it doesn’t provide any privacy protection at all. Worse, user experience with VPNs is typically sub-par. Users often typically see VPNs as a necessary security precaution, but find them annoying because they slow down connections. Using a VPN also raises concerns about the VPN provider themselves. A VPN provider can track and monitor your data–what are they doing with it?

Winston takes a different tack, using a distributed model where each user’s internet use is scrambled with all the other Winstons (similar to the method used by Telegram or Signal). It’s completely encrypted, end-to-end. Even Winston Privacy can’t see what’s going on in the network. We don’t collect any data. We have no way of monetizing it. We also make data collected by third parties less reliable.

We want Winston to stand for trust, transparency, and privacy. Google’s motto used to be, “Don’t be Evil.”

That lays the groundwork for Winston’s, which is, “Can’t be evil.”

How does Winston Improve IoT Security?

TechRepublic filmed Rich demonstrating how Winston protects all devices on a network.

If you consider the attack vectors on IoT devices, Winston protects its users from both security attacks and privacy attacks.

IoT Security Attacks

The biggest attack vector for IoT products is DNS Rebinding, where a malicious actor tricks the device into connecting somewhere other than it intended to, even potentially receiving firmware updates from an attacker’s server in a country halfway around the world. That server could download new source code that allows them to control the device.

Winston prevents these robotic takeovers by intercepting all outbound DNS requests, encrypting them, and sending them off to Cloudflare or IBM. They’re also all scrambled, providing an enhanced level of privacy protection in addition to the heightened security features.

IoT Privacy Attacks

If you bring an internet-enabled glucose meter into your home, your ISP (and anyone else sniffing around your network) can easily figure that out, and therefore assume you’re diabetic. They then sell that information about you, without your knowledge or consent.

Winston avoids these privacy attacks through traffic shaping, where your device traffic is scrambled with the network and device data from other homes. Traffic shaping reduces a third party’s confidence in their pattern-matching or heuristics applied to your network.

How did You take Winston from Concept to Market?

While working as the head of innovation for the world’s largest ad agency. I gained alarming perspective on the various ways tracking was becoming more and more invasive over time. I learned that Spotify playlists and Amazon purchases were being used to build profiles on individuals. Even antivirus software monitors its users! And that was just the tip of the iceberg.

Old television representing old marketing
“The old marketing trade went like this: you trade a little bit of your time for a commercial in order to fund the TV program you get to watch. It’s not a ‘trade’ anymore. ‘Trade’ implies volition.” – Winston’s about us page.

I recently spoke with a company that bragged they can monitor the location of every cellphone user in the US within ten feet at all times. They’re adding a metadata layer to figure out when you’re with your spouse so they can target you with advertising (because you’re less critical of advertising then). The degree of manipulation in the modern world is unprecedented.

Once I saw where the industry is going, I realized this wasn’t the world I wanted my kids growing up in. I conceived the idea for Winston and we dove into quantitative research.

From there, we took Winston through a host of hardware issues, like custom kernel development, drivers, and an involved update process.

Our biggest heavy lifting was achieving universal device compatibility. There are many, many ways to break communication on IoT devices. Many of them are poorly programmed and will break easily if anything interferes with their communication.

Solving those issues was a real challenge. Taking Winston from concept to market ultimately took fifteen months.

Who are Winston’s Primary Users?

The prime user for Winston is someone who wants to protect their family. We’re primarily focused on the family experience. We often hear complaints about VPNs, ad blockers, and homegrown solutions. They make family members angry because they break processes (and anyway, it’s not like you can put an adblocker on a smart TV.)

With Winston, we aim to have a highly effective privacy device, but not so effective that it breaks the internet. We’re focused on a seamless, transparent, convenient solution that satisfies everybody in your family. Additionally, those who have a family are more likely to see the value of Winston. Because Winston protects every device with one product, the more devices in a home, the more Winston helps.

What’s Next for Winston?

We began shipping Winston to customers in February of this year and are currently backordered. There’s a waiting list for new orders, with the next batch set to ship in April. We’re also launching a Kickstarter in May, and plan to make Winston available on Amazon when we accumulate more inventory.

We’re also frequently asked when we’ll make a version for offices. We’re currently focused on the consumer, as that’s where we can make the biggest dent in the surveillance economy. There’s certainly a need for Winston in offices–it’s an opportunity for the future, and it will be on our radar at some point.

Why is Winston named Winston?

We named Winston after the protagonist in 1984. One major premise of the book is thought control—the ability to monitor everything in your home and use that information against its inhabitants.

Many privacy violations we see today are actually described in the very first chapters of the book, such as microphones and cameras that can monitor every conversation in a person’s home.

I almost wish the book was named 2024, because that would have been more temporally accurate. Orwell’s predictions are shockingly apropos for our current technological landscape.

Winston protects its users from any malicious or unwanted actors. Winston is helping prevent 1984 from becoming a reality.

Curious for more information about Winston? Want to protect your network? Visit WinstonPrivacy.com.

This was an interview with Richard Stokes, Founder & CEO of Winston, written by Julian Wise.