This DIY Implant Lets You Stream Movies From Inside Your Leg

Biohackers inserted a device—a hard drive plus router—into their legs. They say it could improve data security, but it also raises knotty legal issues.

The door to Jeff Tibbetts’ DIY operating room in his garage in Tehachapi, California, is covered with the signatures of those who have gone under his knife in the white-walled room on the other side. Tibbetts, a professional nurse and a self-taught body modification artist, is in high demand among grinders, a community of biohackers with a penchant for implanting nonmedical devices in their bodies. Many of the names on his door are accompanied by a short description of the procedure they received: James implanted an “APT KEY”; Justin walked out with “3 test magnets”; and Rich got something called a “blood diamond.” Tibbetts’ alias, Cassox, is also on the door. Of the dozens of devices implanted in his body over the years, most were inserted with his own scalpel.

The most recent signature on Tibbetts’ door belongs to Michael Laufer, the public face of the Four Thieves Vinegar Collective, a controversial group of anarcho-biohackers that wants to open-source the production of lifesaving pharmaceuticals. But it was a different project that brought Laufer to Tibbetts’ garage in August: an implantable device called PegLeg.

PegLeg is a wireless router and hard drive rolled into one small, subdermal device. Laufer and a small group of collaborators created it using less than $50 of hardware. It’s a little larger than a pack of gum, but once implanted it turns your body into a node of a local mesh network. Any Wi-Fi-enabled device can access the device’s network, and the implant can also mesh with other PegLegs to create what is, effectively, an internet of legs.

PegLeg doesn’t connect to the internet backbone that you’re using to read this article. Instead, it creates a local wireless network that anyone in the same room can access. The implant can store hundreds of gigabytes of data, stream movies or music to connected phones or computers, act as a server for an anonymized chat room or forum, and smuggle encrypted files across international borders. PegLeg was designed so that anyone who connects to the device’s network can upload or download files to the hard drive anonymously, but this radical openness raises thorny legal questions about who is responsible for the data stored in another person’s body.

Welcome to the age of thigh speed internet.

PegLeg is an offshoot of a similar open-source device called the PirateBox. David Darts, an art professor at New York University, created it in 2011 as a way to easily share files with his students and to challenge the distinction between “sharing” and “piracy.” The original PirateBox consisted of a wireless router, a network adapter, and a thumb drive all packed into a lunchbox emblazoned with a skull and crossbones. Over the years, emergency responders, teachers, librarians, and artists have all used it for their own ends.

In 2018, Laufer brought his PirateBox to Grindfest, an annual biohacking meetup hosted at Tibbetts’ house, as a way for attendees to share files. When he brought out the device at this year’s Grindfest in May, someone asked the question that you’ll only hear at a grinder meetup: Can I put that in my body? Over the course of the weekend, Laufer worked with two collaborators, Zac Shannon and Nick Titus, to find out.

The PegLeg is based on the PirateBox, created by David Darts in 2011 to locally share files without connecting to the internet.

David Darts

Turning the PirateBox into an implant required a drastic reduction in its size.

David Darts

They managed to reduce the PirateBox to about the size of a box of cards, but with a thinner profile. It included just a portable commercial router, stripped down to its circuit board and flashed with the PirateBox software. But it was still giant as far as implants go.

The biggest challenge, says Titus, was figuring out how to power the thing. Biohackers tend to shy away from implanting batteries, which can swell and crack the biosafe resin that coats an implant. Instead, they opted for a wireless power receiver, which uses the same Qi protocol that can wirelessly charge smartphones. Since there is no battery, PegLeg can’t store power and only works when a wireless charger is held near the implant. But if the device is inside your thigh, you can just tuck the wireless charger in your pocket to allow for hands-free operation.

Once the PegLeg prototype was assembled, Tibbetts coated it with some bio-safe resin to dissipate the heat it would generate and to protect the metal components from contact with bodily fluids. A grinder from the UK who goes by the alias Lepht Anonym volunteered to have the world’s first DIY networked implant inserted on the back of their right arm. In the five months since the insertion, the incision has healed and the device is working as expected. Lepht says they filled the 64 gigabytes of space on their PegLeg with “all sorts of stuff people might like to download and pass on to each other,” like books, films, and music. Lepht says the biggest problem was when the device set off handheld sensors at the airport.

“The Yanks put me through their body scanner, which showed it as a big old block under my skin,” Lepht says. “I said it was a ‘medical device’ and surprisingly they just accepted that and waved my ass on in.”

Meanwhile, Laufer, Shannon, and Titus kept refining PegLeg. They swapped the router circuit board for a Raspberry Pi Zero, a small computer about half the size of the device implanted in Lepht. After paring the board down to its bare essentials and adding a wireless power receiver and a network adapter, they shipped it to Tibbetts, who coated the device in a biosafe resin. A few days before DefCon, the annual hacker conference in Las Vegas, the trio assembled at Tibbetts’ house to implant the second version of PegLeg.

Tibbetts went first and inserted the device into his own leg, a procedure that the veteran biohacker described as “a little painful.” Minutes later, Titus connected to Tibbetts’ PegLeg and uploaded a video of the procedure to the device’s internal storage. Shannon then streamed the video of the procedure to a nearby computer using Tibbetts’ PegLeg as the server. Laufer had his PegLeg implanted the next morning. The procedure was successful, but he says he briefly passed out and vomited during the process.

Michael Laufer in Tibbetts' DIY operating room before getting his PegLeg implant.

Nick Titus

There was a third PegLeg made for Titus, but he ultimately decided against it. He says he’s going to wait for a smaller version before he goes under the knife. “I don’t want to be an early adopter,” Titus says. “The idea of having something that large under my skin just doesn’t sound too thrilling to me.”

A few weeks after the procedure, Laufer visited WIRED’s office to demo the device. His thigh was still covered in bruises, but he said it was no longer painful to the touch. When we connected to the PegLeg network, I saw that the future of the internet looks a lot like the past.

The PegLeg serves a barebones interface. When you connect to the server, it displays a short greeting. “Welcome to the first iteration of the next generation of digital communications, where even our bodies are nodes on the decentralized network,” it reads. “Please have fun, chat with people, and feel free to share any files you may like.” When I scrolled down, I found a widget to upload and browse files stored on the implant. Below that was a basic chat room open to anyone connected to the device.

The simple, text-heavy interface reminded me of the bulletin board systems of yesteryear, but with the added strangeness of knowing the network was generated in Laufer’s leg. Laufer and I used his PegLeg to chat (purely for the novelty of it, since we could also just talk), and I downloaded a 1981 issue of Omni magazine stored on his hard drive. This issue features “Johnny Mnemonic,” a short story by William Gibson about a courier who stores other people’s data in his head, which Laufer says had a big influence on him.

“To see technology progress in ways that Gibson predicted with a lot of fidelity is really cool,” Laufer says. “The only thing better is to be the ones bringing it into existence.”

It is a very weird feeling to use a person’s leg as a chat server, especially when it seems superfluous. Plenty of devices perform the same function as the PegLeg, no leg slicing requiring. So why implant the thing at all? It’s a question biohackers get asked a lot. Titus says that in many cases it boils down to exercising bodily autonomy and personal expression—he sees implants as not so different from a tattoo or piercing. But Laufer says his decision was more politically motivated.

To Laufer, mesh networks are a way to undermine the profit-seeking, censorship, and surveillance enabled by centralized internet infrastructure. “The internet is easy to shut down, easy to surveil, and easy to manipulate because of its centralized infrastructure,” Laufer says. With mesh networks, “It becomes free again.”

As long as you’re in close proximity, you can swap files without using a third party like Google or Dropbox to host the file. Internet service providers can’t intervene to censor you. Remove the wireless charger, and the PegLeg network disappears without a trace.

Laufer envisions activists or others with sensitive information using the device to carry data safely across borders. Like the titular hero in “Johnny Mnemonic,” this could turn anyone with a PegLeg into a data mule smuggling encrypted files. There’s no hardware to be confiscated—unless of course law enforcement officers extracted the device from the person’s leg. But can they do that?

There’s scant legal precedent here. Earlier this year, a woman was arrested in Colombia after she was discovered smuggling cocaine between the skin and muscle in her leg. In this case, the drugs were surgically removed. It’s possible the same could be done to someone with a PegLeg implant.

But law enforcement agencies may not even have to remove the device to extract its data. If the police obtain a warrant to search the PegLeg hard drive, all they would have to do is hold a wireless battery near the device and connect to its network. Access to PegLeg’s storage is not password-protected and while this would be an easy modification to make, it would undermine the device’s main purpose: free access to information. It’d be easier to just encrypt a file and let anyone download it.

The legal issues get thorny quickly. Given that anyone can upload files to the PegLeg when it’s turned on and it’s impossible to tell who uploaded a given file, it is easy to claim ignorance of its contents. What happens if illegal materials turn up on a PegLeg, like classified government documents or child porn? Would the person with the implant be protected as a platform under Section 230 of the Communications Decency Act, which doesn’t hold online platforms or internet service providers liable for the content users post on their site? Or would the individual be considered to be in possession of those materials and subject to the relevant punishments?

These uncertainties aren’t stopping Laufer and his collaborators from continuing to develop the device. They are now designing a third generation of the device that would use custom flexible circuit boards to reduce PegLeg to the size of a postage stamp.

Grinders will be the first to admit that bodyhacking is a dangerous pursuit and safety cannot be guaranteed. Tibbetts’ own website makes a point of noting that “in biohacking there are no happy little accidents.” Will we one day find ourselves in a cyberpunk future where turning your body into a mesh node is as common as getting your ears pierced? Maybe, maybe not. But the PegLeg is both literally and figuratively a step in that direction.


More Great WIRED Stories