Slashdot Mirror

← Back to Stories (view on slashdot.org)

Onion Pi — Make a Raspberry Pi Into a Anonymizing Tor Proxy

Posted by Soulskill on from the tasty-and-private dept.

coop0030 writes "Feel like someone is snooping on you? Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project from Adafruit that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi."

19 of 76 comments (clear)

  1. Neat idea. by BitterOak · · Score: 4, Interesting

    I've always thought the Raspberry Pi would be a pontentially much more useful device if it had two Ethernet ports instead of one. It could be a NAT box, Firewall, TOR proxy, or any number of other things. By separating these functions form the computers you're trying to protect, you potentially have a lot more security. Dare I dream there will be a model with two Ethernet ports sometime in the future?

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Neat idea. by ColaMan · · Score: 3, Funny

      Yes, that's right, don't bother about adding a single ethernet port, merely invest in a VLAN-capable switch! You always need another piece of power-hungry overkill hardware when you're using your Pi in a remote location somewhere (or even behind your TV), and you've got money to burn now that you've saved so much money buying a Pi!

      Brilliant! /s

      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
    2. Re:Neat idea. by Anonymous Coward · · Score: 2, Informative

      Um... $50 dollar routers have been done, for a few years now.

      I know. I have one myself. But the cool thing about the Pi is you could run whatever software you like, or even write it yourself, and it would be open source. I'm frequently reading about vulnerabilities showing up in off the shelf routers. With a software solution on a Pi, you could patch and upgrade it yourself. And if it didn't offer the features you wanted, you could add them.

      The cited router, runs Linux, with several distros with prepackaged TOR modules available. See openWrt, DDWrt, Tomato and more. Everything you suggest was done on the WRT54G 5 or more years ago. Raspberry Pi offers nothing new. It is under powered, lacks ports or WiFi, doesn't have established router software support... There is no advantage to using a Pi for a router over the linked router. None.

    3. Re:Neat idea. by gweihir · · Score: 4, Interesting

      The Pi does not have native Ethernet anyways. You can add a second one with an 100Mbps USB2-to-Ethernet adapter without losing much. For native interfaces, an Alix board may be a better choice.

      What irks me more is that the Pi has issues with quite a few USB hubs. In fact I found none that worked well in a stress-test (two memory sticks connected as RAID1, always lost one during re-sync, no matter what sticks I used), and I tried several.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Neat idea. by BitZtream · · Score: 2

      So plug in a USB ethernet adapter and stop your bitching, thats all the onboard on is anyway. Its just connected directly to the onboard hub, the other two ports are exposed.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    5. Re: Neat idea. by swsuehr · · Score: 3, Interesting

      I'm doing exactly this. I have a Pi firewall running with three total ethernet ports (the third is a wifi DMZ). I got another Pi and it's running asterisk for the house with a POTS connection via an Obi110. However, based on the load and RAM usage I could be using a single Pi for both. Speed tests show that the Pi performs the same as the full scale computer that it replaced. Check my blog for more details on the firewall rig. I haven't blogged about the asterisk setup yet. Steve

    6. Re:Neat idea. by BitZtream · · Score: 2

      My ASUS N-66R runs Linux, and the source is available, I do run 'whatever software I like on it' already.

      Its like a Rasp PI except instead of having VideoCore4 it has BadAssSwitchingAsicsNotOnAUSBHub. I'll take 6 usable gigabit ports on asics over 3 crappy nics on USB from a device that requires a perfect power supply or the USB craps out, and takes the networking with it.

      The RaspPi offers absolutely nothing from a router perspective that isn't already available in routers that do all of it better.

      Oh, and adding Tor to my router is probably as simple as using the factory installed web interface to a package manager. I haven't bothered to look for Tor, but seems as likely as all the other stuff they have in there.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. A Anonymizing by mooingyak · · Score: 3, Funny

    Should be "an anonymizing". Not because it's grammatically correct (though it is), but because it's more fun to say.

    --
    William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
  3. Re:You must be by K.+S.+Kyosuke · · Score: 4, Funny

    More like a torrorist, don't you think? And I'm sure The Onion would jump on it.

    --
    Ezekiel 23:20
  4. Danger by Anonymous Coward · · Score: 5, Informative

    Note that routing through Tor can hide your location, but it will not protect unencrypted traffic from eavesdropping and MITM attacks.

    I would caution strongly against indiscriminately running all your traffic trough Tor. In many cases this will increase your chance of being subject to an active or passive attack, as one of the reasons people operate Tor exit nodes is to observe the outgoing traffic, either for research or for more clandestine purposes.

    Preferably only use it for encrypted traffic where you have a way to authenticate the other side. Routing TLS traffic through Tor should be fine for personal use, as long as you take care to never accept self-signed certificates.

  5. Take the warnings seriously! by gweihir · · Score: 4, Informative

    It is really no good using Tor when your application screams to the world who you are. Applications need to be carefully vetted in order to be sure they do not. Better use the Tor browser bundle from a clean system, than this "solution", unless you are really sure you know what you are doing.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Take the warnings seriously! by bill_mcgonigle · · Score: 2

      Don't plug up tor with streaming video - use a VPN provider for that. You need an endpoint IP, not anonymity.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re:Take the warnings seriously! by jones_supa · · Score: 2

      For improved anonymity:

      - Adjust your web browser to not send the user agent (browser name and version), to not send referrer information (from which page you came to the current one) and disable cookies by default
      - Do not use any Google products
      - Opt out from any "customer experience improvement programs" in applications' settings

      Feel free to expand the list...

  6. Why? by Score+Whore · · Score: 2

    Or you could just install tor on your laptop? What does the added complexity of using a weak arm based linux box to proxy for you bring?

    Additionally what's the use case for this? Where are you plugging in ethernet so your rapi can be your access point?

  7. So, you discovered apt-get? by BitZtream · · Score: 2

    You've been able to do this since Raspian was released ... probably before then and in other releases for the pi as well.

    https://www.torproject.org/docs/debian

    Why exactly does anyone care that adafruit posted something about using pre-packaged software from probably close to 2 years ago?

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  8. Re:Cause... by fuzzyfuzzyfungus · · Score: 2

    Cause using TOR wasn't slow enough already, we'll put it on under-performing hardware.

    Unless you have an atypically-nice-by-American-standards connection to play with, an rPI is luxury. Doesn't mean that onion routed connections aren't always going to be much higher latency(and, in practice, slowed by their dependence on donor bandwidth); but Tor at low speeds(especially one that is basically just serving you, not terminating a whole lot of TLS connections) isn't very demanding.

  9. Re:Onion Pi ... should've called it... by c0lo · · Score: 2

    Pitor and the snow dog :D

    Nah... doesn't strike any chord. With an Onion Pi, I could cry a river.

    --
    Questions raise, answers kill. Raise questions to stay alive.
  10. FreedomBox by rea1l1 · · Score: 2, Interesting

    Check this out

    http://freedomboxfoundation.org/

    p2p mesh based on %100 open source software and hardware

  11. Re:Funny by SteveFoerster · · Score: 2

    Good luck to them if they think that helps. Me, I'm pretty sure I've been on their enemies list for years.

    --
    Space game using normal deck of cards: http://BattleCards.org