Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Onion Pi — Make a Raspberry Pi Into a Anonymizing Tor Proxy

Comments Filter:
  • Neat idea. (Score:5, Interesting)

    by BitterOak (537666) on Friday June 14, 2013 @06:43PM (#44012023)
    I've always thought the Raspberry Pi would be a pontentially much more useful device if it had two Ethernet ports instead of one. It could be a NAT box, Firewall, TOR proxy, or any number of other things. By separating these functions form the computers you're trying to protect, you potentially have a lot more security. Dare I dream there will be a model with two Ethernet ports sometime in the future?
    • by ZerXes (1986108)
      I don't really see the need, any switch capable of Dot1q will solve the problem for you anyhow...
      • by ColaMan (37550) on Friday June 14, 2013 @06:54PM (#44012073) Homepage Journal

        Yes, that's right, don't bother about adding a single ethernet port, merely invest in a VLAN-capable switch! You always need another piece of power-hungry overkill hardware when you're using your Pi in a remote location somewhere (or even behind your TV), and you've got money to burn now that you've saved so much money buying a Pi!

        Brilliant! /s

        • 2 Watts? For the Pi, power hungry? Also, why does it need 2 net connections to perform as your and others' Tor node?
        • by BitZtream (692029)

          So plug in a USB ethernet adapter and stop your bitching, thats all the onboard on is anyway. Its just connected directly to the onboard hub, the other two ports are exposed.

        • by Anonymous Coward
          The whole point of the Raspberry Pi is to be a power-hungry hardware overkill solution to trivial problems. Since when do people care about hardware overkill when it takes 8GB and a 4GHz CPU to run a spreadsheet?
    • Re:Neat idea. (Score:5, Interesting)

      by gweihir (88907) on Friday June 14, 2013 @07:30PM (#44012269)

      The Pi does not have native Ethernet anyways. You can add a second one with an 100Mbps USB2-to-Ethernet adapter without losing much. For native interfaces, an Alix board may be a better choice.

      What irks me more is that the Pi has issues with quite a few USB hubs. In fact I found none that worked well in a stress-test (two memory sticks connected as RAID1, always lost one during re-sync, no matter what sticks I used), and I tried several.

      • It's a bit sad that the Pi won't run off a standard powered usb hub (for the micro-usb power), while, running devices off that hub... Only complaint.
        • by drinkypoo (153816)

          If you're trying to say that you can't power a hub from a wall-wart, plug the hub into the Pi as a hub, and then also run a power cable from the hub to the Pi, then you're wrong. I've done it with one of those world's-cheapest four-port USB2 hubs that has the molded foot-long pigtail and the really square transparent case. I'm not doing it now — a $5-6 boost-buck DC-DC converter found on eBay will let you run your Pi on practically anything that will deliver enough current.

          • I've done it with one of those world's-cheapest four-port USB2 hubs that has the molded foot-long pigtail and the really square transparent case.

            And I'm doing it now with this hub [amazon.com] which was recommended for RPi noobs when I bought mine.

            It does pain me to run a hub that's nearly as expensive as the computer, but I was going for the zero-frustration approach. "World's cheapest" does appeal to the low-cost solutions driver in me, though - got a link?

            • by drinkypoo (153816)

              Well, this is one of those "Made in China" brand jobs. It's got all the right logos except a brand name. I think I may have bought it new though, so it's possible it's in my purchase history on DX or eBay, heh heh. But neither one of them makes it easy to find out.

              Tell you what, I'll use my trusty cellphonecam to take a photo of each side of this wonder and see what we get. I'll use fake HDR because I'm too lazy to walk outside where the light is, so that you'll at least get a useful impression...

              here ya go [hyperlogos.org]

      • by drinkypoo (153816)

        What irks me more is that the Pi has issues with quite a few USB hubs.

        Have you performed any of the modifications intended to address the issues with USB power delivery? Sure, it shouldn't matter if you're using a powered hub, but have you tried?

        The big problem with the Pi is that its USB is defective, and everything hangs off the USB. Great plan. Better buy a Cubieboard or the new Beaglebone. Hopefully Canonical will fulfill their promise of Mir supporting arbitrary Android video drivers, and then those who don't need GPIO (perhaps choosing to hang an Arduino or similar off

        • by gweihir (88907)

          It is not a power-issue I have. It is a hub-driver issue where devices vanish. It looked like power problems or a while, but then I tried to nail them down with a digital oscilloscope, and it is definitely _not_ a power issue. To be sure, I added additional buffer caps in the overkill range, no effect at all. The USB hub drivers just suck. Incidentally, without the hub in between, the USB sticks just work.

          I expect this will get fixed eventually, bit at this time it has not been. One problem is that many USB

          • I expect this will get fixed eventually

            Like the GP said, USB on the RPi is defective. There's an infamous lkml post outlining the problems.

            The SD slot is defective too - a tremendous number of stories are out there about SD corruption. Too bad it's the only possible boot device.

            oh, and the h.264 decoder is defective too. Blocking artifacts, GPU lockups.

            People tell me the Beaglebone Black is what the RPi was supposed to be.

            • I have two Pi's and they are flaky as hell, in all the arenas you mention. It's such a shame. Is there any indication that they're going to revise future models to fix any of these problems?
            • by gweihir (88907)

              Well, when I dug into the I/O lines, I already had the impression that the people designing the Pi are not really good as hardware designers. For example, I am pretty sure now the I/O lines are 5V tolerant when used as inputs. And while the information is easily available in the confidential datasheet, nothing has been published by the Pi team. This indicates a fundamental non-understanding of what is important and what is not.

              So far I have not had issues with the SD slot, fortunately. Maybe people are usin

              • So far I have not had issues with the SD slot, fortunately. Maybe people are using it wrong?

                nor have I, but from what I read, some really competent people do, so I'm figuring it's a matter of time. I saw reports of "fine for two months and then corruption". I'm looking to try PXE booting them next, to minimize writes.

                Apparently the SD card write timings are out of spec, and some SD cards are tolerant of this and some aren't. I suppose with a tolerant enough card one might never encounter a problem.

                • by gweihir (88907)

                  If the timings are out of spec, that means transmission problems. The cards have controllers, but AFAIK no CRC on commands and data transmitted. That may cause corruption when temperature is shifting timing parameters, either on the card or on the Pi. OTOH, this is an SPI bus with 4 instead of one data lines. It is really hard to get the timing wrong. Basically, you can only transmit data on the wrong flank, which could result in a flaky interface, but doing so is really, really stupid. The other thing you

                  • The other thing you can to is set the clock too high

                    From what I've read, overclocking is a sure way to find a corrupt SD, so you might be onto something there. Some have said that the UK units are more reliable when they have both UK and Chinese units side-by-side. I don't know if that's true.

                    and then run it 20% or so slower to get a safety margin

                    and if you forgot to factor in the 20%? Just a hunch.

                    After all, digital cameras, smartphones, MP3 players, etc. all get it right.

                    Exactly, which makes this so fr

                    • by gweihir (88907)

                      You are perfectly right, this _is_ a solved problem, apparently just not to the Pi team. Lets hope somebody that knows how to do this right will solve it for them in the near future.

    • No reason they can't make a revision C, unless competition from BeagleBox cripples them?
      br Can we keep the Brit's in charge and userfriendly culture, and get some teamwork you two?
  • It seems to me that on this kind of topic, since the NSA scandal, the percentage of anonymous posters has seen a sudden and major increase.
    • Good luck to them if they think that helps. Me, I'm pretty sure I've been on their enemies list for years.

      • by vilanye (1906708)
        Paranoia and delusions of grandeur is a scary combination.

        Seek help.
        • Well, you get points for snarkiness, but you should have a few beers with me before you decide it's either paranoia or a delusion of grandeur. I don't think I'm important, if that's what you mean, but I used to do moneypunk stuff (like Bitcoin, except with gold and it was twelve years ago) and a number of people I worked with in that time have been imprisoned. Besides, I expect their watchlist is long, that the threshold for being on it is low, and that being on it doesn't lead to immediate obvious conseq

  • by mooingyak (720677) on Friday June 14, 2013 @07:00PM (#44012103)

    Should be "an anonymizing". Not because it's grammatically correct (though it is), but because it's more fun to say.

  • Danger (Score:5, Informative)

    by Anonymous Coward on Friday June 14, 2013 @07:13PM (#44012177)

    Note that routing through Tor can hide your location, but it will not protect unencrypted traffic from eavesdropping and MITM attacks.

    I would caution strongly against indiscriminately running all your traffic trough Tor. In many cases this will increase your chance of being subject to an active or passive attack, as one of the reasons people operate Tor exit nodes is to observe the outgoing traffic, either for research or for more clandestine purposes.

    Preferably only use it for encrypted traffic where you have a way to authenticate the other side. Routing TLS traffic through Tor should be fine for personal use, as long as you take care to never accept self-signed certificates.

  • by gweihir (88907) on Friday June 14, 2013 @07:23PM (#44012237)

    It is really no good using Tor when your application screams to the world who you are. Applications need to be carefully vetted in order to be sure they do not. Better use the Tor browser bundle from a clean system, than this "solution", unless you are really sure you know what you are doing.

    • For improved anonymity:

      - Adjust your web browser to not send the user agent (browser name and version), to not send referrer information (from which page you came to the current one) and disable cookies by default
      - Do not use any Google products
      - Opt out from any "customer experience improvement programs" in applications' settings

      Feel free to expand the list...

    • Better use the Tor browser bundle from a clean system, ...unless you are really sure you know what you are doing.

      A clean system on your own system is available for free by dropping in this [boum.org] and re-booting. It's what I use to introduce people to TOR.

  • by Score Whore (32328) on Friday June 14, 2013 @07:27PM (#44012259)

    Or you could just install tor on your laptop? What does the added complexity of using a weak arm based linux box to proxy for you bring?

    Additionally what's the use case for this? Where are you plugging in ethernet so your rapi can be your access point?

    • Or you could just install tor on your laptop?

      You could. But this wraps the Tor functionality nicely inside your networking equipment. It's a matter of taste really.

  • You've been able to do this since Raspian was released ... probably before then and in other releases for the pi as well.

    https://www.torproject.org/docs/debian [torproject.org]

    Why exactly does anyone care that adafruit posted something about using pre-packaged software from probably close to 2 years ago?

  • FreedomBox (Score:2, Interesting)

    by rea1l1 (903073)

    Check this out

    http://freedomboxfoundation.org/ [freedomboxfoundation.org]

    p2p mesh based on %100 open source software and hardware

My idea of roughing it turning the air conditioner too low.

Working...