Onion Pi — Make a Raspberry Pi Into a Anonymizing Tor Proxy 76
coop0030 writes "Feel like someone is snooping on you? Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project from Adafruit that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi."
Re:You must be (Score:5, Funny)
Who's fucking (Score:1)
"LadyAda" over at Slashdot, her company has been getting a lot of free advertisement lately.
Re: (Score:3)
Cause using TOR wasn't slow enough already, we'll put it on under-performing hardware.
Unless you have an atypically-nice-by-American-standards connection to play with, an rPI is luxury. Doesn't mean that onion routed connections aren't always going to be much higher latency(and, in practice, slowed by their dependence on donor bandwidth); but Tor at low speeds(especially one that is basically just serving you, not terminating a whole lot of TLS connections) isn't very demanding.
Neat idea. (Score:5, Interesting)
Re: (Score:1)
Re:Neat idea. (Score:4, Funny)
Yes, that's right, don't bother about adding a single ethernet port, merely invest in a VLAN-capable switch! You always need another piece of power-hungry overkill hardware when you're using your Pi in a remote location somewhere (or even behind your TV), and you've got money to burn now that you've saved so much money buying a Pi!
Brilliant! /s
Re: (Score:2)
Re: (Score:2)
So plug in a USB ethernet adapter and stop your bitching, thats all the onboard on is anyway. Its just connected directly to the onboard hub, the other two ports are exposed.
Re: (Score:1)
Re: (Score:2)
Um... $50 dollar routers [amazon.com] have been done, for a few years now.
I know. I have one myself. But the cool thing about the Pi is you could run whatever software you like, or even write it yourself, and it would be open source. I'm frequently reading about vulnerabilities showing up in off the shelf routers. With a software solution on a Pi, you could patch and upgrade it yourself. And if it didn't offer the features you wanted, you could add them.
Re: (Score:2, Informative)
Um... $50 dollar routers [amazon.com] have been done, for a few years now.
I know. I have one myself. But the cool thing about the Pi is you could run whatever software you like, or even write it yourself, and it would be open source. I'm frequently reading about vulnerabilities showing up in off the shelf routers. With a software solution on a Pi, you could patch and upgrade it yourself. And if it didn't offer the features you wanted, you could add them.
The cited router, runs Linux, with several distros with prepackaged TOR modules available. See openWrt, DDWrt, Tomato and more. Everything you suggest was done on the WRT54G 5 or more years ago. Raspberry Pi offers nothing new. It is under powered, lacks ports or WiFi, doesn't have established router software support... There is no advantage to using a Pi for a router over the linked router. None.
Re: (Score:2)
i highly doubt it doing tor off the shelf.
but fun fact, cheapo home routers were used for some of the stuff raspberry is now used for.. for years. some had gpio hacks too.
Re: (Score:2)
My ASUS N-66R runs Linux, and the source is available, I do run 'whatever software I like on it' already.
Its like a Rasp PI except instead of having VideoCore4 it has BadAssSwitchingAsicsNotOnAUSBHub. I'll take 6 usable gigabit ports on asics over 3 crappy nics on USB from a device that requires a perfect power supply or the USB craps out, and takes the networking with it.
The RaspPi offers absolutely nothing from a router perspective that isn't already available in routers that do all of it better.
Oh, and
Re: Neat idea. (Score:1)
Re: Neat idea. (Score:4, Interesting)
Re: (Score:1)
Re:Neat idea. (Score:5, Interesting)
The Pi does not have native Ethernet anyways. You can add a second one with an 100Mbps USB2-to-Ethernet adapter without losing much. For native interfaces, an Alix board may be a better choice.
What irks me more is that the Pi has issues with quite a few USB hubs. In fact I found none that worked well in a stress-test (two memory sticks connected as RAID1, always lost one during re-sync, no matter what sticks I used), and I tried several.
Re: (Score:2)
Re: (Score:2)
If you're trying to say that you can't power a hub from a wall-wart, plug the hub into the Pi as a hub, and then also run a power cable from the hub to the Pi, then you're wrong. I've done it with one of those world's-cheapest four-port USB2 hubs that has the molded foot-long pigtail and the really square transparent case. I'm not doing it now — a $5-6 boost-buck DC-DC converter found on eBay will let you run your Pi on practically anything that will deliver enough current.
Re: (Score:2)
I've done it with one of those world's-cheapest four-port USB2 hubs that has the molded foot-long pigtail and the really square transparent case.
And I'm doing it now with this hub [amazon.com] which was recommended for RPi noobs when I bought mine.
It does pain me to run a hub that's nearly as expensive as the computer, but I was going for the zero-frustration approach. "World's cheapest" does appeal to the low-cost solutions driver in me, though - got a link?
Re: (Score:1)
Well, this is one of those "Made in China" brand jobs. It's got all the right logos except a brand name. I think I may have bought it new though, so it's possible it's in my purchase history on DX or eBay, heh heh. But neither one of them makes it easy to find out.
Tell you what, I'll use my trusty cellphonecam to take a photo of each side of this wonder and see what we get. I'll use fake HDR because I'm too lazy to walk outside where the light is, so that you'll at least get a useful impression...
here ya go [hyperlogos.org]
Re: (Score:2)
thanks, I'll check my preferred provider of cheap Chinese electronics.
Re: (Score:2)
What irks me more is that the Pi has issues with quite a few USB hubs.
Have you performed any of the modifications intended to address the issues with USB power delivery? Sure, it shouldn't matter if you're using a powered hub, but have you tried?
The big problem with the Pi is that its USB is defective, and everything hangs off the USB. Great plan. Better buy a Cubieboard or the new Beaglebone. Hopefully Canonical will fulfill their promise of Mir supporting arbitrary Android video drivers, and then those who don't need GPIO (perhaps choosing to hang an Arduino or similar off
Re: (Score:2)
It is not a power-issue I have. It is a hub-driver issue where devices vanish. It looked like power problems or a while, but then I tried to nail them down with a digital oscilloscope, and it is definitely _not_ a power issue. To be sure, I added additional buffer caps in the overkill range, no effect at all. The USB hub drivers just suck. Incidentally, without the hub in between, the USB sticks just work.
I expect this will get fixed eventually, bit at this time it has not been. One problem is that many USB
Re: (Score:2)
I expect this will get fixed eventually
Like the GP said, USB on the RPi is defective. There's an infamous lkml post outlining the problems.
The SD slot is defective too - a tremendous number of stories are out there about SD corruption. Too bad it's the only possible boot device.
oh, and the h.264 decoder is defective too. Blocking artifacts, GPU lockups.
People tell me the Beaglebone Black is what the RPi was supposed to be.
Re: (Score:2)
Re: (Score:2)
Well, when I dug into the I/O lines, I already had the impression that the people designing the Pi are not really good as hardware designers. For example, I am pretty sure now the I/O lines are 5V tolerant when used as inputs. And while the information is easily available in the confidential datasheet, nothing has been published by the Pi team. This indicates a fundamental non-understanding of what is important and what is not.
So far I have not had issues with the SD slot, fortunately. Maybe people are usin
Re: (Score:2)
So far I have not had issues with the SD slot, fortunately. Maybe people are using it wrong?
nor have I, but from what I read, some really competent people do, so I'm figuring it's a matter of time. I saw reports of "fine for two months and then corruption". I'm looking to try PXE booting them next, to minimize writes.
Apparently the SD card write timings are out of spec, and some SD cards are tolerant of this and some aren't. I suppose with a tolerant enough card one might never encounter a problem.
Re: (Score:2)
If the timings are out of spec, that means transmission problems. The cards have controllers, but AFAIK no CRC on commands and data transmitted. That may cause corruption when temperature is shifting timing parameters, either on the card or on the Pi. OTOH, this is an SPI bus with 4 instead of one data lines. It is really hard to get the timing wrong. Basically, you can only transmit data on the wrong flank, which could result in a flaky interface, but doing so is really, really stupid. The other thing you
Re: (Score:2)
The other thing you can to is set the clock too high
From what I've read, overclocking is a sure way to find a corrupt SD, so you might be onto something there. Some have said that the UK units are more reliable when they have both UK and Chinese units side-by-side. I don't know if that's true.
and then run it 20% or so slower to get a safety margin
and if you forgot to factor in the 20%? Just a hunch.
After all, digital cameras, smartphones, MP3 players, etc. all get it right.
Exactly, which makes this so fr
Re: (Score:2)
You are perfectly right, this _is_ a solved problem, apparently just not to the Pi team. Lets hope somebody that knows how to do this right will solve it for them in the near future.
Re: (Score:2)
br Can we keep the Brit's in charge and userfriendly culture, and get some teamwork you two?
Funny (Score:2)
Re: (Score:3)
Good luck to them if they think that helps. Me, I'm pretty sure I've been on their enemies list for years.
Re: (Score:1)
Seek help.
Re: (Score:2)
Well, you get points for snarkiness, but you should have a few beers with me before you decide it's either paranoia or a delusion of grandeur. I don't think I'm important, if that's what you mean, but I used to do moneypunk stuff (like Bitcoin, except with gold and it was twelve years ago) and a number of people I worked with in that time have been imprisoned. Besides, I expect their watchlist is long, that the threshold for being on it is low, and that being on it doesn't lead to immediate obvious conseq
A Anonymizing (Score:4, Funny)
Should be "an anonymizing". Not because it's grammatically correct (though it is), but because it's more fun to say.
Re: (Score:1)
Hey, you're right. It was fun to say an "an anonymizing".
Wait. WHOAAAAAAA!
Danger (Score:5, Informative)
Note that routing through Tor can hide your location, but it will not protect unencrypted traffic from eavesdropping and MITM attacks.
I would caution strongly against indiscriminately running all your traffic trough Tor. In many cases this will increase your chance of being subject to an active or passive attack, as one of the reasons people operate Tor exit nodes is to observe the outgoing traffic, either for research or for more clandestine purposes.
Preferably only use it for encrypted traffic where you have a way to authenticate the other side. Routing TLS traffic through Tor should be fine for personal use, as long as you take care to never accept self-signed certificates.
Re: (Score:2)
Oh, your browser has the .mil CAs removed?
Take the warnings seriously! (Score:5, Informative)
It is really no good using Tor when your application screams to the world who you are. Applications need to be carefully vetted in order to be sure they do not. Better use the Tor browser bundle from a clean system, than this "solution", unless you are really sure you know what you are doing.
Re: (Score:3)
Don't plug up tor with streaming video - use a VPN provider for that. You need an endpoint IP, not anonymity.
Re: (Score:3)
For improved anonymity:
- Adjust your web browser to not send the user agent (browser name and version), to not send referrer information (from which page you came to the current one) and disable cookies by default
- Do not use any Google products
- Opt out from any "customer experience improvement programs" in applications' settings
Feel free to expand the list...
Re: (Score:2)
A clean system on your own system is available for free by dropping in this [boum.org] and re-booting. It's what I use to introduce people to TOR.
Why? (Score:3)
Or you could just install tor on your laptop? What does the added complexity of using a weak arm based linux box to proxy for you bring?
Additionally what's the use case for this? Where are you plugging in ethernet so your rapi can be your access point?
Re: (Score:2)
Or you could just install tor on your laptop?
You could. But this wraps the Tor functionality nicely inside your networking equipment. It's a matter of taste really.
So, you discovered apt-get? (Score:2)
You've been able to do this since Raspian was released ... probably before then and in other releases for the pi as well.
https://www.torproject.org/docs/debian [torproject.org]
Why exactly does anyone care that adafruit posted something about using pre-packaged software from probably close to 2 years ago?
Re: (Score:3)
Pitor and the snow dog :D
Nah... doesn't strike any chord. With an Onion Pi, I could cry a river.
FreedomBox (Score:2, Interesting)
Check this out
http://freedomboxfoundation.org/ [freedomboxfoundation.org]
p2p mesh based on %100 open source software and hardware
Re: (Score:2)
No problem, I just asked my Jewish friends to knock it off and they said they were sorry and would stop enslaving us all.
Re: (Score:2)
Why do Americans keep writing 'an' instead of 'a', and 'a' instead of 'an'? It isn't rocket science.
As you brought the issue up, I actually have an additional grammar question that's been bugging me for a while. If I use some abbreviation in my sentence, such as "ADSL" or "GPU", does this change rules whether I should use "a" or "an" before it? Because I think I have seen "an" being used often despite the following abbreviation beginning with a consonant.