Onion Pi: Foil the NSA and Prism with a Tor proxy
Some housekeeping first. As you can see, I’m upright and typing again. Turned out that I had a really unusually nasty dose of ‘flu. It started as what I thought was a bad cold, but kept getting worse, until it got to a point when I couldn’t get my head off the pillow and thought I was dying. Then it got even worse, and I started wishing I was dying.
I’m much improved, but still a little wobbly. Doing anything (walking up the stairs, watering the garden) still leaves me feeling like I’ve just run a marathon, so I’ll be taking things slowly for a few days. On that note, if you want to email me this week, it’d be great if you could wait until next week if your mail isn’t blindingly urgent: I’ve got a backlog of hundreds and hundreds of mails to work through at the moment because I haven’t been able to check them while I’ve been off, and it’s going to take me a while to get through them all.
I’ll be working on a post about what we got up to with the amazing Pi community in Japan for later in the week, but for now, here’s something topical.
Our good friends at Adafruit have been working on a Tor proxy box based around a Pi, which directs your internet traffic through the Tor routing service. Every network packet you send is encrypted and decrypted multiple times, and each time this happens the packet is sent through a number of relays (like onion skins: Tor stands for The Onion Router), picked at random from the thousands that make up the Tor network, before reaching its intended destination. This makes it very hard for anyone to analyse your data to find out who you are, or where you are.
Tor routing is for anyone interested in confidentiality, internet freedom and privacy. It’s of enormous use for those who need to work on confidential business, or for those in places where internet traffic is monitored by governments or other bodies. It’s used to search for forbidden material like birth control, dissenting political voices or religious debate in places where a country is behind a firewall and traffic is strictly controlled (there are many users in mainland China); in the western world it’s used by many to protect personal data from marketers, and by those who worry their data is being snooped on. Activists and whistleblowers, for whom anonymity is important, use Tor. A healthy paranoia about your internet traffic is a good thing: just because you’ve got nothing to hide doesn’t mean that you’ve got nothing to fear. I would hate to be labelled a terrorist just because I express an interest in pressure cookers and book a lot of aeroplane tickets.
You can, of course, run a Tor proxy on any machine, but the particularly nice thing about Adafruit’s Onion Pi is its portability. This means that you’re not restricted to using it in one place; you can set it up in front of the router (it behaves as a WiFi hotspot) in the office you’re working from, in your hotel room or at your Mum’s house, connect to it from your phone or computer, and your IP address will be anonymised.
Be aware that using Tor will slow your browsing down (the packets of data are travelling by a longer and less direct route than you’re used to), and that it’s not a total guarantee of anonymity.
Adafruit have made a very easy to follow tutorial on making your own Onion Pi. You may well have all the parts you need (the only piece of kit I don’t already have kicking around the house is a WiFi adapter) at home; if you don’t, you can buy a box with everything you’ll need in it from them. A portion of every sale goes to the Tor Foundation.
65 comments
Dave Driesen
Welcome back Liz!
Maxime
nice to see you back, and even better with very interesting news !
Akkiesoft
Welcome back Liz-san!
I am looking forward to the topics of the new Raspberry Pi!
(☝ ՞ਊ ՞)☝
liz
Thanks Akkie!
matt
Can i order one lol. And what kinda of price range are we talking if try to make it myself
Owen
Yes, you can actually. Follow her link, and you will see a kit for $94.95 on the right hand side of the page.
Dave Akerman
Glad to hear you’re feeling much better!
Paultnl
Welcome back. Don’t take on too much too soon.
putz
Very happy you’re back. Best wishes on your continued recovery.
Anonymous
Welcome back Liz! Hope you start feeling better soon.
don isenstadt
Liz,
great to see you are back at it! You were missed!
liz
Thank you – I missed you lot too!
Jim Manley
To paraphrase the mission controller in Houston after Apollo 11 touched down on the surface of the Moon safely and there was a brief silence as the astronauts completed their post-landing checklist to shut down the rocket motor, etc., “You’ve got a bunch of gals and guys about to turn blue here. We’re breathing again. Thanks a lot. … Be advised there’s lots of smiling faces in this room, and all over the world.” We’re sooooo glad to hear you are still among us and actually on the mend (not that we didn’t believe Eben … but he was just being so stoically silent – guys, what can you do about us? ;) ).
The Onion Pi is very clever, and now that everyone else knows what the NSA does for a living, Tor technology might be of interest to a few more people. The inside joke motto of the NSA is “In God We Trust – All Others We Monitor.” OK, so it’s not a funny joke, but when one is hunting terrorists all day and night, gallows humor is the best one can do.
Continue to improve and we will wait until you’re fully back in battery before we resume our normal level of chit-chat with you. Take good care! <3
liz
I’m also very glad to be back! I do not like not working. It doesn’t suit me.
Stewart Watkiss
Good to see you are back – we’ve been missing our daily dose of Raspberry Pi goodness.
Take it easy, hope you are fully recovered soon.
Alex Eames (RasPi.TV)
Welcome back :)
Hove
Delighted to see you back Liz, we were starting to get worried (and bored with no new exciting news!)
liz
I promise you I was more bored. There is nothing quite like being forced to lie in a darkened room all day to get you really busy contemplating your navel.
Dutch_Master
You’re supposed to lay flat, not curled up staring at your belly button Liz… :-P
Sorry, red hat, straight jacket -> door ;-)
Anyway, another tasty recipe from the good folk at Adafruit. Unfortunately I don’t use WiFi at home (my network is cabled, no eavesdropping here ;-)) so it has only “limited use”… Hmmm, would the RPi Foundation consider sponsoring those who need it, if sufficient external finance is brought in (I wouldn’t mind sponsoring a unit and I’m sure I wouldn’t be the only one) Thinking about it, there’s probably already a charity doing the very thing… (Hint! ;-))
aygun
Welcome back Liz ! Don’t push your body limit. Just rest . Trust me that I know verywell because for one week I was also very worst with somekind of flu . I dontknow what kind thatwas but for one week I was in bed.
Also I have an cardiac condition named HCM – Hipertrophyc CardioMiopathy . That’s why I was thinkinging that I will die from this damn “flu” or whatever it was . Get well Liz !
meltwater
Glad to hear you are recovering. Make sure you task Eben to make you some tea (on pain of sending my 6-year around to quiz him on ponies and princesses).
MuddyDogs
Glad your back on your keyboard, Liz :-)
Of course if I was being really paranoid I might wonder if “Them” are going to track the orders of the TOR Proxy kit from Adafruit – anyone ordering must clearly be a terrorist ;-)
john horton
So glad your feeling better, welcome back. WE MISSED YOU.
We were promised robots
Tor isn’t as secure as advertised. Tor is not a one stop solution to prevent people from tracking you or intercepting your communications. There’s nothing to stop any government providing exit nodes. Read the wiki page for more info. (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29).
We were promised robots
Also, it turns out this is enough to get you targetd BY the NSA rather than escape them:
http://yro.slashdot.org/story/13/06/21/1443204/use-tor-get-targeted-by-the-nsa
W. H. Heydt
Hurray! Liz is back!
Take it easy and get “back in harness” slowly. Stop frequently for tea.
liz
You know me, Hal – I’ve been chain-drinking coffee since I got up this morning. It is a great day when my instinct is to reach for the coffee can rather than the Lemsip.
The Raspberry Pi Guy
Welcome back Liz! I’m overjoyed that you’re well (mostly!) again!
I have missed your daily posts! ;-)
The Raspberry Pi Guy
Tom Musgreaves
Welcome back, I have to say you must be one of the most missed people on the net from reading the comments.
padapa
Liz,
If you were in a hotel … make sure you didn’t get either pneumonia or worse … Legionnaires disease. I caught the later and your symptoms sounded a bit like it. If the symptoms come roaring back, be careful and check out Barlean’s Olive Leaf Extract, on top of what the Dr.s may give you. Best wishes for a full/quick recovery. Don’t push it too quickly, or you will relapse.
padapa :)
Ken MacIver
Yup; My missus had a bad cough that turned into pneumonia. ( Eben the Novel symptoms were shallow rapid breathing awake or asleep, and mild confusion caused by the hypoxia.)
4 Days in Hospital + supplemenal Oxygen + drip fed antibios.put her right + a few weeks recouping..
Craig
Does this setup negotiate separate Tor circuits for each user/connection? Its important to remember than any traffic that can be associated with you can spoil the anonymity of your circuit. Login to any account thats they have already associated with you, or run some application with send out your IP (like almost all bit torrent apps!), and Tor is basically defeated (well, reduced to a proxy). Even exhibiting a behavior pattern (say going to a list of sites you tend to visit that time of day) can blow the anonymity.
Just dumping multiple people behind Tor and expecting it to help sounds very nieve.
That said, I’m a fan of Tor. It is awesome, and as long as this is coming with proper documentation and configuration, it should be great. It would make a great low power hidden service host.
Jim Manley
In a way, the Pi’s limited CPU power relative to laptop and desktop systems typically sold today makes it more useful as a single-purpose system dedicated to Tor-ing. Anyone bit-torrenting, warez-shopping, or otherwise dropping their pants on-line can’t expect Tor or anything else to save their bacon. If you can only perform limited browsing and other lightweight functions on a low-performance system such as the Pi, you’re less likely to be able to do stupid things.
That means that if one is going to use a Pi as a Tor router, they should only connect other Pi’s (or similar low-performance systems) to it as clients, not higher-performing systems on which one would be tempted to be running all sorts of potentially risky applications and services, especially platforms where the OS and software that runs on them are sieves, security-wise. Evolution tends to eliminate those who don’t understand how to properly use technology, and unfortunately, it doesn’t discriminate between dissidents, whistleblowers, and other people with a valid reason for anonymity; and true criminals, oppressors, and other morally illegitimate entities.
CodeTech
Agreed.
I operate a high speed server based in a datacenter in the US. Any packets that have come through Tor are immediately discarded. I suspect a lot of sites are starting to do the same. My business could be severely harmed by an anonymous poster doing bad things, so Tor and other anonymity proxies are not allowed.
Marc
Interesting!
David Guest
Whew!!!! Welcome back and take it slowly….
mike petrie
I’m glad to hear that you’re back on your feet!
Tom
Welcome back, Liz! My dear wife is going through a similar course, and we’re hoping to get her well enough to drag her to Colorado. Maybe the mountain air will help?
Dan
Sounds more like a plan to bring the tor network to it’s knees by flooding it with traffic from paranoid kids who really have little to hide or fear, meanwhile there are people, trying to do good in locations where their actions could get them killed, who need the tor network to not be congested.
stubright
I was under the impression that the Tor network was a bit like P2P, the more people using it the better it runs.
A dude
You were under the wrong impression.
stubright
Thank you for your insightful and informative comment.
To quote the Tor Project website
“The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the faster the Tor network will be. If you have at least 50 kilobytes/s each way, please help out Tor by configuring your Tor to be a relay too”
So, I was under the right impression.
Van Helsing
“The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the faster the Tor network will be. If you have at least 50 kilobytes/s each way, please help out Tor by configuring your Tor to be a relay too”
Tor isn’t configured as a relay by default.
Which means that unless the new users configure to be relays, the network will get slower.
So, you’re still under the wrong impression.
jp
An interesting factoid about the TOR project: it is 80% funded by … the US government. Yes, you heard that right. :)
We should cherish a government that protects us from themselves right? :p
Marc
Interesting that the US govt would fund a project promoting anonymity while in fact they are tracking all “anonymous” packets through their own TOR high speed server. Looks like a gift horse, said the Trojans, let us bring it into the city.
Trevor
Well, if it makes you feel better, it was the military that funded it, not the NSA…
But yes. It’s highly useful for preventing people between you and your destination from reading your data, but if you really want your communications to be safe, encrypt and decrypt them at the start and end points. Or bypass the NSA entirely and have a face-to-face meeting in the woods or something.
qwerty
Welcome back! Glad to hear you’re getting a lot better, just don’t take too much on until you get fully better!
Puce
Welcome back Liz !
Nathanael Smith
Living in the UK I find it hard to think why I would need to use TOR.
If I lived in China I could find a use for it.
I hate to say this but the only people in the UK who I could think might need TOR are Julian Assange, paedophiles, drug dealers and terrorists.
On balance in the UK I fear it is a tool for evil dooers.
Sorry if thats not ‘right on’. Am I wrong?
Richard Mullens
You are wrong.
Recent disclosures suggest that the government is monitoring our conversations and that the US is involved in industrial espionage.
Fiarosh
Where does one get that cool case for a Pi like in that pic?? :)
Pygar
Adaguess, Adafruit?
MAJ
Glad you’re back Liz
Paolo
Warning!
you say “Every network packet”…but TOR doesn’t support UDP packets (…for example nmap use them).
John Doe
Does this work for RasPis connected with wired ethernet as well?
liz
Yes: it’s *for* Pis connected with wired Ethernet.
John Doe
I mean can I direct traffic through the Pi if it’s connected to wired ethernet only?
Like a wired access point e.g. Laptop->Router->Pi->Router->Internet
Tetty
WELCOME BACK
James Gandolfini
im just reading
GCHQ taps fibre-optic cables for secret access to world’s communications
it seems more foil ing is needed
hXXp://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa
Greg_E
Saddly, all the nice people at Adafruit have probably now been added to a watch list, and probably so have every person that read or commented on this post. I also predict an increase in the use of open source PGP, maybe something that can be worked into the Pi in the future and maybe run on the GPU so it can have “real time” encryption and decryption capabilities.
Welcome to 1984, guess it took a little longer to get here.
We were promised robots
All of the above get you targeted by the NSA:
http://yro.slashdot.org/story/13/06/21/1443204/use-tor-get-targeted-by-the-nsa
Trevor
Checking out certain books from the library gets you flagged, too (see: PATRIOT Act). My local library hands out fliers about it.
Richard Mullens
Is it possible that the Raspberry Pi has a back door entrance implemented by Broadcom at the insistence of the NSA ?
Viktor
if this ‘ll be used by a user who is not informed about everybody can make an exit node to spy all your data is not encrypted by ssl or PGP, this ‘ll be more painful as most of all viruses i do know! Modified Exit Nodes can capture all your Passwords, Data send, Emails and so on…
for german speaking, here are more infos about the fraud: http://mizine.de/internet/tor-und-onion-pi-router-sind-gefaehrlich/
Rik_off
when arrive my rasp try the onion
appena arriva lo provo subito