Page 1 of 1

raspi tor node

Posted: Sat Jan 19, 2013 8:16 pm
by unclejed613
i've been tinkering with tor on my raspberry pi for a few weeks now. i've got it running tor and torchat, as well as running a web server with a blog (nanoblogger) on the tor network. i've also loaded pidgin with the OTR (Off The Record) encryption plugin. it's also running an XMPP server with both non-tor and (soon) tor connections. i think when i get this all finished and playing nicely (which it seems to be doing) i'll make a SD card image available and call it "Onion-Pi". rather than loading the basic tor package, i found it easier to install Vidalia instead, configure tor the way i wanted to, then copy the torrc to another directory (~/.tor) and run tor from a command line script that also loads arm (instead of Vidalia, because Vidalia periodically hammers the cpu at 80-90% of cpu usage). so when i get all of this the way i want it, i will make an SD card image (minus my own data of course). i have noticed that on the tor network there are at least 6 relays running that have raspberry-pi in the node name, so i'm not alone in being interested in this use of a pi. if anybody is interested in reading the blog on my pi, it can be found at: http://opnju4nyz7wbypme.onion/weblog/index.html and you can holler at me through torchat at khgjyaur2kknp7el

of course, with things getting weird in my country (US), these addresses are subject to change.....

Re: raspi tor node

Posted: Thu Jan 24, 2013 6:18 am
by unclejed613
btw, for those using tor on their raspberry pi, if you are doing simple web browsing (i.e. primarily looking for text documents, blogs, etc... Raspbian includes lynx, which is a text only browser, but you can have lynx open images and video with other programs like mplayer, vlc, or gwenview. the text only browsing is also a lot faster on tor, since it's not downloading all kinds of style sheets, java scripts, etc... which will compensate a lot for the slowness of tor compared to direct internet connections. the gui browsers that come with Raspbian, even though trimmed down for the pi, still use a lot of memory, cpu time, etc..., so you may want to consider using lynx from time to time if you're just looking for text items (even if you're not using tor, it will save time and cpu/memory/disk space)

Re: raspi tor node

Posted: Thu Jan 24, 2013 10:25 am
by Wasp_Box
Hi,

Just had a look at your tor blog - nanoblogger looks interesting.

There seems to be no way to leave comments. I would suggest that you alter the green text on a green background as it induced a headache in about 3 secs. The blog loads impressively quickly on tor and esp running on a RPi. I would be interested in a bit more detail on how you set it up, if you have the time.

Regards

Re: raspi tor node

Posted: Fri Jan 25, 2013 2:40 am
by unclejed613
yeah, i've been trying to find a way to do comments.... i'll try again this weekend to get a comments system installed. tnx for the feedback about the color scheme. i've been learning a little bit about how
css sheets are constructed, and have been trying different color schemes. the green one kinda reminded me of monochrome VGA with a green phosphor, which for some reason, banks and doctor's offices seemed to prefer over grey. a description of how i set it up is available here: http://www.electro-tech-online.com/blogs/unclejed613/

Re: raspi tor node

Posted: Fri Jan 25, 2013 12:12 pm
by Wasp_Box
Thanks very much, that's really helpful.

It looks like there may be some kind of comment plug-in for nanoblogger but I haven't looked into it yet.

I'm going to have a go at using nanoblogger to set up my own hidden service when I have the time.

Regards

WB

Re: raspi tor node

Posted: Sun Jan 27, 2013 11:14 pm
by unclejed613
btw, if you check the page again, the onion address for "operator chat" has changed...
of course, when i get things working the way i want them, all the onion addresses will be changed and only be posted within the onion network... i'll just have to find a way to post them there...

Re: raspi tor node

Posted: Mon Jan 28, 2013 2:09 am
by unclejed613
i've partially "genericized" a copy of my raspi tor node. i removed the keys and ID's that get created when tor and torchat are run for the first time, and while i didn't delete the current data in my blog, i changed the blog name, contact info, etc... to something like "i need to edit the config". the only problem is it's a 4Gig file, and uploading it (if i could even find a place to upload it to) could be a major pain. i could possibly generate a torrent file for it, but i want to tweak it a bit more before releasing it. i did also add two scripts "torstart" and "torstop" because i hate having to remember what goes in the command line....

Re: raspi tor node

Posted: Mon Jan 28, 2013 3:04 pm
by Wasp_Box
I've had another look and it's much easier to read even if it's less visually "interesting" (I get what you mean about the phosphor trail but it was a sod to read).

I'm not sure that a torrified SD image is the way to go. If anonymity was of life-threatening importance to me then I wouldn't download and rely on an image from someone I don't know on the internet! I, personally, would download it and have a look but the use of tor is a choice for me, rather than a requirement. It would be great to see a detailed guide on the Wiki on how to torrify and run an onion blog using nanoblogger on the RPi.

Re: raspi tor node

Posted: Tue Jan 29, 2013 4:14 am
by unclejed613
i agree, the safest way to get TOR is from a trusted source. i think part of my tweaking of the pi is going to be torifying apache, instead of running apache normally and applying it as a hidden service after the non-secure port 80 is already open. i can probably close all of the ports i need to close with iptables, rather than reinvent the wheel. loading tor as root ran into a bunch of file permission problems, because tor starts as root, then reverts to a "tor" user, so any log files, hidden service directories, etc, dump because the user "tor" doesn't have permission to write files.

Re: raspi tor node

Posted: Tue Jan 29, 2013 10:29 am
by Wasp_Box
I'm rather outside of my comfort zone here! I don't really understand how you could run an anonymous blog (say) without using hidden services (or similar on other dark networks). Otherwise would you not have to provide a traceable address?

Re: raspi tor node

Posted: Wed Jan 30, 2013 1:59 am
by unclejed613
the onion address is basically that. i'm only releasing the onion address publicly to test the pi and it's configuration. once i've finished testing, i will have tor create a new onion address, and change the name of the blog (instead of using the tor relay's ID), and then only distribute within the tor network. same goes for torchat, the torchat onion address will also change, and i will only distribute it to trusted people. my IP address changes regularly, because my ISP does that, but the onion address does not change unless i want it to. the onion address doesn't tie to an IP address but is related to the hidden service's public encryption key. if you look up the relay i'm using in vidalia and find it's somehow related to something in the blog, you might be able to guess the blog and the relay are connected. the relay listing in vidalia does show IP addresses. but i will be changing the name of the blog and it's content once i'm done testing, and there will be no traceable linkages.
https://www.torproject.org/docs/hidden-services.html.en gives more info on how this works. tor does not have to be set up as a relay for hidden services to work, which means the hidden service doesn't tie to an IP address, only to it's public key

Re: raspi tor node

Posted: Thu Jan 31, 2013 8:12 pm
by Wasp_Box
Yes, I understand how tor works. It was this bit: " torifying apache, instead of running apache normally and applying it as a hidden service after the non-secure port 80 is already open" that suggested you might be hiding your IP without running a hidden service. I think I know what you mean now.

In other news... there are comment systems for nanoblogger but the ones I've looked at seem to have security issues (javascript etc). I still think nanoblogger looks really interesting and I'm definitely going to have a try.

Regards

Re: raspi tor node

Posted: Sat Feb 09, 2013 8:20 pm
by unclejed613
ok, so i've added zerobin, which is a pastebin. not exactly a comment system, but every comment system i tried to install, although simple to install, didn't work for one reason or another. i even tried nanoblogger-mod, which is a modified version of nanoblogger with an integrated comment system. when i tried to run the script to set up a weblog, the script came back with a bunch of "file not found" and "command not found" errors. zerobin worked pretty much right away, and all i had to do was create a comments thread and a "contact the operator" thread, paste. the links to the threads in the main_links template, and it works. zerobin is encrypted and anonymous... a good match for a tor hidden service.

Re: raspi tor node

Posted: Mon Feb 11, 2013 5:34 am
by unclejed613
so when i go to create a new blog post, i found i can enter the HTML link directly in the text to a comment thread on zerobin. of course this takes a small amount of work. on my x86 linux box, i ssh into the pi, and run the nanoblogger entry script to create a new post

Code: Select all

nb add entry
at the same time, i navigate to the zerobin page with a web browser and create a new discussion thread for the blog post i am creating, and copy the thread's link into a text file i use to keep track of opened zerobin threads. then i type my blog post in the ssh window as normal, except at the end i add the following link tag

Code: Select all

<a href="../zerobin/index.php?insert-copy-pasted-thread-id-string-here>Comments</a><br />
and save the text file. after nanoblogger finishes building a new page, i verify that the post does have the "Comments" link at the end, and that it does indeed work. this works when the text file is in "raw" format. i think if you use other formats, nanoblogger might strip off the HTML link. it might seem to be a bit of work to do this, but i had trouble getting other comments systems working, and all that's needed for zerobin to work is to drop it into the apache file structure in /var/www and add the links in nanoblogger. the only additional thing i had to do is create a data and tmp directory and chown them to www-data. on my machine (a bit different since my first attempt at creating a web page on the Pi consisted of copying one directly from my slackware machine) the directory structure is something like this:
/var
........|
........./www
..................|
................../htdocs
................................|
................................./weblog
................................./zerobin
there's a web page i made as a test under htdocs, and it has a link on it to the weblog, which has the comments links to zerobin, and it all happily gets along on the pi. php5 is the only real dependency for zerobin.

Re: raspi tor node

Posted: Sat Apr 20, 2013 9:57 pm
by unclejed613
had a hiccup with the tor node that deserves mentioning. hopefully if somebody else runs into this, they can save several hours figuring it out......
i was configuring prosody, an xmpp chat server. prosody wants FQDN (fully qualified domain name) to operate properly, so i went into etc/hostname and changed the pi's hostname to something like rpi.home.lan. i got prosody working perfectly, but failed to notice for about a day or two that tor was coughing up errors "cannot determine that your ORport is reachable from the outside". it took me several hours of poking around in various config files before i remembered having changed the hostname. the fix is to add the following line in /etc/hosts

Code: Select all

127.0.0.1          rpi.home.lan
after that change, and restarting inetd, everything was working again.