With the whole world shutting down brick and mortar locations and trying to social distance I'm wondering what hits individual privacy will take...
I have a raspberry pi collecting dust so I figured I could put it to use as a Tor relay.
*Note - this build is in progress and not complete *
What is Tor?
If you are not familiar with Tor, it is an online privacy service that routes traffic through multiple servers and encrypts it each step of the way. To take advantage of this all users need to do is use a Tor enabled browser like the one offered by the Tor Project, Firefox, Brave, etc.
In their own words, the folks at the Tor project "fight every day for everyone to have private access to an uncensored internet, and Tor has become the world's strongest tool for privacy and freedom online." (source)
The short version of how this works is that your Tor browser will navigate a course to the internet sites you visit by passing the data through 3 Tor relay nodes. Traffic between the browser and each of the 3 nodes is encrypted so that neither has all the details of who you are and where you are going. For more details check out the Tor Project
What are the Relay Requirements?
Host:- A <40 Mbit/s non-exit relay should have at least 512 MB of RAM available.
- less than 200 MB for Tor related data
- Any modern CPU should be fine.
Networking:
- at least 7000 concurrent connections
- and minimum of 10 Mbit/s (Mbps) or at least 1 Mbit/s for a bridge with obfs4 support.
- They say to expect a minimum of ~3GB of I/O / day
What OS should we load on the pi?
Any OS can be used, but the documentation (here and here) seems to imply that BSD is needed for variety. As BSD is supposed to be great for security and networking it seems like a good choice for this use case. Both FreeBSD and OpenBSD support the pi, but only FreeBSD supports older model I have available.Flashing FreeBSD is pretty much the same as rasbian or any other OS for the pi, but if there is any doubt FreeBSD foundation has a pretty good write up
How do I install the Relay software?
Once the pi is up and running the Tor project has all the info we need to get the relay configured, but first we need to decide what type of relay. there are 4 options:- Guard - This is the first place a Tor browser will go. It will know your IP.
- Middle - This is (as name implies) the relay that sits in between the guard and the exit..
- Exit - This is what the websites you visit see. These relays are most likely to get blamed for any bad behavior of the Tor users.
- Bridge - An incognito relay that is not publicly listed. Its meant to support users / regions in areas that are trying to suppress Tor usage.
The Bridge Relay installation instructions provided by Tor Project looked straight forward, but apparently obfs4proxy is not packaged in FreeBSD for pi builds. To get around this I followed the ports installation procedure from the FreeBSD handbook to go get that package and its dependencies. (as opposed to pkg install as stated in instructions linked above).
Here are the cliff notes...
#pkg install subversion
#svn checkout https://svn.FreeBSD.org/ports/head/security/obfs4proxy-tor /usr/ports/security/obfs4proxy-tor
# svn checkout https://svn.FreeBSD.org/ports/head/Mk /usr/ports/Mk
# svn checkout https://svn.FreeBSD.org/ports/head/lang/go /usr/ports/lang/go
#cd /usr/ports/security/obfs4proxy-tor
# make install clean
#pkg delete subversion
In any case, this method I used was successful even if it was a bit slow as it downloaded the entire svn head dir...
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Links:
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
https://community.torproject.org/relay/setup/guard/freebsd/
https://community.torproject.org/relay/setup/bridge/freebsd/
https://community.torproject.org/relay/setup/bridge/post-install/
https://2019.www.torproject.org/docs/faq.html
https://blog.torproject.org/remote-work-personal-safety
Comments
Post a Comment