A DIY Tor Wi-Fi Access Point

Browse anonymously with this Raspberry Pi–based wireless router

Recent revelations about the scope of electronic surveillance performed by the U.S. National Security Agency have provoked considerable debate both inside and outside the United States. Ironically, however, over the past few years, departments within the U.S. federal government have been helping to support a project designed to combat Internet monitoring. The Tor Project permits anonymous Web browsing and publishing, and it has received funding from the U.S. National Science Foundation, the Defense Department, and the State Department. They’ve backed the project either for research purposes or, in the State Department’s case, to assist democratic movements in countries with repressive regimes.

Now, using the Raspberry Pi microcontroller as a platform, Adafruit Industries has released the Onion Pi Pack, a kit that creates a Wi-Fi access point with Tor software built in. [For a profile of Adafruit’s founder, see “Limor Fried: Channel Your Inner Maker,” IEEE Spectrum, May 2013.]

For most people, using Tor involves installing a customized Web browser and the software required to anonymize Web traffic. Alternatively, users can boot their computers with a USB flash drive loaded with the Linux operating system and a Tor installation.

But having the Tor software on a computer can be suspicious in itself. Less ominously, many companies prohibit the installation of nonstandard software. Further, if the computer normally runs OS X or Windows, using the Linux-based flash drive can make it difficult to work with some files. By off-loading the Tor software to a Wi-Fi access point, users won’t need to install anything on their computers, and they can work with their normal operating systems.

Adafruit supplies the Onion Pi Pack in two versions—a long-range edition that sports a Wi-Fi adapter with a full-size 15-centimeter antenna, and a more discreet short-range edition that has a button adapter. In addition to an adapter, each kit comes with a Model B Raspberry Pi microcomputer; a case; an FTDI serial communications cable; a micro USB cord and mains adapter (to supply power); an Ethernet cable; and a 4-gigabyte SD card loaded with a version of Linux that is optimized for the Pi (but doesn’t have the Tor software installed).

Putting the hardware together is trivial: Pop the SD card and Wi-Fi adapter into their slots, and then hook up the micro USB cord and Ethernet cable to the mains adapter and a router, respectively.

Getting the software running is a different story. Adafruit supplies a detailed set of tutorials online, but using them can sometimes feel like going down a series of rabbit holes. Adafruit designed each tutorial to be self-contained, so it can be used with different kits. So there’s one generic tutorial for initially configuring a Raspberry Pi, another for setting it up as a Wi-Fi access point, and so on. And some tutorials direct you to complete another tutorial midway through. Some of the tutorials are also best completed using graphical-interface-based tools, so you’ll probably want to hook the Pi up to a keyboard and mouse and an HDMI-capable TV for at least part of the process.

You’ll also be editing a fair number of text-based configuration files. Fortunately, you can avoid a lot of error-prone typing by using the FTDI cable to connect the Pi to whatever computer you’re using to read the online tutorials. Then it’s mostly just a matter of copying and pasting various alphanumeric gobbets into configuration files via an old-school terminal window.

There are also traps for the unwary during the process: For example, the British-made Pi has a U.K. keyboard set as the default. This caused a problem when I dutifully changed my log-in password as my first step and later changed the keyboard settings to “U.S.” After rebooting the Pi, I had difficulty logging back in because some of the symbols I’d used for my password are in different places on a U.S. keyboard. Another example is when I tried powering the Pi using the FTDI cable alone. This feature would have been convenient, but it turns out the cable doesn’t supply enough juice to sustain an Ethernet connection. It took me a while to figure out why my network had stopped working.

Once configured, however, the Onion Pi is easy to use: Just power it and plug it into an active Ethernet port. Certain services are blocked to preserve anonymity, such as the “ping” command used to test connections, but in general the Onion Pi behaves like any other Wi-Fi access point. There’s one big difference, though: speed.

Tor anonymizes traffic by encrypting it and sending it to a relay. The traffic then bounces around at random within the Tor network until it is decrypted at an exit gateway somewhere around the globe and passed to the Internet at large. The outside world sees the IP address of this exit gateway as your IP address. All this takes time, and the Tor network has only so much bandwidth, so attempting to download a video file, for example, can be an agonizingly slow process.

There are also limits to the veil of anonymity provided. If you transmit identifying information—such as your name—to an external server, then you’ve rendered the system moot. What’s even more insidious is that if you use the same browser for accessing the Tor network as you do for regular surfing, you could be “clickprinted”—that is to say, identified by such things as cookies stored on your computer or the precise configuration of your plug-ins. Browser, beware.

This article originally appeared in print as “Privacy in a Box.”

Advertisement
Advertisement