https://wintermade.it/blog/enSat, 05 Oct 2019 08:14:28 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rsshttps://wintermade.it/blog/posts/running-your-freedombox-over-tor.htmlAlessandro Balzano<div><p>I've stumbled upon <a class="reference external" href="https://peertube.mastodon.host/videos/watch/b40f5061-ff18-418a-9cd6-9d5409807088">this interesting talk</a> by Nathan Willis about FreedomBox and the Tor network. If you've never heard of them, <a class="reference external" href="https://www.freedomboxfoundation.org/">FreedomBox</a> is a community-developed private server system to host web services on your own computer. <a class="reference external" href="https://www.torproject.org/">Tor</a> is the renowned onion routing implementation that aims to improve anonymity when browsing the web.</p> <p>The speaker describes his personal experience installing and running a FreedomBox installation that is only accessible over Tor. I tried to summarize some points I found personally interesting.</p> <div class="section" id="hidden-onion-service-configuration"> <h2>Hidden .onion service configuration</h2> <p>FreedomBox, via its Web UI named Plinth, lets the users configure and start hidden .onion services. You can find this option in the "Anonymity Network" module. By enabling it, the .onion service will cover any web service that runs from a subdirectory under Plinth.</p> <p>It may not always work, though: If the application doesn't "speak" HTTP, uses a different port or assumes to be accessible at its own (sub)domain - foo.example.com is fine, example.com/foo is not -, Nathan suggests to create your own hidden services for each application: check out <a class="reference external" href="https://peertube.mastodon.host/videos/watch/b40f5061-ff18-418a-9cd6-9d5409807088?start=11m51s">11:54</a> to understand the right commands.</p> </div> <div class="section" id="routing-non-web-application-over-tor"> <h2>Routing non-web application over Tor</h2> <p>Tor offers <a class="reference external" href="https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO">torify</a>, a wrapper around torsocks, that lets you proxy the TCP traffic of a given application via SOCKS5 protocol - no UDP though. It is helpful for applications like IRC bouncers, provided that they support the SOCKS5 protocol. At <a class="reference external" href="https://peertube.mastodon.host/videos/watch/b40f5061-ff18-418a-9cd6-9d5409807088?start=24m18s">24:18</a>, Nathan describes how the issues he had trying to "torify" Radicale, a CalDAV application, and some IRC bouncers.</p> </div> <div class="section" id="mobile-access"> <h2>Mobile access</h2> <p>Nathan also describes some issues with using Android applications to access his self-hosted applications over Tor. Tor Browser on Android works in the same way of its desktop parent, so at least he can access the web applications running on his hardware. To proxy the traffic of native Android applications, you can use Orbot - it doesn't always work, though. Nathan also explains some examples of "mobile madness" he found when configuring mobile applications for TT-RSS and Radicale.</p> <hr class="docutils"> <p>So, I hope these notes encouraged you to check out the talk! Let me know what you think over <a class="reference external" href="https://twitter.com/alfateam123">Twitter</a> or <a class="reference external" href="mailto:winter@wintermade.it">email</a> .</p> </div></div>freedomboxtorhttps://wintermade.it/blog/posts/running-your-freedombox-over-tor.htmlTue, 13 Aug 2019 15:44:11 GMT