Start a TOR relay at home on a Raspberry Pi

I recently created a TOR relay on a raspberry pi at home. It sits quietly next to my router supporting free speech and privacy and costing me nothing daily.

Here’s how I did it.

1. I bought a raspbery pi

I bought a kit kinda like this that has a charger, case, some heat syncs, an SD card, and some other stuff that is needed to do much with the pi.

2. It sat in a drawer for 4 years.

I don’t recommend following this step!

3. I finally decided to take it out and set it up.

It is easiest to do this if you have a usb keyboard/mouse and monitor with HDMI cable. I tried before with a headless setup, and while there are instructions for that, sometimes troubleshooting is easier if you can see the pi’s homescreen.

4. Read a little about TOR relays

The “Deciding to run a relay” section on the Tor Relay Guide is a great resource to understand what you are doing and why.

5. Install an OS on the raspberry pi (if it doesn’t have one already).

Plug it in to let it boot up if you’re not sure. If it doesn’t boot up, you’ll probably need to write an OS to your SD card.

Here are instructions on installing the OS, which you can make CLI only/headless later if you want.

If you would perfer a minimal installation, the first part of this Headless tutorial will show you how to install the minimal OS if you’re interested in that route. The rest of these instructions can also be followed using SSH on the cli.

6. Setup a static IP with your router

This is important for port forwarding, or how your going to get the TOR traffic through your router and to the raspberry pi. Here are instructions on setting up a static IP on the raspberry pi’s OK.

Make sure you are reserving the IP for your raspberry pi on your router. I had an issue with this. This will be different on different routers, so you should just google ‘reserve static ip’ for your particular router model.

Also make sure to test your internet connection after this step by opening a webpage, running ping google.com, or something else.

7. Open ports 443 and 8080 on your router and forward to the static ip of your raspbery pi.

This will again be different for different routers, so google ‘port forwarding’ for your router model.

8. Run these scripts

You could just follow the official Tor documentation, but these scripts set up several other things for you like updating your system, ensuring automatic updates, and configuring the ports. Make sure you read through the bootstrap.sh after you clone that repo so that you exactly know what you are executing on your pi.

Make sure you follow the instructiosn about limiting the bandwidth, or the relay may take up all your bandwidth and make your network slow. The default settings already limit the bandwidth, but you may want to follow the instructions on the scripts page to customize it for your connection.

Note: the address you add to the torrc file is published, so I used a Firefox relay address instead of my main address.

9. Check the logs to make sure it is working!

If you tail /var/log/tor/notices.log, you should see

Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.

If you see another message, the service may still be coming up. If you see a notice that it can’t reach the ports, then there is probably an issue with your port forwarding.

10. setup nyx

You can use Tor Nyx to monitor Tor. In order for it to work, you’ll need to add this to your torrc file

1
2
3
4
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
DataDirectoryGroupReadable 1

And you’ll need to add your logged in user to the debian-tor group:

1
sudo usermod -a -G debian-tor your_default_user

Use getent group debian-tor to make sure the user is showing up in the groups. You will need to restart tor and possibly log in and out of the user.

12. Look up your relay in the registry

In about 3 hours, your relay should be listed in the registry. In the Relay Search, you can search by ip or nickname of your node.

Here’s mine!

13. Probably set up SSH so you can log in to your pi and check on it

Set up SSH on the raspberry pi so you can access it using ssh pi@<static ip address> from a terminal on your computer

Generate a public key and copy it to the pi

When I was done, I also went into the raspberry pi settings and switched it to boot up to CLI instead of desktop, since I will be running it without a monitor from now on.rap

And that’s it. I hope you try it out! Happy Torring!


Useful Mercurial Commands for Mozilla Central

Some helpful commands for using mercurial with Mozilla Central

hg pull

Get newest revisions. mozilla-central changes a lot, so this needs to be done at least daily and before any work is started

hg update

hg wip

Shows a nice graph of your revisions vs the revisions from central. Shows whether you need to rebase

hg status

Shows all files you have changed but not committed

hg status --rev central
https://stackoverflow.com/questions/8734817/mercurial-generate-file-name-only-diff

Shows all files you have committed (or not commited) that are different from central. I.e. it can show you all the files in your patch at once if you’ve made several revisions

hg commit m "commit message"

mercurial does not have staging. Straight to commit.

hg rebase central

Make sure all your stuff is committed first

hg shelve
https://www.markheath.net/post/git-stash-for-mercurial-users
If you don’t want to commit the current changes

hg histedit <rev>
https://www.mercurial-scm.org/wiki/HisteditExtension
To squash and/or rename commits

Final commit message format:
Bug 577872 - Create WebM versions of Ogg reftests. r=kinetik

You may also want to change your default editor (unless you like using vi or vim). You can do that by adding an evironment variable:
export HGEDITOR=<your favorite editor>

hg revert <filename>
To remove changes to a given file

hg diff -r central
To show changes since central (all commits)

hg update -r <rev>
To change to a different rev

hg parent
If you get lost in your revisions–to show which you are on.

Tests to run:
./mach lint -l eslint -o

./mach lint -l wpt -l wpt_manifest -o

./mach mochitest browser/components/preferences/in-content/tests/
Run the relevant folder here. All Mochitests will take a long time to run.


Sync-Process

I’ve already met with people from several teams including the Firefox Privacy and Security team, the containers team, and the sync team to dicuss paths forward with this project. There were many ideas on what to accomplish here.

We decided that my first task with the Multi Account Containers project is to enable “Sync” with the containers between browsers that are logged in with the same Firefox Account. Sync is a Firefox service that syncs your bookmarks, passwords, open tabs, and history between firefox installs on all your devices. It’s a really handy feature, but unfortunately containers are not currently sycned. Even worse, the site assignments (which are in my opinion the most tedious thing to set up), aren’t even stored in Firefox and so wouldn’t be synced if the containers were.

We discussed where to add this feature: In the browser or in the extension, and we chose the extension for the sake of getting the project shipped while I am still an intern. Future work here would obviously be to pull the containers and site assignments (and syncing) fully into Firefox itself.

Paths forward for syncing were also dicussed, including using the container name as a unique identifier. This might cause problems or make it harder to rename or delete a container, so we decided to add a uuid for the containers in the MAC extension.

Workflow

The initial sync on versions of the addon that have never been synced will

  1. add a uuid for each of the containers
  2. flag all assigned sites with that uuid while keeping their contextual identity number

Currently Firefox Contextual Identities (what the containers are called inside the browser itself) are not given uuids and this could cause collision issues when syncing data. That will need to be updated within firefox at some point. Maybe a furture project for me.

  1. The new containers with uuids and site assignment data will be stored in sync
    • this must remain less than 100 kB, the sync limit for addons)

When syncing with a previously unsynced Firefox MAC addon, the addon should:

  1. compare the synced containers with the containers on the browser

If site assignments are the same for a given container name:

  1. The containers will be assumed to be the same and will be merged with a single uddid from the synced container

If the site assignments are different or a synced container is found that is not in the browser:

  1. a new container will be made on the browser

After the initial sync, the addon will sync based on uuids and maintain a list of deleted container uuids.


This blog post is part of the [Outreachy](https://www.outreachy.com) project.

Outreachy Application Process

I have wanted to be a programmer for a long time. It was my original major choice, but due to various issues, I didn’t end up going down that path. But I’ve always tried to do a little development on the side or to help me with my job, so when I was laid off from my engineering job in June, I realized I had a few months to really try to train myself up and become a real-live developer. I took some online courses, worked on my own web apps, and got lots of help and advice from my programmer friends. I even tried my hand at some contributions to open source. This was when I was told about the Outreachy program.

I applied and was accepted to the second round of applications where the applicants get to submit to different projects to figure out which projects they like, and in turn, the project mentors get to figure out which applicants have the needed skills and fit well with their working style. Overall this seems very much like a code interview might be, except that if your work is good it actually gets used in the project. The only downside to this is no time limit was put on this, so people who are going to school, otherwise employed, or have kids may not have the same available time to make a solid contribution. In that respect, I feel very lucky that my husband has a good job and I can take this time off, not only to apply for Outreachy, but also to try this career change!

They closed the second round applictaion about a month before the internship started to give the mentors a few weeks to decide. I was ready to hear back right away, but alas, I had to wait! The week of Thanksgiving I heard back that I was accepted on Firefox’s Multi Account Containers Addon project. I am very excited to be working with a company so full of talent like Mozilla.


This blog post is part of the [Outreachy](https://www.outreachy.com) project.

Welcome

Hi There.

I’m a trained Chemical Engineer (PE) who is working to become a full time developer.

When I first started college I wanted to be a computer science major, but some things got in my way. I also really like Chemical Engineering and have had a lot of fun in that field, but I really like programming as well.

Since college, I have always done some amount of programming. At first it was just running my own website. At my first job I worked on some engineering code that was built in Fortran, C, C++, and Python. I’ve always tried to fit a little development into whatever chemical engineering job I held at the time—usually building utilities to make my job easier! I have also volunteered for Code for Tulsa and Oklahoma’s Technology foundation: Techlahoma.

Because of my unique background, I’ve been able to develop some apps that might be usefully to a chemical engineer. I hope to release them soon.

I hope you like my site!


Developing a programming path

Learning Program

I am most familar with Python and JavaScript, so I am going to focus on those two languages. Here is where I want to start.

Free Code Camp

Free Code Camp has some very beginner lessons, but it also has some more advanced information, and it seems like an excellent resource to fill in the gaps. I will be going through the curriculum and skipping items that seem rudimentary or that I already know. I'd like to cover lessons like:
  1. Review any gaps in basic HTML and CSS
  2. Flexbox, Responsive design, Assessibility, Responsive Web Design Projects
  3. Review of JS algorithms and datastructures
  4. Front End Libraries
  5. Data Visualization
  6. APIs and microservices
  7. Information Security

What I want to learn next:

Databases

  1. The Ultimate MySQL Bootcamp: Go from SQL Beginner to Expert
  1. MySQL tutorial

Flask and Django

  1. REST APIs with Flask and Python
  1. Python and Django Full Stack Web Developer Bootcamp

A stack with React or other JavaScript

  1. This course

Hello World

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.

Quick Start

Create a new post

1
$ hexo new "My New Post"

More info: Writing

Run server

1
$ hexo server

More info: Server

Generate static files

1
$ hexo generate

More info: Generating

Deploy to remote sites

1
$ hexo deploy

More info: Deployment