Building a Tor Proxy with a Raspberry Pi

mr.smashy
5 min readFeb 21, 2020

--

Using Tor to anonymize your traffic with low cost hardware

Raspberry PI Zero W

Why Would You Do This?

By combining the low cost of a Raspberry Pi Zero W and the rather high anonymity of Tor, you can evade the pervasive surveillance that exists on the web today. My primary use case is watching YouTube videos; I want to watch whatever I want without the extensive tracking, analytics, and ads that accompany YouTube. With a Tor proxy and some software, I can watch YouTube without a Google account. I’m reasonably sure Google has no clue what videos I chose to watch. And that data is exactly what Google cares the most about.

Requirements

Hardware can scale depending on how much traffic you think your proxy will handle. I really don’t send much through, so I use a Raspberry Pi Zero W, but A Pi 3B+ with an Ethernet port would certainly improve performance. You’ll also need a micro SD card (a 32GB card is very adequate) and a power supply (I’m powering my Zero W with an iPhone cube, so my cost was $0.) Total cost was $18, $10 for the Pi Zero, $8 for the micro SD, and I had the USB cable and power supply.

Preparation

Flash your micro SD card with Raspbian Buster Lite and add a “ssh” file to the boot partition using touch or New > Text Document and name it “ssh” and removing the .txt extension.

To have you Pi automatically join your WiFi network, create a file called wpa_supplicant.conf

country=US # Your 2-digit country code
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
ssid="YOUR_NETWORK_NAME"
psk="YOUR_PASSWORD"
key_mgmt=WPA-PSK
}

Install the micro SD card and boot your Pi. Find the IP on your LAN and SSH. Update Raspbian

sudo apt-get update && sudo apt-get upgrade

Installing Software

Start by installing Tor

sudo apt-get install tor

Configure Tor to be a proxy service. Backup the config file and then edit it.

sudo cp /etc/tor/torrc /etc/tor/torrc.backup
sudo nano /etc/tor/torrc

We need to make changes to the following lines. The SocksPorts should be the LAN IP address of the Pi.

SocksPort 192.168.1.100:9050
SocksPolicy accept 192.168.1.0/24
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1

Install Nyx. Nyx is a command-line monitor for Tor. It’s use for monitoring your proxy performance and checking for any issues.

sudo apt-get install nyx

Change the permissions on the Tor cookie to allow Nyx to run without elevated privileges.

sudo chmod 755 /run/tor/control.authcookie

Add a config directory

cd .nyx
mkdir config
cd ~

Start nyx by typing “nyx”. You should now have a terminal display of your Tor proxy. Use the left and right arrow keys to display more info.

nyx terminal Tor monitoring view

Update: Cron jobs to make Tor run smooth

After living with my Tor proxy on a Pi Zero, I added the following Cron jobs to keep Tor running smoothly. Sometimes I noticed some performance issues with streaming video, and restarting the Tor service would resolve that.

To start, edit the crontab file.

sudo crontab -e

Add the following lines to crontab

0 4 * * * sudo service tor restart
5 4 * * * sudo chmod 755 /run/tor/control.authcookie

Save the file. Obviously adjust times to suit your needs.

Setting up Clients

Configure a browser to use your Pi as a proxy. If you have Firefox installed this is the easiest way, but there are Chrome plugins that allow you to use a proxy.

Firefox proxy config

Test Tor routing by visiting https://check.torproject.org/

Success.

Install FreeTube. Binaries are located at https://freetubeapp.io/#download and the Github is located at https://github.com/FreeTubeApp/FreeTube

Export your YouTube subscriptions. Go to your YouTube Subscription Manager and scroll to the bottom of the page, and click “Export subscriptions” to save them as an XML file. In FreeTube, under Subscriptions Settings, use the file with the Import Subscriptions button to transfer your subscriptions.

Setup FreeTube to proxy Invidious API calls to Tor. Under Advanced settings, enter the IP address of the PI and the Tor proxy port, 9050. Click Test Proxy and Set “Use Tor / Proxy for API calls” to On.

FreeTube configured for Tor

FreeTube uses the Invidious API to grab and serve videos. Invidious scrapes the YouTube site which prevents the need for any official YouTube API. While YouTube can still see your video requests, it can no longer track you using cookies or JavaScript. Your subscriptions, history, and saved videos are stored locally on your computer and never sent out. The Tor proxy will anonymize IP data.

Be sure to set your Invidious instance. Onion sites are available via the Tor proxy and I recommend using them. There are usually at least two onion instances available.

Onion sites are available through the Tor proxy
FreeTube interface

As we check subscriptions and view videos, we can monitor what FreeTube is connecting to on the network. It’s only communicating with the Tor proxy.

All connections are with Tor proxy

The goal of anonymously watching YouTube videos has been achieved.

Final Thoughts

Is this the safest way to use Tor? Hell no. This is a specific use case for my threat model (evading Google surveillance.) I also use my Tor proxy for occasional web searches, but with my browser fingerprint being vastly different than the Tor Browser bundle, it de-anonymizes my traffic to a degree. If you are looking for a safe way to use Tor with a higher threat model, this is not the way. You’ll need to look into a quality VPN (however you quantify that), possibly dedicated hardware, a specialized platform like Tails or Whonix, and crypto currency. If you want to escape pervasive tracking and surveillance, this is a low barrier to entry and will do quite well. It is really nobody’s business what I want to watch on YouTube, and now I don’t need to worry about that, or advertisements, or cookies. And I can make an occasional quick web search on Tor with a modest level of anonymity.

--

--

mr.smashy
mr.smashy

Written by mr.smashy

Cybersecurity architect. Security dev and researcher. Infosec nerd. Linux enthusiast. All opinions and views are my own. Polite, professional, prepared.

Responses (3)