TorBox v.0.5.4 released

Unbelievable! TorBox v.0.5.3 was released approximately 1,5 years ago, and the image was updated a year ago because of the rebasing of Raspberry Pi OS on Debian 12 Bookworm. The installation script worked fine until the Raspberry Pi OS release on November 19th 2024, which broke the installation because of removed packages. Therefore, we decided to release TorBox v.0.5.4 even if we have to move some features to the next version.

Significant new features implemented into TorBox v.0.5.4 are TorBox on a Cloud and TorBox mini:

  • TorBox on a Cloud stands for the possibility of installing TorBox on a cloud server and giving your clients access by using OpenVPN as a server. No Raspberry Pi hardware is necessary for using TorBox on a Cloud, just a virtual server with Raspberry Pi OS, Debian or Ubuntu. On the virtual server, the correct installation script has to be run using the --on_a_cloud option. Important: the installation will overwrite your entire configuration on the cloud — be very careful with it! Once installed, configured and connected with OpenVPN, the data stream from your client machine will be routed through your TorBox on a Cloud to the tor network. It is literally a private VPN with tor functionality, and it is also a good starting point for using Onion Services. For more details, see here.
  • TorBox mini uses a Raspberry Pi Zero 2 W as a RNDIS/Ethernet gadget, which acts as a network device when connected to your computer. It is a good solution when a TorBox on a  Raspberry Pi 3 Model B+, a Raspberry Pi 4 Model B or a Raspberry Pi 5 is too big or expensive to use. The SD Card for the TorBox mini can be created by using the Raspberry Pi OS installation script with the option --torbox-mini by using a Raspberry Pi. To make it easier, starting with this release, we also provide a separate image file for the Raspberry Pi Zero 2 W. For more details, see here.
TorBox mini
TorBox mini

• • •

TorBox Image (about 1 GB): v.0.5.4 (11.01.2025) – SHA-256 values
TorBox mini Image (about 1 GB): v.0.5.4 (30.12.2024) – SHA-256 values
TorBox Menu only: v.0.5.4 (11.01.2025) – SHA-256 values

Or download the image from our TorBox on the cloud test installation.

Since we had to install additional software packages and update the configuration files, it is necessary to use the new image or reinstall TorBox using one of our installation scripts.

Note: Because of the significantly better compression rate, we compress the images with xz. By default, Balena Etcher and Raspberry Pi Imager should support this kind of compressed image, but they fail often with an error message. Therefore, we recommend to decompress the .xz file first.

• • •

Changelog: v.0.5.3 –> v.0.5.4

  • New: You can use your TorBox as an OpenVPN server, even if your installation is not on the cloud. It may be useful if your TorBox is at home and you are with your client elsewhere.
  • New: We added support for domain exclusion into rc.local
  • New: TACA action if triggered by “Failed to find node for hop” or “Your system clock just jumped” (added with the update from 30.12.2024)
  • Updated: The system is based on Raspberry Pi OS “Bookworm” lite 64bit with the Linux Kernel 6.6.62 and Tor version 0.4.8.13 with obfs4proxy version 0.0.14 and Snowflake 2.10.1. It is ready to run on a Raspberry Pi 5.
  • Updated: TorBox FileSharing (TFS) to 2.0 –> more stable and easier to use.
  • Updated: OBFS4 and Snowflake Bridge strings.
  • Updated: Support for Adafruit’s PiTFT displays
  • Updated: The backup and restore capabilities were updated to keep up with the newly integrated features. Also, at the same time, we removed a bunch of bugs, which, in some instances, could hinder a successful restoration.
  • Changed: The default for the countermeasures against a tightly configured firewall is off. We changed the default from on to off because this setting interferes with the correct function of the tor bridges functionality.
  • Changed: We removed the installation of additional network drivers from the First Start-up Dialogue because they are already installed on the image file. The additional network drivers can be installed and updated using the Update and Maintenance sub-menu if necessary.
  • Fixed: Using public DNS server during IP scan for domain exclusion from tor routing
  • Fixed: Pressing the ESC key stops the hostname change/randomization without changing the hostname.
  • Fixed: Features exclusively working on a Raspberry Pi are now blocked on other hardware.
  • Fixed: Enabling the installation/update of tor versions 0.4.8.x. Again, we must use the official Tor repository because the unofficial Tor repository on GitHub is no longer maintained. This could be problematic for users located in censuring countries.
  • Fixed: Enabling the installation of snowflake version 2.8.1. Also, snowflake is now working under Ubuntu (aparmor configuration added).
  • Fixed: Similar Snowflake Bridges were activated and deleted simultaneously. We improved the comparison algorithm to avoid that behaviour.
  • Fixed: Adding two bridges automatically resulted in a wrong country description in torrc.
  • Fixed: machchanger -p broke rc.local
  • Fixed: Onion Services: check if necessary directories exist and create them, if needed. Also, we resolved ownership and permission issues.
  • Fixed: SocksPort 127.0.0.1:9050 was disabled (added with the update from 30.12.2024).
  • Fixed: Some compatibility issues with Ubuntu 24.10 and Python 3.12 have been fixed, but this is not finished yet (added with the update from 30.12.2024).
  • Improved: Predictable Network Interface Names are disabled on Debian systems.
  • Improved: If you want to get the Internet from a non-existent interface, the menu will warn you and advise you to choose another interface. However, we still give the user the choice to try it anyway because sometimes, a network reconfiguration behind the back is necessary. Of course, in the worst case, the user will lock himself out if he pushes the system too far. 🤷‍♂️
  • Improved: The way TorBox is configuring the network when switching from one interface to another. This should minimise disconnections and lock-out situations (added with the update from 30.12.2024).
  • Improved: In the Configuration sub-menu, TorBox’s Wlan can only be enabled if a wireless ethernet device is present (this doesn’t affect the installation).
  • Improved: The user will see the same progress screen when tor is restarted. We removed the separate „success or fail“ message boxes if the entries in the main menu were used because the “fail” message was often wrong. 
  • Improved: Reduced the number of internal hosts, which iptables addresses. This should also reduce the number of possible clashes if a 192er network is used in the same network. We also improved the iptables rules.
  • Improved: Because Snowflake Bridges are always wrongly displayed as “OFFLINE”, all online checking for Snowflake is now disabled.
  • Improved: The listing of Snowflake bridges.
  • Improved: If you fail to install with the installation scripts, you can continue without redoing the previous steps by using the option --continue_with_step.
  • Improved: Replaced the white coloured font with a yellow colour due to visibility problems on a terminal with a white background.
  • Improved: To ensure that ALL wireless devices’ power-saving mode is switched off (added with the update from 30.12.2024).
  • Removed: exim4, modemmanager, netmanager

• • •

We need your feedback!!

We hope this version pleases you. However, we are dependent on feedback. It is not just about fixing bugs and improving usability, but also about supporting additional interfaces and hardware in future releases:

  • What do you like?
  • What should be improved (why and how)?
  • What would you like to see next? Which features do you request?

With the TorBox GitHub repository, it is straightforward for everyone to report issues or change the code and propose it in a pull request. Because we continue to travel around, it sometimes needs more time to address the issues and proposals. 

For future versions, it is essential that we know what you need and want to see from the Onion Services implementation. Please feel free to use the discussion forum to tell us your needs.

Deanonymisation through traffic correlation analysis

Unfortunately, it is a fact that criminals have also been using tor. In 2001, a major pedocriminal platform in Germany was taken down by the Federal Criminal Police Office of Germany (BKA). In September of this year, researchers showed that the successful investigation against the operator of this platform was only possible through a successful deanonymisation through traffic correlation analysis of the traffic produced by the platform leading members using the instant messaging software Ricochet. Using its own tor exit nodes, with high bandwidth and traffic correlation analysis of the Ricochet data traffic, the BKA could isolate the used entry node, which knows the source IP. The rest of the connection data can be found in the Internet providers’ log files. Fortunately, the investigation led to the arrest of four operators. In December 2022, they were sentenced to many years in prison. However, the verdict is not yet final.

Even if the successful fight against such platforms and organised crime is to be welcomed, this case also raises the question of whether the tor network is still safe for whistleblowers, regime critics, investigative journalists, etc. The first question someone with concerns about his security or anonymity should address is the threat model, which applies to him. Why do you want to stay anonymous, who wants to know your identity and what are the consequences if your identity is known? It is different if you want to prevent capturing your data traffic by an access point operator, overcome censorship during your travel, or be the “Enemy of the State“. Overcoming censorship and securing your data traffic from snooping is easy, but staying anonymous is difficult, requiring a change of habits. Tor developers were always candid about that point: “Tor can’t solve all anonymity problems. It focuses only on protecting the transport of data.” Even if it is not a reassuring statement, usually, it is behavioural errors that lead to a breach of anonymity.

In general, how big is the risk of being deanonymised through traffic correlation analysis? In the case mentioned above, some circumstances favoured the BKA, which is not the case today. In the last years, tor did address the problem that organisations with access to high bandwidth capacity could infiltrate the tor network with their own nodes. The requirement to be used as a tor node is higher today. The Tor Network Health team has flagged thousands of bad relays, which the Directory Authorities then voted to remove. Those included many that would come from a single operator or tried to enter the network on a large scale. The Network Health team has implemented processes to identify possible large groups of relays that are suspected to be managed by single operators and bad actors and not allow them to join the network. Also, the criminals used an old version of the long-retired application Ricochet, which has no protection against traffic correlation analysis. With Vanguard light, tor introduced this protection with tor version 0.4.7, which was first distributed as productional as version 0.4.7.7 end of April 2022 (we switched to that version with TorBox v.0.5.1. However, we added the Vanguard addon already with TorBox v.0.4.2 in August 2021). This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet since version 3.0.12 was released in June 2022.

Daniel Mossbrucker, who part of the team that revealed in September 2024 how users of the Tor network were identified, stated in an interview: “It cannot be assumed that every Tor user can be deanonymised by the authorities in the blink of an eye. So there is no reason to panic, the Tor browser is still a very secure means of communication. On the other hand, our research shows that even a user of Onion Services could be deanonymised by Tor, colloquially known as the ‘darknet’ – in the very part of the Tor network that was considered particularly anonymous and secure.” Coming back to the question of the risk of being deanonymised, we face again the threat model. Let’s say you used tor to download a copyright research paper from an Onion Site for your research; then you can be pretty sure that nobody will take the hurdle to de-mononymise you. However, again, if you are in the crosshair of resourceful national intelligence agencies or law enforcement authorities because of criminal activities, I would not rely on any promise of anonymity. Interestingly, Mossbrucker also mentioned in the interview that deanonymisation through traffic correlation is more likely with low data traffic. Let’s say a tor client is only using Ricochet and connecting only to another user through hidden services a correlation is logically much easier if all the client computer network traffic is going through tor and, at the same time, a busy chat with a lot of other people is connected.

More information: Isabela Bagueros and Pavel Zoneff, “Is Tor still safe to use?“, updated 10.10.2024. 

Update your TorBox

Since October 2023, Raspberry Pi OS has been based on Debian 12 “Bookworm”. The only negative impact for TorBox was located in the installation script. The management of Python modules with pip3 was blocked. We fixed that issue and updated the TorBox image with the new Raspberry Pi OS. The new image works with Linux Kernel 6.1.21 and Tor version 0.4.8.10 with obfs4proxy version 0.0.14 and Snowflake 2.8.0.

Here are the links to the new updated TorBox v.0.5.3 (17.12.2023):
TorBox Image (about 1.25 GB): v.0.5.3 (17.12.2023) – SHA-256 values
TorBox Menu onlyv.0.5.3 (17.12.2023) – SHA-256 values

Unfortunately, I have not yet been able to test the image with the new Raspberry Pi 5, yet.

• • •

Known problems and bugs

BUG: TFS and TCS on Onion Services doesn’t show any images and don’t work correctly due to wrong permissions. You can fix the bug with the following commands:
sudo sed -i "s/^user .*/user torbox/" /etc/nginx/nginx.conf
sudo systemctl restart nginx


The image file is not fixed yet — PENDING! 

BUG: If you see a y by pressing the z key and vice versa, then there is a wrong keyboard layout in the TorBox image. You can fix the bug with the following commands:

sudo sed -i 's/XKBLAYOUT="ch"/XKBLAYOUT="gb"/g' /etc/default/keyboard

Instead of gb, you can also use your preffered two-letter country code. The image file is not fixed yet — PENDING!