TorBox v.0.4.0 released — welcome TorBox Wireless Manager!

In the last months, we travelled around, and with this release, we tried to implement some improvements based on our experience with the daily application of the TorBox. The most significant improvement is abolishing wicd and introducing our new TorBox Wireless Manager (TWM). Not only is the TWM much easier to use, but it also doesn’t need so much power. Another pleasant novelty is the support of Azur-Meek and Snowflake, which should also work in China. During our travels, we have noticed incorrect DNS resolution regarding torproject.org in some countries. Probably, this is a kind of cheap censorship mechanism. For this reason, during the installation and updates, local DNS resolutions are made through Google’s and Cloudflare’s Domain Name Servers instead of using the Internet Providers presetting delivered by DHCPImportant: these settings are only for TorBox local traffic; all data from the clients are routed through Tor (including DNS requests). Nevertheless, some user complained about using Google’s and Cloudflare’s DNS servers and requested to implement other DNS servers. In the FAQ, we explain our decision in detail and how someone, who cannot live with it, has the possibility to change these settings.

TorBox Image (about 1 GB): v.0.4.0 (10.04.2021) – SHA-256 values
TorBox Menu only: v.0.4.0 (10.04.2021) – SHA-256 values

We strongly recommend using the new image rather than updating an existing system. 

The new TorBox Wireless Manager, which replaces wicd.
Changelog:v.0.3.2 (24.08.2020) –> v.0.4.0 (10.04.2021)
  • Update: The system is based on Raspberry Pi OS “Buster” Lite with a Linux Kernel 5.10.17 and Tor version 0.4.5.7. The Tor Project fixed in this latest version two critical denial-of-service bugs: TROVE-2021-001 and TROVE-2021-002, of which only the first one is relevant for clients.
  • New: wicd has been replaced by the TorBox Wireless Manager (TWM). We like to hear your feedback.
  • New: Support for Meek-Azure and Snowflake implemented, which should also work in China. Meek uses a technique called “domain fronting” to send a message to a Tor relay in a way that is hard to block. Meek-Azure makes it look like you are browsing to Microsoft’s Azure server  instead of using Tor. Snowflake is an improvement upon Flashproxy. It sends your traffic through WebRTC, a peer-to-peer protocol with built-in NAT punching. However, because Meek-Azure and Snowflake are slower, OBFS4 bridges should be used first. If not needed, the best is not to use bridges in the first place. Please, tell us about your experiences with the use of bridges to circumvent censorship.
  • New: Based on several user requests, the configuration sub-menu (entry 11) comprises now an option to block all HTTP plain text traffic through Tor. This should avoid unencrypted data traffic at the Exit Node, which could break your anonymity (see here). However, it is possible that not only http-requests but also other tools, such as VPN clients, will no longer work. Where possible, we recommend installing HTTPS Everywhere in the Browser. We like to hear your feedback on your experiences about that feature so that we can decide if we should block all HTTP plain text traffic by default, starting with one of the next releases.
  • New: Based on several user requests, TorBox can be configured to be accessed with SSH from the Internet.
  • New: Based on several user requests, support for additional network driver were added: Realtek 8188eu, 8188fu, 8192eu, 8812au, 8814au, 8821au, 8821cu, and 8822bu.
  • New: It is now possible to connect/disconnect the TorBox from a VPN using the countermeasure sub-menu without changing Tor’s primary interface to the Internet. With this feature, the user can influence the route of the local network data from the command line and, for example, circumvent censorship measures that don’t allow updating TorBox. Additionally, it gives the possibility to completely disconnect the TorBox from a VPN after finishing using main menu entry 9, which enables TorBox to use route Tor over VPN (for more information about Tor over VPN / VPN over Tor, see here).
  • New: In the main menu, in the top of the right corner, a message shows not only if Tor is working (meaning https://check.torproject.org returns a positive result), but also if the TorBox is connected to a VPN (meaning that local network data from the command prompt is routed through VPN).
  • New: Installation script for Debian 10 (Buster) and Debian 11 (Bullseye) – for more information, see here.
  • Fixed: The user “torbox” was not a member of the group “netdev”, which causes a display error in the entry 1 and 3 in the update and reset sub-menu.
  • Fixed: During the installation of TorBox with the installation script, Tor will be compiled because the the Tor Project doesn’t provide a binary version for the Raspberry Pi. We had this option before in the update and reset sub-menu but not in the installation script, which leads to missing tor packages.
  • Fixed: Fixed the download path for the TorBox menu in the installation as well as in the update and reset sub-menu. We also changed the GitHub download path for the Raspberry Pi Framebuffer Copy needed for AdAfruits Pi TFT installation. GitHub is suddenly changing URLs, which is a pain in the ass.
  • Fixed: Missing path to torbox.lib in some scripts, which use Bridges and prevented Tor from restarting automatically.
  • Fixed: Wrong  menu entry relating to the countermeasure against a disconnection when idle after a restart.
  • Improved: During the installation and updates, local DNS resolutions are made through Google’s and Cloudflare’s Domain Name Servers to avoid cheap censorship mechanism. Important: these settings are only for TorBox local traffic; all data from the clients are routed through Tor (including DNS requests). For more information and an explanation of how it is possible to change it, see here.
  • Improved: The support for Sixfab Shields/HATs for cellular connections can now be installed offline.
  • Improved: The script to install the Adafruit PI TFT is now locally stored and not fetched from the Adafruit Github Repository (Adafruit changed it, and it was broken). However, an Internet connection is still necessary for the installation.
  • Improved: The support for installing TorBox on a Ubuntu 20.04 / 20.10 or Debian Buster/Bullseye system. TorBox’s implementation on other systems and hardware is experimental because we do not have the resources to check all details on all different installations. You can help us with reporting errors back to us.
  • Improved: Cleaned up the code and outsourced more essential functions into the TorBox library or separate sub-scripts. This will help to maintain the code in future releases properly.
  • Improved: The appearance of all menus has been streamlined, and in the files, we fixed some minor errors.
The Countermeasure sub-menu of TorBox v.0.4.0.
The countermeasure sub-menu of TorBox v.0.4.0 with Snowflake and Meek-Azure.
Known problems and bugs
  • LIMITATION: If HTTP plain text traffic is blocked (configuration sub-menu entry 11), .onion addresses, which use “http://”doesn’t work anymore directly with Chrome and Chromium. Both browsers will behave like all other browsers by default, because based on IETF RFC 7686, applications that do not implement the Tor protocol generate an error upon the use of .onion and do not perform a DNS lookup. However, .onion addresses using “http://” can be used through SOCKS 5 even if the HTTP plain text traffic is blocked. Onion addresses using “http://” can also be used with the Tor Browser – with or without its own Tor instance – running on a client. ? In other words, blocking HTTP plain text traffic does not work if SOCKS 5 proxy functionality or Tor Browser is used on a client. ? WARNING MESSAGE ADDED✔︎
    .
  • PROBLEM: People running an OBFS4 bridge relay will probably encounter the following hourly error message: “Unable to find IPv6 address for ORPort xxxx.” It seems that with Tor version 0.4.5.* the Tor Project focuses on improving the IPv6 support (until now, a Tor relay needs a public IPv4 address). At the same time, they changed the address auto-discovery behaviour (see here, here and here), which probably leads to this hourly error message. Even, the Tor Project writes in the Changelog for 0.4.5.7 that they removed “a spammy log notice falsely claiming that the IPv4/v6 address was missing”, it doesn’t seem to work completely. However, this error message has no negative on the operation and the status on Metrics. PROBLEM SOLVED✔︎
    .
  • BUG: Entry 5 in the update and reset sub-menu, which should update the TorBox menu fails to remove the old lib/__pycache__ directory. Even if saying yes to remove it, the update will be incompleted because it cannot replace the old lib directory. Unfortunatelly, all files in that directory except lib/__pycache__ are deleted, so that the TorBox menu will not properly work anymore. It can be fixed with the following procedure:
    – Leave the TorBox menu by pressing ESC
    – Type sudo chmod a+w -R lib
    – Start TorBox menu again by typing ./menu
    – Start the update and reset sub-menu and execute entry 5
    .
    After this procedure and the successful update, the bug is fixed. The current image is updated.  BUG FIXED✔︎
    .
  • BUG: This affects only Bridge Relay operators: due to a bug in the main menu script, every second time when the main menu was started, the OBFS4 and ORPort was blocked, which set the Bridge Relay offline. You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). The current image is updated.  BUG FIXED✔︎
    .
  • BUG: Already in TorBox v.0.3.2, main menu’s start-up can be stuck on the message “Checking connectivity to the Internet – please wait…” for an annoying amount of time if TorBox has no Internet connection. In TorBox v.0.4.0, the introduced timeout had no effect because we did it in a wrong way. You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). The current image is updated. BUG FIXED✔︎.
    .
  • BUG: Using entry 10 in the configuration sub-menu to enable the SSH access to TorBox from the Internet was not permanent when chosen so, but was permanent when chosen temporary (for a description and a quick fix, see issue #46). You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). BUG FIXED✔︎
    .
  • BUG: Entry 7 in the update and reset sub-menu did not erase all passwords in the TorBox Wireless Manager. To take effect, a reboot is needed. You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). BUG FIXED✔︎

    BUG: Because of a wrong variable name, the Snowflake and the Meek-Azure bridges got in the way (for details see issue #48). Nyxnor fixed the bug with the pull request #49 and #51. You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). BUG FIXED✔︎
    .
  • BUG: Since TorBox v.0.3.2, we introduced a new SOCKS v5, which supports destination address stream isolation. Unfortunately, we used the port number, which is reserved for the Tor control port. So far, this didn’t have any adverse side effects. However, this is not the way it supposed to be. For that reason, we changed the SOCKS v5 port for destination address stream isolation to 9052. You can fix these bug by changing in /etc/tor/torrc the following lines: SocksPort 192.168.42.1:9051 IsolateDestAddr -> SocksPort 192.168.42.1:9052 IsolateDestAddr and SocksPort 192.168.43.1:9052 IsolateDestAddr -> SocksPort 192.168.42.1:9052 IsolateDestAdd (with or without #) or by updating the TorBox menu (update and reset sub-menu entry 5) and than copying the default torrc to /etc (cp etc/tor/torrc /etc/tor/torrc). The proposed fix will most likely break tor because the menu script must also be adapted to the new port. For that reason, the fix will be included in TorBox v.0.4.1. BUG NOT FIXED IN v.0.4.0?
    .
  • LOOK&FEEL: Because we offer several install scripts, which dependent on the operating system, install Tor in different ways, we decided to put the repository for Tor’s binaries and sources, knowing that, for example, on Raspberry Pi OS with apt-get update an error message is shown, which does not affect. However, inexperienced users might be discouraged by the error message. See also issue #36. You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). The current image is updated. CLOSED✔︎

Update your TorBox

We have good and bad news…

Bad News
The next TorBox release (v.0.3.3 or v.0.4.0) will probably not be published before the end of March 2021. The reason is that, currently, we travel around and test TorBox in real-world use. The drawn lessons learned will be implemented in the next releases. At the same time, as bandwidth spoiled freaks, we realized that in some places in the world the Internet connections are suicidally slow. This makes a release during our trip pretty much impossible.

Good News
If you have TorBox 0.3.2, you don’t need to wait to update the base system or the Tor version on your TorBox. First, choose entry 1 in the Update and Reset submenu to update your base system (to Linux Kernel 5.4.83). However, this will not update Tor because, for whatever reason, the Tor Project repository doesn’t support armhf anymore. To update Tor, choose entry 3 in the Update and Reset submenu. This will update Tor to the version 0.4.4.6. This version has an improved guard selection algorithms, adds v3 onion balance support and includes fixes for TROVE-2020-005.

The status message seen under entry 3 in the Update and Reset submenu after the update to the newest Tor version.

Travelling around, we expired in some countries a wrong DNS resolution regarding torproject.org. Probably, this is a kind of cheap censorship mechanism. This is why we added to our update script a set of open name servers. In other words, if entry 3 in the Update and Reset submenu produce an error and refuse to update Tor, try first entry 4, leave the Update and Reset submenu (it has to be reloaded) and try entry 3 again. In the next TorBox version, these set of open name servers will be installed as default. Important: these open name servers are only used for the DNS requests directly from the command prompt of the TorBox (during installations, updates, administrative work etc.), but not by the clients. Clients DNS requests are resolved through Tor.

We are working hard to replace wicd with our own lightweight wireless manager for TorBox v.0.4.0. The main reason is that it seems that wicd is not developed further. Several attempts to contact the developers went unanswered. The current version of wicd doesn’t support Python version 3, which produces some headaches under Ubuntu. At the same time, however, it is also an opportunity to significantly simplify the handling of wireless networks in TorBox.

Test version of the new TorBox Wireless Manager, which is replacing wicd in the next major release of TorBox.

TorBox v.0.2.5 released, featuring Bridge Relay support!

Almost a month ago, the Tor Project called for support:

We currently have approximately 1,000 bridges, 600 of which support the obfs4 obfuscation protocol. Unfortunately, these numbers have been stagnant for a while. It’s not enough to have many bridges: eventually, all of them could find themselves in block lists. We therefore need a constant trickle of new bridges that aren’t blocked anywhere yet. This is where we need your help. By setting up an obfs4 bridge, you can help censored users connect to the open internet through Tor.

Based on this call we put a bridge relay into the net a week ago, and – if everything works out – we will add a second one. However, that was not enough for us. Mostly during the last few weekends, we’ve implemented a TorBox feature that allows anyone with a public IP address, 24/7 internet connectivity over a long time, and a bandwidth of at least 1 Mbps to configure their bridge relay at the touch of a button and put it on the net. Besides, we have added and improved some other details, so that we can now release the resulting image as TorBox v.0.2.5. Below are the corresponding links (typically, you need only the image file):

Main Menu TorBox v.0.2.5
Main Menu TorBox v.0.2.5

Changelog v.0.2.4-rpi4 (08.08.2019) —> v.0.2.5 (24.09.2019)
New: This version introduces the support for setting up a bridge relay.
Updated : The system is based on Raspbian “Buster” lite with Linux Kernel 4.19.66 and Tor version 0.4.1.5.
New: A little message (“TOR is working“) in the right corner of the main menu shows you immediately if you are connected with the Tor network (meaning https://check.torproject.org returns a positive result). Since a missing response does not automatically mean that there is no connection to the Tor network, no error message is displayed. In other words, if this message is missing, there may or may not be a connection problem.
New: We use the same method as mentioned above for the final message box after selecting (or changing) a connection (main menu entry 6-11). In case of success, the message starts with “CONGRATULATION !!” otherwise with “HMMM… THAT DOESN’T LOOK GOOD…“. In contrast to the positive message, negative feedback does not necessarily mean that an error has occurred. Since the check does not last more than 5 seconds, Tor may not have been ready yet; the check site may have been down, etc.
New: Support for Adafruit’s PiTFT displays (PiTFT 3.5″ resistive touch 320×480, PiTFT 2.8“ capacitive touch 240×320, PiTFT 2.4″, 2.8″ or 3.2″ resistive 240×320, PiTFT 2.2″ no touch 240×320, Braincraft 1.54″ display 240×240). Note: TorBox’s menus and dialog boxes have only been adapted for the PiTFT 3.5 (320×480) or any other display, which displays in textual mode at least 25×80 characters.
Improved: Menus and dialog boxes should now work more smoothly on 25×80 textual screens as well as on smartphone and tablet clients. For that reason, we added for some message boxes scroll texts, which are visible with the “scroll down” remark in the title of the message box.
Improved: Revised version of the Tor reset functionality in the „Countermeasure & Troubleshooting“ menu.
Improved: Cleaning up in the shell scripts (used more variables, combine certain parts into functions, etc.).
Updated: Pre-configured Bridges (we also added our bridge relay)
Fixed: While adding bridges, TorBox activates/deactivates the new bridges depending on the current bridge modus.
Fixed: Some more non-critical bugs and typos in the text files.

The pre-v.0.2.6 release is expected at the end of the year.

Sneak Peek on TorBox 0.2.5

My first Tor Bridge Relay is properly working – see here.

With TorBox v.0.2.5 (coming soon) everyone with direct internet connection will be able to set up a Tor Bridge Relay — only with a view „clicks“.

Bridges are essential for people in authoritarian countries to reach the open internet. TorBox v.0.2.4 offers such client functionality already, but soon, users with a direct internet connection can help others by setting up their relay.

More information
Run Tor Bridges to Defend the Open Internet

TorBox v.0.2.4-rpi4 released, featuring Raspberry Pi 4 Model B support!

I’m pleased to announce this new version of TorBox, which introduces the support for the Raspberry Pi 4 Model B. The image file was completely rebuilt based on Raspbian “Buster” lite with the Linux Kernel 4.19.58 and Tor version 0.4.0.5. This version does support not only the new Raspberry Pi 4 Model B but also the previous Raspberry Pi 3 (Model B / Model B+).

In contrast to the previous versions, the Raspberry Pi 4 Model B has a higher power consumption, which is why we also recommend the use of a Pimoroni’s chunky heatsink in combination with a Pibow Coupé 4 case (see photo above).

The TorBox pre-v.0.2.5 release is expected at the end of the year.

Updated: Useful browser add-ons to improve anonymity, security and/or usability

Along with the release of TorBox v.0.2.4, we were updating our website and added some new information in the FAQ section. We also heavily updated our recommended browser add-ons, which are mainly available for Firefox (our number one choice for web browsers alongside the Tor Browser). Here you can find a copy of the updated recommendations (the original list can be found here):

  • https-everywhere: Automatically makes websites use a more secure HTTPS connection instead of HTTP if they support it. With HTTPS, even the connection between the Tor exit node and the web server is encrypted. Tor Browser also uses this add-on. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox, Firefox for Android, Chrome, and Opera).
    https-everywhere: How it works.
    https-everywhere: How it works.
  • NoScript: Allows JavaScript, Java, Flash, and other plugins to be executed only by trusted web sites of the users choice. NoScript also provides powerful anti-XSS and anti-Clickjacking protection. Tor Browser also uses this add-on. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox and Chrome).
  • First Party Isolation: First Party Isolation, also known as Cross-Origin Identifier Unlinkability, is a concept from the Tor Browser. The idea is to key every source of browser identification with the domain in the URL bar (the first party). This makes all access to identifiers distinct between usage in the website itself and through third-party. Think of it as blocking Third-party cookies, but more exhaustively. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox).
  • uBlock Origin: The only real working and independent ad blocker (ESSENTIAL for SECURITY / ANONYMITY / USABILITY; available for Firefox, Chrome, Safari, and Opera).
  • Smart Referer: Prevents Cross Domain Referer Leakage (ESSENTIAL for ANONYMITY; available for Firefox).
  • CanvasBlocker: Allows users to prevent websites from using the Javascript canvas API for fingerprinting them. (ESSENTIAL for ANONYMITY; available for Firefox)
  • Decentraleyes: This browser add-on emulates Content Delivery Networks (CDN) by finding supported resources locally, and injecting them into the environment. All of this happens automatically, so no prior configuration is required. Here is a testing utility to find out if you are properly protected against a CDN vulnerability (ESSENTIAL for ANONYMITY; available for Firefox, Chrome, Opera).
    Decentraleyes: How it works.
    Decentraleyes: How it works.
  • Neat URL: Cleans URLs, removing parameters such as Google Analytics’ utm parameters. (ESSENTIAL for ANONYMITY; available for Firefox)
  • Skip Redirect: Some web pages use intermediary pages before redirecting to a final page. This add-on tries to extract the final url from the intermediary url and goes there straight away if successful. (ESSENTIAL for PRIVACY / USABILITY; available for Firefox)
  • Privacy Pass: Allow users to redeem validly signed tokens instead of completing captcha solutions. Clients receive 30 signed tokens for each captcha that is initially solved. Cloudflare currently supports Privacy Pass. (ESSENTIAL for USABILITY; available for Firefox and Chrome).
  • uMatrix: Point and click matrix to filter net requests according to its source, destination, and type (available Firefox, Chrome, and Opera).
  • Privacy Badger: A balanced approach to internet privacy between consumers and content providers by blocking advertisements and tracking cookies that do not respect the Do Not Track setting in a user’s web browser (available for Firefox, Chrome, and Opera).
  • FoxyProxy: FoxyProxy is an advanced proxy management tool (see also here; available for Firefox, Chrome, Safari, Opera, and others).
  • Bypass Paywalls: Let’s say you are a researcher and one of your sources is an article in the Washington Post. Would you subscribe, only for that one article? Yes, we thought so, too 😉 (available for Firefox and Chrome).

Do you have another very useful browser add-on? Let me know in the comment section below!

TorBox v.0.2.4 released, featuring OBFS4 Bridges support!

I’m pleased to announce the release of TorBox v.0.2.4. As promised, the focus of this release was on supporting OBFS4 bridges, which help to overcome censorship measures in certain countries (for example Turkey). Below are the links for the latest TorBox v.0.24 (typically, you need only the image-file):

Main Menu TorBox v.0.2.4
Main Menu TorBox v.0.2.4

Changelog v.0.2.3 (09.02.2019) —> v.0.2.4 (25.05.2019)
Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.19.2 and Tor version 0.3.5.8.
New: Instead of the “advanced submenu”, we split old and new functionalities into two separate submenus: “countermeasures & troubleshooting” and “configuration & update”.
New: We implemented in the “countermeasures & troubleshooting” submenu a user-friendly way to activate, configure, and change the OBFS4 bridge’s functionality. There are 15 pre-configured OBFS4 bridges in the configuration, which were fully functional at the time of the release. We hope to help with this approach beginners. We urgently need your feedback to develop this functionality further.
New: Since TorBox v.0.2.3, nyx does a good job as a statistics tool (main menu entry 1). However, there are certain cases, when Tor hangs during bootstrap, that nyx doesn’t start either. Therefore we have added an alternative method in the submenu “countermeasures & troubleshooting” (entry 11) to quickly display the log file of Tor and update the display if necessary.
New: TorBox is now providing a SOCKS v5 proxy functionality on port 9050 to its connected clients. If you use that capability, applications which support SOCKS v5 proxy connectivity and “DNS over proxy” (for example Firefox or the add-on FoxyProxy) can access directly .onion sites. For more information, see here.
Improved: We again reduced the size of the image file, which is now about 865 Mbyte.
Changed: All scripts are now executed by bash instead of sh. The change was needed to enable the handling with arrays.
Fixed: Some minor bugs and cleaned up the code.
Removed: The experimental section (for now).

The pre-v.0.2.5 release is expected at the end of the year.

TorBox on GitHub / Updated TorBox v.0.2.3 GitHub release

TorBox has now its own GitHub page, which gives you an easy way to contribute to the TorBox project. Especially for that occasion, TorBox v.0.2.3 has been updated. Here are the links for the latest TorBox v.0.23 (usually, you need only the image-file):

Changelog v.0.2.3 (09.01.2019) —> v.0.2.3 (09.02.2019)

  • Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.14.79 and Tor version 0.3.5.7.
  • Updated: nyx (the Tor statistics program) from version 2.0.4 to 2.1.0.
  • Updated: Reduced logging is now enabled by default. Corresponding menu entry in the advanced menu let you change the amount of logging.
  • Updated: “Erase all log files” (entry in the advanced menu) deletes all log files (previous behavior was to reduce them to 0 bytes).
  • Minor fix: Fixed some minor bugs, cleaned up the code and especially the configuration files in “/etc“.
  • Removed: The Screen Saver (entry in the main menu) and slurm.

The pre-v.0.2.4 release is expected at the end of May 2019 and will focus on improved usability of bridges.

TorBox v.0.2.3 released !

Finally! I’m happy to announce the release of TorBox v.0.23. During the last half-year, I tested the functionality under real-life conditions, and I’m pleased with the overall stability of the system (if the power supply is reliable enough). Currently, I receive only a few feedback from the community. Therefore, one of my goals for 2019 is to find more contributors who are motivated to give feedback and to help to improve the functionality and security of the system, but more about that later…

Main Menu TorBox v.0.23
Main Menu TorBox v.0.23

Changelog pre-v.0.2.3 (02.12.2018) —> v.0.2.3 (09.01.2019)

  • New: The first noticeable improvement is the size of the image file: it is only a little bit more than 900 Mbyte (compared to 1.4 Gbyte of the last version). This reduction of size was made possible by shrinking the image. At the first start, the image automatically expands over the entire free partition. After an automatic reboot, the system is available for use – user interaction, screen, and peripherals are not required. After 2-3 minutes, when the green LED stops to flicker, connect your client to the new WiFi “TorBox023”. Then use an SSH-client to access 192.168.42.1 (username: pi / password: CHANGE-IT). Now, you should see the TorBox menu. Choose the preferred connection setup and change the default passwords as soon as possible (the associated entries are placed in the advanced menu). TorBox needs at least a 4 Gbyte SD Card, but 8 Gbyte is recommended.
  • New: The ability to configure TorBox with bridges that use obfs4 pluggable transport capability to overcome censorship. It is still in experimental status, but with detailed feedback, I will be able to improve and extend this feature for the next version. It works like that: after selecting the connection in the main menu and if Tor Statistics doesn’t show any link to the Tor Network, then additionally the user can try the bridge function in the Advanced Menu. To be honest: the whole thing took a lot of nerves out of me, not so much because of the configuration, but because there seem to be quite a few bridges that don’t work (or don’t work with my network environment). So my advice is, if necessary, to enter 3-6 bridges and to wait at least 5 minutes even though error messages can be seen (someone in a country with state censorship told me that he needs up to 15 bridges). Probably, I will change the implementation of that feature in the future; actually, the improvement of this very important feature will be the main focus for the development of the next pre-v.0.24. That’s why I need your feedback and ideas on these. However, one thing in advance: currently, I don’t see any way to get the bridges automatically (at least as long as we deal with shell scripts :-/).
  • New: I noticed that some free Internet provider at airports, hotels, coffees, etc. just cut the connection after a particular time without network load. A “normal” device would probably reconnect, but this doesn’t work with TorBox. That’s why there is now an entry in the Advanced Menu that provides a constant ping for a minimal data stream. At least with Starbucks, this worked :-).
  • New: The localization is now in English by default, the time should remain set to UTC, and ntpdate fetches the correct time at startup … from this point of view there is no urgent need for an additional configuration. However, I added to the Advanced Menu the possibility to set a “Wifi Regulatory Domain”. The current setting is “unset” or “world”, which is quite broad, but if someone has problems with it, he can change it now. Currently, the two-letter country code has to be chosen from https://wikipedia.org/wiki/ISO_3166-1_alpha-2. At this point, I need your feedback, if you need that feature at all and if I should improve its usability.
  • New: I also added a runtime file where TorBox stores certain global variables. There isn’t much in it yet, but it might become a kind of configuration file in the future.

Advanced Menu TorBox v.0.23
Advanced Menu TorBox v.0.23

  • Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.14.79 and Tor version 0.3.4.9.
  • Updated: For security reasons, the Bluetooth capabilities are disabled on the provided image.
  • Updated: The feature to overcome captive portals has been so stable since last summer that I was able to remove all alternative strategies and test scripts. Now, the captive portal solution works for all connection types – and if someone is mistaken, it doesn’t matter — he can click through the procedure. For security reasons, the user has, however, the possibility to abort before establishing an insecure connection.
  • Updated: Experimentally, I had already integrated the possibility of cable-TorBox-cable connections before, but I wasn’t that happy about it. I have entirely reworked this first approach. Now the user can choose between WiFi- or cable-client in the main menu. The user can also switch back and forth, but he has to make sure that he can log in with the chosen client.
  • Updated: The update function is now more reliable (now with the latest stable Tor release).
  • Updated: All menus and display screens should be viewable on a 3.5“ screen, on a mobile phone or tablet. Besides, the menus are better structured, and I have tried to make the information screens more understandable. Let me know, your thoughts about it.
  • Updated: As for DNS leaks, I’m a bit paranoid, so dnsmasq is turned off on TorBox by default, and any DNS queries made locally on the device (that is, by the user logged in via ssh in the shell) are recorded in the log file.
  • Minor fix: The menu entry to flush all log files, flushes now “~/.bash_history” too.
  • Minor fix: Some minor bugs in the configuration part in the advanced menu.
  • Removed: The ability to reset the entire network settings (was located in the Advanced Menu). This feature isn’t necessary anymore, and it wasn’t very useful.
  • Tested: With Raspberry Pi 3 Model B and Raspberry Pi 3 Model B+ (max achieved throughput: 2.3 Mb/s). I continue to test the integration of the PiJuice, a portable power platform for the Raspberry Pi, but it seems that the permanent power supply is not reliable enough to enable stable WiFi-TorBox-WiFi connectivity. For portable use, my best experience is made with the RS Pro PB-10400 Power Bank, 5V / 10,4Ah.

A test with the PiJuice HAT. Below in black is the very reliable RS Pro PB-10400 Power Bank, 5V / 10,4Ah.
A test with the PiJuice HAT. Below in black is the very reliable RS Pro PB-10400 Power Bank, 5V / 10,4Ah.

Last but not least, I’m coming back to my desire to expand the number of contributors. I have about 4 Raspberry Pi 3 Model B to give away for free (SD Card with pre-installed TorBox v.0.23 included). If you want one of these Raspberry Pis than send me an email explaining why I should send you one and what you are willing to contribute to the project.

Welcome!

Welcome to the TorBox project!

TorBox is an easy to use anonymizing router based on Raspberry Pi. It creates a wireless network, which routes the network data encrypted through the Tor network. The goal of the project is to provide an easy to use opportunity to overcome censorship, to help encrypting and enabling anonymous data traffic, independently from the client, the service and the program be used.

TorBox is in a pre-Alpha stage, a proof of concept — not more and not less! Don’t use TorBox, if your well-being depends from your anonymity. You can’t get anonymity solely by technical means — anonymity is dependent on your social behaviour.

There is still a long way to go, to improve security and usability. We are waiting für your feedbacks and inputs. We are searching people who want to help — if you are interested, please contact me.