this post was submitted on 05 Aug 2024
27 points (93.5% liked)

Tor - The Onion Router

1465 readers
1 users here now

Tips, tricks and information about the Tor network!

Tor Project

founded 4 years ago
MODERATORS
 

It amazes me that onion sites aren't everywhere. They are easy to spin up, you don't have to pay anything and can run it from your own home. No need to purchase a domain, worry about expiration, have an open port. Built-in DoS protection. Anonymity and authentication by default. No need to configure HTTPS. Sure, uptime is on you and there is some latency/bandwidth limits to be considered, but once you are over that, onions are a solution to many problems and the benefits are enormous.

all 30 comments
sorted by: hot top controversial new old
[–] Shadow@lemmy.ca 13 points 3 months ago (2 children)

Last time I tried onion it was 5+ years ago and slow as fuck. Has the performance improved?

[–] fran@lemmy.dbzer0.com 5 points 3 months ago (1 children)

Depends on your location and standards. Lots of the Tor relays are in Europe, so if you are here the connectivity is pretty good. Bandwidth is usually up to 2 MB/s and latency usually goes from 300ms - 1.5 seconds. Initial connections to a server might take longer (5-7 seconds). For browsing the web and playing non-HD videos it's fine in my opinion.

[–] bhamlin@lemmy.world 4 points 3 months ago

Not really, but the performance was based on the nodes you went through. Nodes have gotten better over time, so the experience now should be better.

[–] Mastema@infosec.pub 10 points 3 months ago (3 children)

As someone who just stumbled on here from ALL, I'm vaguely familiar with Onion sites and TOR more generally, but what resources would you recommend to learn more about setting one up for myself to play around with?

[–] fran@lemmy.dbzer0.com 3 points 3 months ago* (last edited 3 months ago)

It's easy. Just edit your Tor configuration file (torrc) to enable an onion service. This one forwards from the onion service on port 80 (so users don't have to specify a port number in the URL) to a local HTTP server running on your machine on port 8000:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8000

Change the directory path based on your operating system. Specify a directory that doesn't exist yet so Tor can set the correct permissions on it. Next, start or restart Tor. Then just read the onion service's hostname in the hostname file created in that hidden services directory.

You can then run any HTTP server on localhost:8000 and anyone connecting to your onion service can access it. In Python this might be as simple as python3 -m http.server --bind localhost 8000 --directory . to share the files current directory (but be aware that there are some security considerations, like symbolic links, to be aware of. Just use this for testing.) For production servers you will want a "real" http server.

[–] 0x0@programming.dev 2 points 3 months ago
[–] 0x0@programming.dev 4 points 3 months ago (2 children)

and can run it from your own home.

A risk most people aren't willing to take lightly?

[–] mp3@lemmy.ca 11 points 3 months ago (3 children)

Running an onion service is generally much less risky legally speaking than a Tor exit node.

[–] aviation_hydrated@infosec.pub 6 points 3 months ago (1 children)

Is it legality or security? I personally wouldn't want a public facing service on my home network without extensive hardening

[–] Plopp@lemmy.world 3 points 3 months ago (1 children)

I mean, you could segment it off.

[–] aviation_hydrated@infosec.pub 1 points 3 months ago (1 children)

Would that mean just an extra router + WiFi using the same ISP?

[–] Plopp@lemmy.world 1 points 3 months ago (1 children)

There are many ways to do it with varying levels of security, but an extra router/firewall would be preferable, yes. And yes using the same ISP.

[–] aviation_hydrated@infosec.pub 1 points 3 months ago

Thank you for the clarification

[–] 0x0@programming.dev 3 points 3 months ago (1 children)

I'm more worried about opening up a port in my home network.

[–] Edie@lemmy.ml 9 points 3 months ago* (last edited 3 months ago) (2 children)

You don't. The tor service connects out to a node. This is also nice because it means you can run it behind nat and firewall and whatnot without problems.

[–] 0x0@programming.dev 4 points 3 months ago

I'd still have to read up on it and, at the very least, containerize it and preferably use a home router that supports VLANs.

[–] mojofrododojo@lemmy.world 0 points 2 months ago (1 children)

just gotta say, I find it hilarious that an outspoken advocate for russian communism uses TOR.... which was created to aid democracy advocates in authoritarian states. with funding from the US gov.

bwahahahahaha

[–] Edie@lemmy.ml 3 points 2 months ago* (last edited 2 months ago) (1 children)

"Democracy" advocates... "Authorian" sure. I guess there is a reason I stopped using it.

Also its Marxism-Leninism, not Russian communism.

[–] mojofrododojo@lemmy.world 1 points 2 months ago

buddy it doesn't matter what label you put on the turd, it still stinks.

[–] whydudothatdrcrane@lemmy.ml 2 points 3 months ago

Sorry but for someone who knows just what the Wikipedia intro says about TOR, and having used it like once, I just thought it takes forever to load broken sites just for the benefit of some allegedly improved privacy. I figured it is only useful to people who want to browse illegal sites, but does this mean that any hidden website is illegal? Just for the sake of argument if someone hosts an old-fashioned HTML site about his fucking hobby, will they face legal repercussions just for serving it as a hidden webpage? I can't fathom that.

[–] fran@lemmy.dbzer0.com 4 points 3 months ago (1 children)

If you don't share the onion link with others and just use it for yourself, no one ever discovers it, unlike the public internet where you get crawled by port scanners all the time. Also there is a public key whitelist feature if you want to restrict who connects.

[–] VirtualOdour@sh.itjust.works 3 points 3 months ago (2 children)

That's actually a really useful feature for me, how much processor does it need? Can a raspberry pi run it?

[–] fran@lemmy.dbzer0.com 2 points 3 months ago

The Tor client itself is lightweight. It's the application you want to run behind the onion service (http server, etc.) that is probably going to limit you in terms of hardware. You can run an onion service on a Raspberry Pi. Any version in fact, even the first one.

[–] aviation_hydrated@infosec.pub 1 points 3 months ago* (last edited 3 months ago)

I think OnionShare can run on an RPi, which is a FOSS prebuilt web service

[–] shortwavesurfer@lemmy.zip 2 points 3 months ago

Primarily because I can't use an onion for my email domain so I can't like have me at znoonkblahblahblah.onion (protonmail)

[–] pedroapero@lemmy.ml 1 points 3 months ago* (last edited 3 months ago) (1 children)

onion domains indexing is marginal at best, hence yon can't get good visibility for your onion site.

[–] BriarTalker@lemmy.ml 1 points 2 months ago

There are sites like Ahmia that you can submit your site to and which attempts to do indexing. People who run .onion sites should also do webrings like what were popular in the mid-1990's. I remember seeing those all the time on the original Geocities. Starting a .onion site is easy to do with software like OnionShare.