Hi everyone. Just wanted to check-in here, and open the discussion on some of the recent work I have been leading up trying to see how Tor (aka the Onion Router aka a security privacy tool and network) could be integrated with Home Assistant.
We were fortunate this week to have Wired write up a story on this, thanks to their interest in IoT security: https://www.wired. com/2016/07/now-can-hide-smart-home-darknet/
Happy to answer any questions, or hear your ideas or suggestions about what we can do next. I am actually working on both making the client access setup easier through a HA component and QR code generation system.
I am also working to access the ODB2 port in my car through a CHIP computer connected to it no matter where it happens to be, by also running Tor Hidden Services. This will show how Tor can be used to safely connect remote devices into your HA hub, be it your car, another house, remote farm equipment, and so on. Stay tuned for that!
I probably shouldn’t be asking for help regarding this, but here I am
I’ve really tried to make tor working on my raspberry pi 2 but with no luck… Installation went well, modifying torrc file also.
Next command > sudo /etc/init.d/tor restart, failed to execute (then I’ve restarted pi manually…).
Next one > $ sudo more /var/lib/tor/homeassistant/hostname showing folder doesn’t exist…
Tried it many times, clean install(raspbian jessie), update/upgrade, sudo pip3 install homeassistant or all-in-one script, same…
Can you please link some more “self explanatory” manuals for us(me) total noobs?
####This section is just for location-hidden services ###
Once you have configured a hidden service, you can look at the
contents of the file “…/hidden_service/hostname” for the address
to tell people.
…
HiddenServiceDir /var/lib/tor/homeassistant/
HiddenServicePort 80 127.0.0.1:8123
HiddenServiceAuthorizeClient stealth haremote1
…
This is the content of the text box in the cookbook example.
When you copy it as is, you are also copying dots in front of and at the end of the command…
So, delete the dots
That was the problem. There, maybe this can help someone else.
I have managed to get this working on my laptop, but cannot seem to get it running on my Android phone. I followed the directions in the blog but when I connect to my HASS through OrFox, the screen shows the HASS logo, but doesn’t show where I type in my passcode. Ideas?
edit: Site works fine in Chrome when I connect directly without going through Tor.
We also almost have this working using the Torque application on Android tunneled over Tor using the Orbot VPN, but there is currently an issue with the data being parsed as it is posted:
http s://github.com/home-assistant/home-assistant/issues/1515
I hope we can solve this soon, so that we can more formally add the “onion car” to the mix.
I’m hoping that someone here can weigh in on running Owntracks through Orbot. I’d like to use Owntracks for presence detection, and I’ve set up Tor to host the broker as a hidden service. The problem is that I can’t seem to route Owntracks through Orbot and get it to connect to the hidden service. The guide for setting up Tor mentions using Orbot’s VPN mode to do this, but I can’t find a guide which covers the configuration. I checked the Owntracks forum and there doesn’t seem to be an answer there either.
Sorry to bring up an old thread. With Javascript enabled the the Windows Tor browser I get through the login but when it tries to load states, it just shows a blank page. Is there any other configuration options to try?
Thanks for the quick response. After some further trial and error, I got it to work by changing the security level slider from High->Medium High. The security slider was introduced in version 4.5
Otherwise, is your HA running with the authenticated mode on? You will need to add that cookie data to the Orbot->Settings torrc custom section. This is the same as adding it to the Tor Browser’s Tor RC file.
Otherwise, you don’t need the transparent proxy and root feature outlined in that post. Instead, you should use the Orbot Apps VPN feature which routes any app through Tor.
Where you would put the server in Owntracks is where you would enter the .onion address that your HA is running on.
I have an HTTP password and am using the default settings for Mosquitto until I get everything up and running. I’ve followed the instructions set up a tor hidden service. The line in the torrc file is:
I checked the cookie and entered it on my torrc file in Orbot. I went into the select apps menu in Orbot and checked the box for Owntracks. Restarted everything, and started Orbot with VPN mode on. Orbot seems to be fine, but I get an error in Owntracks saying that it’s got an Unknown Host Exception.
I used the .onion address in the host field and kept the port as 1883. For authentication details, I’ve used the same details as I have when I’m on the network. I double checked and if I connect to my wifi network and point owntracks at the server directly, it works.
1883 is not the port used for the web interface, it’s only used for MQTT. HTTP traffic is on port 80; my hidden service for that is a direct copy from the instructions, so the total entry for hidden services is:
Yes, Orfox directly connects to Orbot via the SOCKS proxy. It is developed to work that way.
Owntracks must connect through the Orbot VPN connection. I am wondering if the Orbot VPN has a problem resolving dot-onion addresses for some reason. I will do some testing here on the new build and let you know what I see.
Also, since Owntracks is open-source, we could submit a pull request to it to add the direct SOCKS proxying like Orfox.
