User Tools

Site Tools


darkweb_service

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
darkweb_service [2018/09/16 00:27]
vk3smb [More security……]
darkweb_service [2018/09/16 00:32] (current)
vk3smb [Keys on your Android Phone]
Line 168: Line 168:
  
 Within Orbot, you need to click the 3 dots on the top right, click Hidden Services, then Client cookies. ​ Enter the site and the key…. ​ Restart Orbot. ​ Simple as that! Within Orbot, you need to click the 3 dots on the top right, click Hidden Services, then Client cookies. ​ Enter the site and the key…. ​ Restart Orbot. ​ Simple as that!
-Upgrading to TOR V3+ 
 +===== Upgrading to TOR V3 ===== 
 At the time of writing this, TOR V3 has been released stable. ​ The astute amongst us would have noticed that the address for my website above was 56 characters long vs. 16 characters long for a V2 address. At the time of writing this, TOR V3 has been released stable. ​ The astute amongst us would have noticed that the address for my website above was 56 characters long vs. 16 characters long for a V2 address.
-Note:  Upgrading to V3 does not (yet) allow 56 character names on Hidden Auth Services, they still have to be 16 characters long.+ 
 +//Note:  Upgrading to V3 does not (yet) allow 56 character names on Hidden Auth Services, they still have to be 16 characters long.// 
 If you wish to have the 56 character long onion, you need to either: If you wish to have the 56 character long onion, you need to either:
-Centos/​Fedora,​ compile TOR from source, or  +  * Centos/​Fedora,​ compile TOR from source, or  
-Debian/​Ubuntu,​ add repositories and install it.+  ​* ​Debian/​Ubuntu,​ add repositories and install it.
 The following applies to Ubuntu Bionic Beaver (18.04LTS). The following applies to Ubuntu Bionic Beaver (18.04LTS).
 +
 In a shell, you need to install apt-transport-https and modify the sources: In a shell, you need to install apt-transport-https and modify the sources:
-#  sudo apt install apt-transport-https +<​code>​#  sudo apt install apt-transport-https 
-#  sudo nano /​etc/​apt/​sources.list+#  sudo nano /​etc/​apt/​sources.list</​code>​
 Add the following to the bottom of the file and save it: Add the following to the bottom of the file and save it:
-deb https://​deb.torproject.org/​torproject.org bionic main +<​code>​deb https://​deb.torproject.org/​torproject.org bionic main 
-deb-src https://​deb.torproject.org/​torproject.org bionic main+deb-src https://​deb.torproject.org/​torproject.org bionic main</​code>​
 Then you need to add the gpg keys to sign the packages, update the repositories and install it, in the shell type: Then you need to add the gpg keys to sign the packages, update the repositories and install it, in the shell type:
-#  gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89+<​code>​#  gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
 #  gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - #  gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
 #  apt update #  apt update
-#  apt install tor deb.torproject.org-keyring+#  apt install tor deb.torproject.org-keyring</​code>​
 Make sure its enabled and running: Make sure its enabled and running:
-#  systemctl enable tor +<​code>​#  systemctl enable tor 
-#  systemctl restart tor+#  systemctl restart tor</​code>​
 Now to convert your sites to V3 addresses, edit your /​etc/​tor/​torrc,​ and add the following line: Now to convert your sites to V3 addresses, edit your /​etc/​tor/​torrc,​ and add the following line:
-HiddenServiceDir /​var/​lib/​tor/​hidden_service/​+<​code>​HiddenServiceDir /​var/​lib/​tor/​hidden_service/​
 HiddenServicePort 80 127.0.0.1:​8083 HiddenServicePort 80 127.0.0.1:​8083
 #​HiddenServicePort 22 127.0.0.1:​22 #​HiddenServicePort 22 127.0.0.1:​22
-HiddenServiceVersion 3+HiddenServiceVersion 3</​code>​
 Save the file and restart TOR.  Your new address will be in hostname. Save the file and restart TOR.  Your new address will be in hostname.
-If you have HiddenServiceAuthorizeClient option on your site, when you restart TOR, it will fail as V3 does not yet support this. + 
-Further investigation+If you have //HiddenServiceAuthorizeClient// option on your site, when you restart TOR, it will fail as V3 does not yet support this. 
 + 
 +===== Further investigation ​===== 
 There is only one thing I can see needing further investigation:​ There is only one thing I can see needing further investigation:​
-Other Ham uses of the Dark Web. +  * Other Ham uses of the Dark Web. 
-Summary+===== Summary ​===== 
 This is about as good as you can get for security, anonymity and Access of equipment on the other side of public NAT’s and Firewalls. ​ We have created a dark web server, that has: This is about as good as you can get for security, anonymity and Access of equipment on the other side of public NAT’s and Firewalls. ​ We have created a dark web server, that has:
-No IP address anybody can find. +  * No IP address anybody can find. 
-A web address that is not publicly accessible on the clear web. +  ​* ​A web address that is not publicly accessible on the clear web. 
-A way around Public NAT’s on 4G connections +  ​* ​A way around Public NAT’s on 4G connections 
-A way around Firewalls. +  ​* ​A way around Firewalls. 
-No open ports on your router. +  ​* ​No open ports on your router. 
-An address that only you will know, if it is found by (a deliberate) accident, +  ​* ​An address that only you will know, if it is found by (a deliberate) accident, 
-You have authentication that only you have the key to +    ​* ​You have authentication that only you have the key to 
-An address that you don't pay for +  ​* ​An address that you don't pay for 
-You’re able to change that address if something goes horribly wrong with the address your using. +  ​* ​You’re able to change that address if something goes horribly wrong with the address your using. 
-Not paying for a VPN +  ​* ​Not paying for a VPN 
-You don't have any hassles if your IP address changes, TOR will repopulate+  ​* ​You don't have any hassles if your IP address changes, TOR will repopulate
 The downside, its slower than the clear web. The downside, its slower than the clear web.
-A Parting thought+===== A Parting thought ​===== 
 As I mentioned earlier, “think pi-star”, I thought I’d leave these couple of photos as food for thought. As I mentioned earlier, “think pi-star”, I thought I’d leave these couple of photos as food for thought.
 +{{ :​tor:​dw-howto_html_602a351524549e1e.jpg?​direct&​200|}}
 Here is a Raspberry Pi 3b, an MMDVM board, and an Optus 4G modem with an “extra” data sim that is attached to my mobile plan.  Optus will not give public IP addresses to personal plans,and as a result, this device is behind a Public NAT. Here is a Raspberry Pi 3b, an MMDVM board, and an Optus 4G modem with an “extra” data sim that is attached to my mobile plan.  Optus will not give public IP addresses to personal plans,and as a result, this device is behind a Public NAT.
 +
 Note, there is NO cable plugged into the LAN port of the Pi. Note, there is NO cable plugged into the LAN port of the Pi.
 +
 This is the start of the MultiMode VK3RWO repeater… This is the start of the MultiMode VK3RWO repeater…
 +
 Getting the 4G modem to work on a command line Pi without user interaction is an article on its own…... Getting the 4G modem to work on a command line Pi without user interaction is an article on its own…...
  
-Here is the proof in the pudding. ​ The Pi-star interface is accessible over the 4G network, behind a public NAT, as a TOR hidden service on the dark web with Client Key protection.  ​What more do you want?+Here is the proof in the pudding. ​ The Pi-star interface is accessible over the 4G network, behind a public NAT, as a TOR hidden service on the dark web with Client Key protection.  ​
  
 +What more do you want?
  
 +{{ :​tor:​dw-howto_html_6a1c73f00d5357ea.png?​direct&​600 |}}
darkweb_service.txt · Last modified: 2018/09/16 00:32 by vk3smb