Skip to main content

Using Tor - from a developer's point of view

People use Tor for various reasons these days. Journalists use them to accept whisleblower submissions, people with restricted internet access use it to jump those blockades, people with concerns about their privacy use it, people with bad intensions use it for obvious reasons etc. Tor has around 2 million users per month and today, in this post, I want to tell you how I, as a (student) developer, use Tor.

There is an awesome feature in Tor called Hidden Services where Tor provides anonymity to the servers hosting a website. Tor provides you with an .onion address (just like .com or .in domain) after the Hidden Service is set up. Tor Hidden Services can also function behind a Firewall or NAT which means, if you have a website running on localhost of your machine, then you can start a Hidden Service and serve the same website on Tor and anybody on Tor can visit it even if your machine is behind a NAT and has a private IP address. I wanted to expose the website running on my local network to the external internet and didn’t wanted to use services like ngrok or online hosting like 000webhost. I took advantage of Hidden Service feature by hosting my project (website) on Tor and shared the .onion address with a few friends to test it out. Of course, in order to access my Hidden Service, my friends had to open the onion address in a Tor Browser. Tor Hidden Service gives anyone the power to host their own websites for free and make them accessible worldwide instantly!

I also wanted to embed Tor into Android apps so that they can connect to my Hidden Service. After struggling for a few days to find suitable libraries, I finally succeeded in finding one (I have forked it to my account. You can take a look at it here). You can create truly decentralized apps if you start a Hidden Service from your app (so that it acts as a server and a client at the same time) and make other instances of your app communicate using each others’ .onion addresses. Here is one desktop app that does it.

There are endless possiblities of what you can do with Tor as a developer. But, you may say that it is very complicated to setup a Hidden Service. Well, it was. I was able to setup my Hidden Service within minutes using Docker. For example, if you already have Docker and Docker-Compose installed on your (Linux) system, then just create a docker-compose.yml file in any directory and put the following into it:

Now, just open the terminal in that directory and run docker-compose up. You will have a complete ready-to-use LAMP stack and you will get a Tor Hidden Service link (.onion address) printed in your terminal as well. It cannot get more easier than that! Let me know your thoughts on this.

Thanks for reading.

Comments

Post a Comment

Popular posts from this blog

My-Cloud-IDE - a SaaS built using Docker

I always wanted to know about how services like Codenvy  and Heroku  internally worked. The only way to understand that was to build a similar project. The main component of this project is Docker. Docker  Docker is a software that performs OS-level virtualisation and is developed for Linux. More information about it can be found here . About My-Cloud-IDE: My-Cloud-IDE is a proof-of-concept for a Software as a Service (SaaS). It   can be used to perform software development on cloud without worrying about resolving software dependencies, software installations etc. The user gets a fully functional IDE in his/her browser after registration. Each user has his/her own isolated software environment because My-Cloud-IDE uses Docker to perform OS-level virtualisation in the backend. Technical Details I divided the project into two modules. One module was for 'management' purpose. This includes user interfaces, user management and preparing some files that a...
Post a Comment
Read more

How did I setup a Rasberry Pi 3 without any peripherals

I am an absolute beginner in this Raspberry Pi (I'll be using "RPi" for short) world and this post shows how I started up the RPi without using external keyboard or mouse (for RPi) and still managed to get a graphical desktop environment of Raspbian on my Debian workstation (and controlled my RPi remotely). Step 1: I downloaded 'Raspbian Stretch with Desktop' ( here ). I got a ZIP file. I unzipped it and ended up with a .img which was roughly 4.6 GB. Step 2: Now, to create a bootable media (a memory card perhaps) by copying the .img file onto it, I used dd command. sudo dd if=<path to img> of=/dev/<sdb,sdc..> Be particularly careful with using dd command. You can mess up a lot of things. Using dd command on your memory card will wipe out all contents in it. Using dd command on your hard disk, umm.. not a good idea. To know the disk path of your memory card, use sudo fdisk -l  (el in small caps) . Your hard disk will probably be /dev/sda. You...
Post a Comment
Read more

Privacy Concerns in Android

Introduction       Android has a robust Access control system. If an Android app needs to use resources or information outside of its own scope, the app has to request the appropriate permission . It needs to get permissions before accessing critical resources like Camera, Location, Contacts etc. On Android 6.0 (Marshmallow) or higher, the app needs to request these permissions at runtime by showing a dialog box to the user. Also, the user will have an option to revoke these permissions for that app at any time in future.       But, in this article, I would like to point out a few resources that an app can access without any permission s and this might raise a serious privacy concern for the user. Privacy Concerns An app can fetch a list of all other apps installed on your phone. An app doesn't need to request any permissions from you to get a list of all the apps installed on your phone. For example, a Netflix app can get to know wh...
Post a Comment
Read more