Hiding OpenHAB with Tor

There’s an article on Wired about using the Tor network - more specifically the authenticated hidden service capability of Tor - to ‘hide’ your smart home controller from the internet.

The article references some work done on HomeAssistant.

Thoughts? Anyone see why this couldn’t be done on OH? I’m guessing the OH hardware would have to have enough grunt to run the extra services and have all the appropriate libraries available.

I’ll try and find sometime to try this, but new puppy in the house, so free time is non existent!

2 Likes

From reading the instructions I’m not entirely certain this is any easier than setting up openVPN or getting an cert (LetsEncrypt makes this super easy now). Completely hiding your IP and port is something unique.

However this does come at a cost of making access to your HA slightly more awkward for other non-technical members of the household. It also would not work with the mobile phone openHAB apps (part of what makes it more awkward, unless you use Orbot in VPN mode but that shunts ALL your traffic through TOR which poses its own problems).

Some other things of note:

  • The TOR exit nodes will know your IP. These are not devices under your control so all you are really doing is greatly limiting who does know your IP.
  • If you do not set up SSL/TLS and use HTTPS then the TOR exit nodes will see all of your traffic in the clear.
  • A lot (most?) corporate networks block TOR traffic.
  • Latency might be a challenge. The little I’ve done with TOR showed very high latency. So there could be seconds from button press to OH receiving the message
  • I doubt streaming video (e.g. ip security camera) would work because of latency and jitter, plus TOR is sooooo slow.

I see no reason why this couldn’t work with OH and it would be a good option for protecting access to your server despite the negatives. I would still make sure to enable security and HTTPS even with TOR. TOR anonymizes the route but it is up to you to encrypt the data to keep it private from the exit nodes.

I wouldn’t worry too much about the power of the hardware. I don’t think the TOR server side stuff would require that much power and should live happily alongside OH.

I’d love to hear anyone’s experiences with this. If you manage to set it up the community would greatly benefit if you wrote up a quick tutorial.

Why not use myopenHAB ? That is very simple to setup. What do you want to achieve ?

Gert

Different people have different risk profiles and different things they are or are not willing to do. For example, using my.openhab requires a person to rely upon and trust a third party cloud service to interact with their home automation. This is a deal killer for a lot of people who do not want their configuration or information outside of their own control.

This TOR approach is one more way among many (VPN, ssh tunneling, etc) that people can choose to expose their home automation without exposing it to the Internet or any untrusted third parties.

Certain things that this TOR approach can do that a my.openhab can not:

  • provides a good deal of end-to-end anonymity and privacy (if set up correctly with SSL/TLS)
  • two factor authentication, i.e. you need username and password (something you know) AND a token file (something you have) in order to connect