A LEDE router as IoT sensor server and html readout.
And a TOR hidden service that points to the device.
Since it is a very simple server i guess it would be ok to use the same server as the LEDE webGUI (uhttpd) but that doesn't seem to be the safest option. Or would that still be secure enough for this?
How secure is lighttp
For what reason is hiawatha not available? It has been available in OWRT AA if i remember it correct but i don't see it in LEDE. It is very small and build with security in mind. That's why i'm have my eye on this.
TOR suggests to run the website on localhost (127.0.0.1) What security issues would that introduce?
What would be best practice as a base for IoT usage.
And would it be secure enough to read sensors without the risk of exposing the LAN.
Would it be secure enough to control machines? To me this would be a huge risk, but maybe i'm over protective? Say you have a big scary laser cutter and a web gui to control the beast. What if a police-hacker then launches his spy tools and accidentally starts the machine right when you have your fingers in a dangerous spot.
Where would the security line be drawn? What is safe, when does it get risky, and what is an absolute horror movie plot?
My focus is on simple sensor readouts for now. Arduino sensors...
Maybe TOR isn't the best option either, what else could i look at?
Could it make sense to also offer a TOR bridge or relay functionality? As a way of giving back to the TOR network.
Feel free to brainstorm along, my plan is to stay with the TOR idea for now. But it would be good to see alternatives as well. At least as a means to see what else is possible to make IoT a but more secure.