Schneier on his own open wifi network.
Nice article, but I'm not too keen on it. Especially the "try to reach a plea instead of running a trial" part when something goes wrong. Hell, keep that wifi closed down and start avoiding risks.
He also talk about Fon (eheh, he's founder and CTO of BT Counterpane and BT just partners with Fon some times ago: http://btfon.com/ ), speaking of which I'll spam my torified Fonera tutorial here :-P

The howto has been lj-cutted. See http://forum.openwrt.org/viewtopic.php?id=12595 for more informations. I'll be in Empoli for the w-e, attending Pianeta Amiga 2007, I'll update the howto (and the official wiki page, probably) ASAP.

I really like these LaFonera AP, they're pretty small, cool, and they can be hacked a lot :)
The official Fon firmware is a modified OpenWRT with some proprietary executables added (the infamous thinclient).
There're a couple of different firmwares avalaible for LaFonera, the easiest to install is dd-wrt, a full fledged firmware with a nice web interface and lots of features. Then there's OpenWRT, THE open source firmware for access points: small, modular and really cool. Having no default web interface at all makes it one of the most interesting firmware for those command line junkies like me :) Not to mention that the very same dd-wrt and, as previously mentioned, fon are both built upon OpenWRT. There're also some other variants of both of these firmwares but I'm not going to mention all of them here, try googling for OpenWRT/Legend it's a really nice project.

If you want to try out dd-wrt, there are paste-and-copy detailed instructions on the official wiki. Follow them carefully and you easily flash some new life in your AP. However I wanted to flash openwrt on it, so I tried to follow the official openwrt wiki page with no success at all: at the time of creating the rootfs image in the flash I get an awful

Image found, but length (0x120000, necessitating image size 0x400000)
             is incorrect (present image size 0x2c0000)

error. Luckly, I was able to reflash dd-wrt on it and spend some more time looking for working instructions. This evening I've stumbled upon those instructions on rigacci.org, which refers to a stock fonera, mixing all the three guides I was able to succesfully flash OpenWRT.

So, with no further ado, here's a small howto:
( this howto will not work, you'll end up with no jffs2 partition, which means that every modification you'll do on the router will be lost upon reboot, see http://forum.openwrt.org/viewtopic.php?id=12595 for more informations )

20070912: First revision
20070921: Second revision, lj-cutted the howto as it's not properly working. see http://forum.openwrt.org/viewtopic.php?id=12595 for more informations

I've updated the howto again.
According to this italian Fon Blog entry and the great Hacking La Fonera page, udp:1937 and tcp:1937 ports need to be forwarded in order to allow heartbeat connections (tcp:1937 to download.fon.com was already taken by tor, I've just added udp:1937).

The fonera/tor howto has been updated: there was a major cleanup and I added init.d scripts. enjoy :)

I'm a big tor fan and I've just bought a new la fonera social router so, as I mentioned some posts ago, I'm not going to have this nice social router making direct connections via my ip, that's why I tried hard to "jail" it into tor. Before starting a small note: most of this howto has been taken from the offical wiki instructions on how to transparent proxy via tor, so take a look at that link if you need more informations.

If you're interested and want to reproduce this setup, you need a fonera (obviously!), an extra spare ethernet interface and some software:
+ a working installation of tor. A plain tor client will suffice, however take into consideration the possibility to run at least a middleman tor server (rejecting all connections not directed inside the tor network): the more the overall avalaible bandwidth, the better for every users :)
+ a copy of the dns-proxy-tor perl script, only anonimously avalaible via this hidden service: http://p56soo2ibjkx23xo.onion/
+ iptables firewall for linux, however you can adapt the rules for any other firewalling software

So, here we go! First of all install and configure your second ethernet interface, assuming eth0 is connected to internet (either directly or via a router), add another interface (like eth1) setting it up with a static IP address.
Next configure la fonera with a static ip too, in the same subnet of eth1. Use eth1 ip address as both gateway and dns server for your wifi ap.

Now, setup the dns-proxy: the perl script has no dependency except for perl base system, I wrote a simply /etc/init.d/dns-proxy-tor script to start it at system startup;

#!/bin/sh

DAEMON=/usr/local/sbin/dns-proxy-tor
IP=192.168.1.42
CHROOT=/var/chroots/empty
USER=nobody
GROUP=nogroup
PROXYPID=/var/run/dns-proxy-tor.pid

start() {
	echo -n "Starting dns-proxy-tor: "
	$DAEMON -b $IP:53 -t 127.0.0.1:9051 -s 127.0.0.1:9050 \
	-c $CHROOT -u $USER:$GROUP -p $PROXYPID
}

stop() {
        echo -n "Stopping dns-proxy-tor: "
        pid=`cat $PROXYPID 2>/dev/null` || true

        if test ! -f $PROXYPID -o -z "$pid"; then
                echo "not running (there is no $PROXYPID)."
                exit 0
        fi

	kill -15 $pid &> /dev/null
	rm -f $PROXYPID
	echo "done"
}

restart() {
  stop
  sleep 1
  start
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  restart
  ;;
*)
  echo "usage $0 start|stop|restart"
  ;;
esac

where 192.168.1.1 is your eth1 ip address and /var/chroots/empty is an empty folder used by dns-proxy-tor as chroot jail.

Next, setup tor for listening for clients request, edit your torrc and add those lines:

VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
TransListenAddress 192.168.1.1
#TrackHostExits .fon.com

all of these lines are well documented in the tor documentation, first one is used to instruct tor to accept connections from external address and not only from localhost. Second one defines tor transparent proxying port and third one define on which ip should tor listen for external incoming connections. Last one is optional, setting it will have the effect to route all connections made in the default time lap of 30 minutes to the specified site or domain, via the same exit node, in order to better support some sites which use ip-based authentication. I don't think it's strictly needed as it can turn out to be a real PITA logging onto fon in the unlucky event of receiving a slow exit node.

And now the final part: glueing everything together using iptables. Those are just core rules, feel free to expand them to suite your needs, convention used here call internet connected eth0 as $EXT and fon connected eth1 as $INT, while $TRANS_PORT is tor transparent proxy port, defined early. Again I wrap everything up in a /etc/init.d/firewall script, fell free to suit it to your needs:

#!/bin/sh

IPT="/sbin/iptables"
EXT="eth0"
EXTIP="192.168.0.42"
INT="eth1"
TRANS_PORT="9040"
NTP_SERVERS="ntp.kamino.fr ntp2.altarisoluzione.com ntp2.sandvika.net \
ntp1.tpg.com.au ntp.xland.ru ntp.ourconcord.net ntp0.sjbcom.com \
ntp1.belbone.be ntp2c.mcc.ac.uk time.flygplats.net \
ticker.cis.sac.accd.edu ntp.vik.bg ntp-1.cso.uiuc.edu reva.sixgirls.org \
ntp1.linuxmedialabs.com blade.avnf.com luie.udel.edu"
RADIUS_SERVERS="radius01.fon.com radius02.fon.com"
HEARTBEAT_SERVERS="download.fon.com"

start() {
  echo "Bringing up the firewall"

  echo 1 > /proc/sys/net/ipv4/ip_forward

  # Cleanup
  $IPT -t nat -F
  $IPT -F
  $IPT -P FORWARD DROP

  # Ensure local dns
  $IPT -t nat -A PREROUTING -i $INT -p udp --dport 53 -j REDIRECT --to-ports 53

  # Transparent proxy tcp connections through tor
  $IPT -t nat -A PREROUTING -i $INT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT

  # Forwarding ntp (udp:123) and radius (udp:1812)
  $IPT -A FORWARD -i $EXT -o $INT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT

  for DEST in $NTP_SERVERS; do
    $IPT -A FORWARD -i $INT -o $EXT -p udp -d $DEST --dport 123 -j ACCEPT
  done

  for DEST in $RADIUS_SERVERS; do
    $IPT -A FORWARD -i $INT -o $EXT -p udp -d $DEST --dport 1812 -j ACCEPT
  done

  # Forwarding La Fonera heartbeat service (udp:1937, tcp:1937 is proxied)
  #for DEST in $HEARTBEAT_SERVERS; do
  #  $IPT -A FORWARD -i $INT -o $EXT -p udp -d $DEST --dport 1937 -j ACCEPT
  #done

  $IPT -t nat -A POSTROUTING -o $EXT -p udp -j SNAT --to $EXTIP
}

stop() {
  echo "Bringing down the firewall"

  echo 0 > /proc/sys/net/ipv4/ip_forward

  # Cleanup
  $IPT -t nat -F
  $IPT -F
  $IPT -P FORWARD ACCEPT
}

restart() {
  stop
  sleep 1
  start
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  restart
  ;;
*)
  echo "usage $0 start|stop|restart"
  ;;
esac

The ntp and radius servers lists have been taken from the fonera config files.

And that's all! Please consider that this setup doesn't assure you strong anonymity as udp radius connections are still directly natted (not to mention that tor doesn't do udp) however dns requests and tcp connections are routed inside the tor network without further user work.
Unfortunately looks like it's still not possible to use a default configured privoxy, as it breaks the fon.com authentication mechanism. Maybe I could try whitelisting that domain :)

For now, enjoy your transparent torified fonera.

--

Changelog
20080110: Fourth revision, commented out the udp heartbeat service forwarding. It should be tcp only.
20070904: Third revision, added LaFonera heartbeat to forwarded services
20070805: Second revision, some major cleanup and init scripts added
20070716: First revision