Facebook Allows Tor Access To Site

The New Acunetix V12 Engine


Facebook started out blocking users of the Tor network in 2013, but have recently had a change of mind and now Facebook allows Tor access to the site even providing a special .onion address for users of the network to directly connect to Facebook infrastructure.

Facebook Allows Tor Access To Site

It’s an interesting decision as many of the Facebook ‘security controls’ will fail due to a Tor users appearing to come from many different geographical locations during one browsing session.

Facebook has changed its stance on Tor traffic and will now provide users with a way to connect to its free content ad network using the anonymizing service.

The company said that it will now offer a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to access the service.

Facebook had previously blocked Tor access, citing security concerns and the possibility that Tor could be used to conduct attacks on its servers.

The social network said back in 2013 that it would work with Tor on a possible solution. Now, more than a year later, it seems one is at hand. Even as it launched of the Tor access address, however, Facebook acknowledged that the Tor network poses some risks.

“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” Facebook senior engineer Alec Muffett said in announcing the move.

You can view the Facebook post about this here: Making Connections to Facebook more Secure

There’s still a major issue with this though, as you can see in the comments, Facebook still only has a front end based around JavaScript (the mobile interface doesn’t work via the Onion address) – which is a big no-no for the privacy paranoid Tor users.

“In other contexts such behavior might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.”

The company said the service would also use SSL atop Tor with a certificate that cites the unique Tor address. This, the company said, will allow Tor to maintain a secure connection and prevent users from being redirected to fake sites.

“The idea is that the Facebook onion address connects you to Facebook’s Core WWW Infrastructure – check the URL again, you’ll see what we did there – and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre,” Muffett said.

Those who are privacy conscious may still want to note, however, that measures such as Facebook’s controversial “Real Name” policy remain in effect.

The fact it’s running over SSL is a good move too as a Tor user, it means your connection is direct and encrypted right into the Facebook datacenter. Although what you are doing on Facebook that’s so critically important and needs protecting – I really don’t know.

Either way, it’s a cool move from Facebook and we’ll be watching to see what else they come out with.

Source: The Register

Posted in: Privacy

, , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


One Response to Facebook Allows Tor Access To Site

  1. godspyre November 4, 2014 at 8:45 pm #

    Might be a move by the US/NSA to study Tor and compromise it later on.