Hidden services running on the Tor network got major support on Friday when Facebook began offering Tor users a way to connect to its services and not run afoul of the social network’s algorithms for detecting fraudulent usage of accounts.On Friday, the company added a hidden service address with a .onion top-level domain, facebookcorewwwi.onion [updated to fix address], which allows Tor users to protect their data and identity all the way to Facebook’s datacenters. Hidden services accessed through the Tor network allow both the Web user and website to remain anonymous.
Tor, the onion router, is a method of preserving privacy by allowing users to surf the web anonymously. But by its very raison d’etre it has never played well with social networks, which like to know who their users are. Facebook is breaking new ground by implementing a Tor address that privacy hounds can use to update their statuses, share cat videos and do everything else that Facebookers enjoy doing.
“Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud,” Alec Muffett, a software engineer with Facebook’s security infrastructure group, said in a blog post. “It provides end-to-end communication, from your browser directly into a Facebook datacenter.”
Back in 2013, the social network assured Tor users that the company would work with Tor service on a possible solution. Now, after a year, we can see a great move from Facebook’s side with the launch of a dedicated Tor access address. However, the company said that the Tor network may poses some risks as the .onion address is described as an “experiment” by the social network.
“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” Alec Muffett said.
“In other contexts such behaviour might suggest that a hacked account is being accessed through a “botnet”, but for Tor this is normal. Considerations like these have not always been reflected in Facebook’s security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor.”
Runa Sandvik, a security researcher who was consulted by Facebook on the project and previously worked at the Tor Project, said the announcement marked a “very positive step for anyone who wants to access Facebook in a secure way”.Facebook is planning to continue to scale and deploy services via the Facebook onion address; Muffett said that a medium-term goal will be to support Facebook’s mobile-friendly website via an onion address.