Pierluigi Paganini
November 01, 2014
We discussed many times about the right to online anonymity and how anonymizing networks like Tor could protect it.
The Tor Project is an Internet-traffic anonymization service that is able to anonymize the Internet user’s experience.
In the past, Tor users have had numerous issues connecting anonymously to Facebook, but something is changing because Facebook creates .Onion Site in the Accessible Via Tor Network.
“Using normal Facebook over Tor was often a challenge for many reasons; users would have trouble logging in, be forced to identify friends in photos, be forced to change passwords, and so on,” said Runa Sandvik, a Tor advocate, to the ThreatPost.
Using the Facebook Tor hidden service, users can overwhelm the above limitations, the end-to-end encryption for the communications allow the protection from eavesdropping and monitoring.
Facebook had previously blocked the Tor access, fearing possible cyber attacks that exploiting Tor could harm its servers.
“we have begun an experiment which makes Facebook available directly over Tor network at the following URL: https://facebookcorewwwi.onion/ “said the company in an official announcement, Facebook makes clear that the service is in an experimental phase at the moment and that there will likely be bugs to work out.
Facebook idea is to create a direct bridge between clients and its core infrastructure via Tor rather than through an exit relay. Facebook also deployed its hidden services website with an SSL certificate to avoid attack against the platform and to mutually authenticate the social network service and the users. It is the first time that a legitimate SSL digital certificate was issued for a .onion website.
“we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser’s “SSL Certificate Warning” for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is – in the Tor world – a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion.”
To access the Facebook Tor hidden service the users need to download the Tor Browser Bundle.
Security Affairs – (Facebook Tor hidden service, social network)
