Facebook adds service for Tor users
Posted by: Jon Ben-Mayor on 11/01/2014 10:55 AM
[
Comments
]
Facebook, the polar opposite of Tor, has finally made it possible for the faceless throngs of Tor users to 'poke' and 'like' with some of the anonymity that they are used to. Facebook has launched a Tor hidden service - a version of its website that runs the anonymity software Tor. This is not to say that Tor users weren't able to visit Facebook previously, however they were up against a very unpredictable experience with irregular loading, incorrect fonts and in certain instances no loading of the site at all.
Facebook released the following in a blog post:
Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud.
The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure - check the URL again, you'll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre.
We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's “SSL Certificate Warning” for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion.
Over time we hope to share some of the lessons that we have learned - and will learn - about scaling and deploying services via the Facebook onion address; we have many ideas and are looking forward to improving this service. A medium-term goal will be to support Facebook's mobile-friendly website via an onion address, although in the meantime we expect the service to be of an evolutionary and slightly flaky nature.
We hope that these and other features will be useful to people who wish to use Facebook's onion address.
Facebook released the following in a blog post:
Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud.
The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure - check the URL again, you'll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre.
We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's “SSL Certificate Warning” for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion.
Over time we hope to share some of the lessons that we have learned - and will learn - about scaling and deploying services via the Facebook onion address; we have many ideas and are looking forward to improving this service. A medium-term goal will be to support Facebook's mobile-friendly website via an onion address, although in the meantime we expect the service to be of an evolutionary and slightly flaky nature.
We hope that these and other features will be useful to people who wish to use Facebook's onion address.
Comments
