In perhaps one of the more (at least on the face of it) bizarre pieces of news we have come across, Facebook, a company not normally known for its concern over users’ privacy, this week announced that it is joining the Tor hidden services network by opening up a .onion web address.
On top of this, the Tor address also provides SSL for added security, and for ensuring that Tor users do not have to deal with SSL certificate warnings since the SSL certificate cites the unique Tor address. This is the first time that ‘a CA has issued a legitimate SSL cert for a .onion address’.
The first thing that should be absolutely stressed is that this move provides users with no extra privacy from Facebook itself, which still insists on users providing their true names (although this rule is widely flouted), and will happily collect every scrap of information it can gather about them from their likes, posts, private messages, and group activities to sell for advertising.
The BestVPN website at the new Facebook .onion addres
However… the move is still good news. While users’ identities are not hidden from Facebook, they are much more opaque to third parties, making the Tor address an excellent anti-censorship tool (a good example of this would be of an atheist living under a strict religious regime who wants to freely socialise with other atheists). As former Tor developer Runa Sandvik, who advised Facebook on the project notes,
‘You get around the censorship and local adversarial surveillance, and it adds another layer of security on top of your connection.’
By creating a .onion web address, Facebook also solves the technical challenge of the website throwing a hissy fit whenever a Tor user appears to login from wide variety of geographically distant locations,
‘Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a “botnet”, but for Tor this is normal.’
This problem came to head in June 2013 when Facebook was targeted with ‘a high volume of malicious activity’ originating from the Tor network, although ‘Facebook [was] not blocking Tor deliberately.’
As long as users understand the limitations of this move then (most notably that it provides zero privacy from Facebook itself), it is great news, and we hope that other social media platforms will follow suite.
The Facebook Tor web address can only be accessed through the Tor network, and can can found at https://facebookcorewwwi.onion/ .