Facebook lifts Tor ban, touts encrypted onion access point
Anonymized traffic now A-OK
Facebook has changed its stance on Tor traffic and will now provide users with a way to connect to its free content ad network using the anonymizing service.
The company said that it will now offer a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to access the service.
Facebook had previously blocked Tor access, citing security concerns and the possibility that Tor could be used to conduct attacks on its servers.
The social network said back in 2013 that it would work with Tor on a possible solution. Now, more than a year later, it seems one is at hand. Even as it launched of the Tor access address, however, Facebook acknowledged that the Tor network poses some risks.
"Tor challenges some assumptions of Facebook's security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada," Facebook senior engineer Alec Muffett said in announcing the move.
"In other contexts such behavior might suggest that a hacked account is being accessed through a 'botnet', but for Tor this is normal."
The company said the service would also use SSL atop Tor with a certificate that cites the unique Tor address. This, the company said, will allow Tor to maintain a secure connection and prevent users from being redirected to fake sites.
"The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure – check the URL again, you'll see what we did there – and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre," Muffett said.
Those who are privacy conscious may still want to note, however, that measures such as Facebook's controversial "Real Name" policy remain in effect. ®
Sponsored: Becoming a Pragmatic Security Leader