Our vote for counterintuitive news of the weekend has to go to this: Facebook is making itself available to users who want to access it via the TOR network.
TOR, which stands for the The Onion Ring, is a sophisticated but relatively simple way of trying to mask your online activity. By bouncing internet traffic randomly between servers, it hides the IP address of the original user (ie you) when requesting web pages and the like. Developed by the US and designed to help activists in repressive regimes, TOR has also become popular with privacy advocates. It’s also used to facilitate sales of illegal goods by protecting buyer and merchants’ identities at darknet sites like Silk Road 2.0.
One thing it’s not generally used for is Facebook. Aside from the clash of principles – TOR is about hiding who you are, Facebook is about surrendering privacy to the Zuckergods – there’s also a safety and security problem for TOR users. TOR is only as safe as you machine – the network can protect you so far, but logging into Facebook will identify you when you visit any other site with a Like button on. So your IP address is hidden, but your browser is shouting your real identity out to the world regardless.
Some believe that Facebook’s site, https://faceboocorewwwi.onion, is a ruse designed for exactly that purpose – to identify activists. There may, however, be method in the madness. It may – and that’s a big may – enable people living in countries where Facebook is banned or traffic to Facebook monitored – access the social network without revealing that their doing so to authorities.
Of course, in those same countries using TOR is a pretty big red flag for drawing attention to yourself, so who knows?
According to Facebook’s Alec Muffett, writing at the firm’s Protect the Graph page, TOR’s IP bouncing has historically presented problems with verifying a user’s location. Facebook uses this partly to learn more about you and partly to pick up when an account gets hacked. If you live in South Africa and someone is trying to access your account from Russia, Facebook won’t let them until they pass additional security checks.
This is why Facebook had previously blocked traffic originating from TOR to its servers. NoTOR requests now connect directly to the datacentre bypassing some of the security measures.
“The Facebook onion address connects you to Facebook’s Core WWW Infrastructure,” says Muffett of the new TOR link, “Check the URL again, you’ll see what we did there – and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre.”
If anyone can enlighten us as to how that mitigates the previous problem we’d love to know. One potential new issue is that the TOR login is more likely to be used by people who have access to stolen credentials, who can now bypass security checks and protect their own backtraced IP, isn’t it?[Via – The Next Web, Image – Protect the Graph/Facebook]