Slashdot Mirror
Facebook Sets Up Shop On Tor
itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook's onion address. This was done both for internal technical reasons and as a way for users to verify Facebook's ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time.
The fact that it was possible for them to generate that vanity URL means that Tor hidden service identifiers do not contain enough bits to be secure.
I should access a network the intent of which is to track every move I make through a network that is supposedly granting me anonymity.
What the fuck is the point?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So the most invasive, anti-privacy business on earth, doesn't like the fact that governments are using the very same tactics to prevent people from using it's site so they now support Tor?
We're through the looking glass now for sure.
So you go through Tor to access Facebook, where you immediately have to log in, and...
What's the point again?
Some countries block facebook. I think that's the point.
So you're going to go to all of this trouble to use a completely secure connection which conceals your identity and information about your browsing. Then you're going to go to a website where the first thing you do identify yourself to that website then the second thing you do is give yourself a cookie that identifies you to any website anywhere on the internet that has a facebook like button?
SURELY NOT!!!!!
So you go through Tor to access Facebook, where you immediately have to log in, and...
You really don't know anybody who uses Facebook pseudononymously? If you make an account called 'Hootie McBoob' you might get dinged, but there are thousands of 'Bill Riker's (have some fun with it).
If you're coming in from your home IP or a Verizon or AT&T mobile, you're gonna be decloaked in a hurry, even by a passive listener. So, if you want to participate in a community that's on Facebook but not be known to the outsiders, Tor makes sense. Right now you can exit Tor on one of the spooks' exit nodes, but then you're just enabling the traffic analysis. By offering Tor directly, you avoid the risk of using an additional hostile exit node.
This looks to be Facebook engineers doing the best they can given the cards they're holding. It's obviously more secure to not use any social networking systems at all, but if you rank security/privacy below functionality for some uses, this move makes sense to improve the situation.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
>facebookcorewwwi.onion/
the fact that its possible to calculate that far into an onion's address should make you cautious of the technology. While its unlikely that an ameture is going to crack a tor address/key, it now seems very likely that someone with enough rackspace, and the ability to make custom ASICs for the proccess could do so.(if cryptocurrencies can make asics, why can't people wanting to smash crypto do the same. similar tech, and especially if your a large company/government, buying them in bulk shouldn't be a problem)
its also know that facebook buys custom chips from intel who makes them with extra database specific functions built in, and intel now sells the service to any high volume buyer willing to pay extra.
Its not unreasonable to say tor is broken until they move to 4096 bit keypairs.