Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Tor .Onion Sites May Get Digital Certificates Soon

Posted by timothy on from the try-to-stop-from-crying dept.

Trailrunner7 writes News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project's proxy service. Unlike any .onion domain before it, Facebook's would be verified by a legitimate digital signature, signed and issued by DigiCert. Late yesterday, Jeremy Rowley, DigiCert's vice president of business development and legal, explained his company's decision to support this endeavor in a blog entry. He also noted that DigiCert is considering opening up its certification business to other .Onion domains in the future. "Using a digital certificate from DigiCert, Tor users are able to identify the exact .onion address operated by Facebook," Rowley explained. "Tor users can evaluate the digital certificate contents to discover that the entity operating the onion address is the same entity as the one operating facebook.com."

3 of 52 comments (clear)

  1. Re:That's fucking stupid by Anonymous Coward · · Score: 2, Informative

    They chose facebook*, created a bunch of matching addresses and selected the address which looked nicest. The corewwwi part is actually random. You can't create the private key which results in the same address as Facebook's. You could create another address that starts with facebook, but functionally that would be an entirely different address that would not give you the ability to intercept requests to Facebook's address.

  2. Well, anyway ... by CaptainDork · · Score: 3, Informative

    ... I used the Tor browser to get to one of my burner Facebook accounts and it locked me. Such joy. I was coming at the site from another country, so Facebook had a major cow.

    I went mainstream and gave Facebook a tummy rub and all is well, but it was a fun ride.

    I still wonder what the Sam Hill any Facebook member would be doing on Tor, but you can bet your sweet ass that Facebook wants you no matter what route you take.

    --
    It little behooves the best of us to comment on the rest of us.
  3. Re:Wait by jythie · · Score: 4, Informative

    There is also another advantage of things like this, Tor becomes more effective as more people are using it for general tasks. I can recall a while back someone being caught for sending fake bomb threats via Tor. How did they find the person? They were the only one using Tor on their entire network and only used it at the same times the emails were sent.

    So there is an advantage to people simply using Tor for their normal everyday activities like this.