Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Android App Gains Privacy-Enhancing Tor Support (facebook.com)

Posted by samzenpus on from the anonymous-liking dept.

Mark Wilson writes: Back towards the end of 2014, Facebook unveiled a new .onion address that allowed Tor users to visit the social network securely. Following on from this, the company is now giving Android users the ability to browse the site using Tor and the Facebook app. Security, privacy and anonymity may be words readily associated with Tor, but few people would use them in the same sentence as Facebook. The social network says that there is increased demand for secure connections to Facebook from Tor-enabled browsers, hence spreading to the largest mobile platform. The news will make some mobile users happy, but there are currently no plans to migrate the feature from Android to iOS.

43 comments

  1. haha. hahaha. by Anonymous Coward · · Score: 1

    Facebook. Privacy. Same Sentence?

    I'd expect it's more likely a way to subvert the TOR network by putting multiple nodes on it that will allow tracking of data.

    1. Re:haha. hahaha. by Anonymous Coward · · Score: 0

      Facebook. Privacy. Same Sentence?

      I was thinking the same thing! The perfect example if an oxymoron...

    2. Re:haha. hahaha. by fuzzyfuzzyfungus · · Score: 2

      It's also idiotic because(as the TOR project makes no secret of) TOR actually reduces your security in the context of accessing authenticated services and cannot regain the privacy you lose by signing in with account credentials tied to something.

      If you are going to log in to some site, you want SSL/TLS: sure, any adversary on the wire will know that you are talking to facebook; but stealing your password or getting the details of what you are doing there will be tricky. TOR is good for making hard to trace connections to random resources; but why would you possibly want an exit node over which you have no control signing in to facebook for you?

    3. Re:haha. hahaha. by SumDog · · Score: 1

      It makes sense if you sign up to Facebook via Tor and then only access FB via Tor and don't make any connections to people you know in real life. There aren't a lot of use cases I can think of. Maybe if you live in The Netherlands or Colorado and want to make a page for your legal weed store? You'd have to create a fake person and then a real page ... you could access the page via a real account outside of Tor to like it, along with your customers. If later down the line, the federal government decides to come in again and shut down weed stores in states where it's legal, it's one less piece of evidence attached to you. ...but that's not a good example; plenty of problems with that use case....and there's still no advantage of Tor within their mobile app as their mobile app will have access to all your other accounts and personal info anyway.

      Yea, this is just dumb. It's gotta be a marketing stunt.

    4. Re:haha. hahaha. by AHuxley · · Score: 1

      Think of what a gov backed onion routing network really needs to hide its freedom fighters, color revolutions, NGO's, spies... a much larger pool of global users to make local tracking harder.
      By adding a lot of new users the game changes for other actors trying to trace back onion routing users of interest.
      How to ensure the flood of new users stay in the system? Get a captive site to network them in.
      Nothing to really do with any users privacy but to provide bulk cover for other gov projects and their contacts.
      Security, privacy and anonymity for dissident networks, not so much for social media users been tracked by ads.

      --
      Domestic spying is now "Benign Information Gathering"
  2. Lol, ridiculous sales pitch is ridiculous. by Anonymous Coward · · Score: 0

    More privacy ON FACEBOOK, cuz Tor! Lol MORONS!

  3. A private connection to give away privacy? by Anonymous Coward · · Score: 0

    That's like getting in a heavily armored car, and driving with a secure caravan including helicopter cover.... to the roughest part of town where you walk around with a megaphone shouting "come and rob me now!"

    1. Re:A private connection to give away privacy? by gweilo8888 · · Score: 1

      ...and the doors to the armored car welded open.

  4. Great by Anonymous Coward · · Score: 5, Funny

    Can't wait till I can log into Silk Road with my facebook account.

    1. Re:Great by fluffernutter · · Score: 1

      Sorry dude, my mouse skills are lacking and I moderated you overrated by mistake. Now I shall post to undo it, since there doesn't seem to be any other way. Someone else mod this guy up!

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  5. Bullshit ... by gstoddart · · Score: 1

    Privacy enhancing from Facebook?

    Oh, you mean they'll still spy the fuck out of you and rummage through your contacts, but they'll pretend to keep you safe from others?

    Honestly, why use the app at all? Use your web browser and don't accept their snooping on your contacts and other shit.

    --
    Lost at C:>. Found at C.
    1. Re:Bullshit ... by Anonymous Coward · · Score: 0

      Oh shuddup, if more people use TOR then it strengthens the network. Nobody HAS to use Facebook, nobody HAS to use Google, or Apple, or Microsoft for that matter. Stop getting so pissed at what OTHER idiots do in their own time and focus on making yourself better. Dick.

    2. Re: Bullshit ... by IBME · · Score: 0

      In other news, MS is giving Windows 10 away for free. Oh boy oh boy

    3. Re:Bullshit ... by Anonymous Coward · · Score: 0

      U mad bro?

    4. Re:Bullshit ... by fluffernutter · · Score: 1

      Nobody HAS to use Facebook... until you find out that it's the only place your friends are willing to communicate special events such as weddings and birthdays.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    5. Re:Bullshit ... by Anonymous Coward · · Score: 0

      Honestly, why use the app at all? Use your web browser and don't accept their snooping on your contacts and other shit.

      That's what the Tinfoil for Facebook app does, except it uses a separate browser instance and keeps Facebook from getting any browser data. Plus it's open source; get it from F-Droid.

    6. Re:Bullshit ... by Anonymous Coward · · Score: 0

      ...Stop getting so pissed at what OTHER idiots do in their own time and focus on making yourself better. Dick.

      Spoken with true ignorance.

      This is what people just don't fucking get about pattern analysis today. There's more than enough "idiots" turning right all the time to make you stick out like a sore thumb because you choose to turn left.

      In essence, it is the "other idiots" we now have to worry about, because it makes those of us who are at least trying to have a semblance of privacy stick out all the more. And when you are the anomaly, it's not hard to find you.

  6. honeytrap by turkeydance · · Score: 0

    for the "honey, it's ok. Facebook says so" demographic.

  7. First rule of TOR by penguinoid · · Score: 5, Informative

    The first rule of TOR is that you don't sign in to Facebook or any other similar thing, else you link your account to your identity. This especially matters for Facebook because they have those little scripts all over the web to track what websites you visit, all those sign in/comment with Facebook widgits will know who you are.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:First rule of TOR by Anonymous Coward · · Score: 0

      There is no first rule of Tor (by the way, it's not TOR, it's either Tor, or tor, depending on what you are talking about).

      A software engineer from Facebook, Alec Muffett, is not only active on the Tor development mailing list, but also participating in the efforts to bring digital certificates to .onion domains. I'm still not sure how Tor fits into Facebook's big picture, but their interest seems as great as it is unexplained.

      Maybe you are right, and they are interested in Tor because they gain the capability to track Tor users, or maybe they're predicting a shift towards privacy-focused protocols and a more encrypted web, or maybe they're just keeping Tor close in case a presence there ever becomes important, or perhaps they're just trying to associate their image with the ideal of privacy since, as you point out, they provide the exact opposite. Whatever it is, they are there, and it doesn't smell quite good.

    2. Re:First rule of TOR by Anonymous Coward · · Score: 0

      The first rule of TOR is that you don't sign in to Facebook or any other similar thing, else you link your account to your identity.

      The first rule of Facebook is you are our product, we will lie to you about privacy in order to get some juicy info about you we can sell.

    3. Re:First rule of TOR by fluffernutter · · Score: 1

      Everybody knows the first rule of tor is you DON'T TALK ABOUT TOR.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    4. Re:First rule of TOR by Shane_Optima · · Score: 2

      It depends on what your motivation for using TOR is. The encryption and obfuscation works in both directions, so the ISP and/or whoever owns the access point you're using (coffee shop, employer, etc.) and/or honeypot operators are not able to spy on or hijack your Facebook session.

      TOR may be overkill for that use case, but it's free and arguably easier to use vs. a commercial VPN.

      That said, a TOR exit node is going much more suspect then your average coffee shop access point.

    5. Re:First rule of TOR by Anonymous Coward · · Score: 0

      ... you link your account to your identity ...

      TOR is for providing anonymity, which is the total opposite of the purpose of Facebook, even before considering Zuckerberg's 'real name' policy. It's like Doctor Evil putting his secret lair on top of the Eiffel tower.

    6. Re:First rule of TOR by AmiMoJo · · Score: 1

      It depends what you are using Tor for. Probably not anonymity, since you are on Facebook... But it works well for bypassing censorship and preventing your government and ISP from directly monitoring what you are doing. Say you are in a country where Facebook is banned but want to maintain a page there so people can read about and support your struggle.

      Also, just use Tor in a VM (Tails) and you don't have to worry about the web beacon thing, which you should have blocked with PrivacyBadger anyway.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:First rule of TOR by Anonymous Coward · · Score: 0

      I heard that was the second rule bro.

  8. How does this help? by Anonymous Coward · · Score: 0

    Because I'm more inclined to believe that this will help them associate people with their Tor usage than actually enhance privacy.

    Because nothing says anonymous like carefully hiding my tracks while I log into an account under my real name to post pictures of and write about everything I've been doing.

    1. Re:How does this help? by phantomfive · · Score: 1

      Tor doesn't enhance privacy as soon as you send a cookie.
      Tor hides your connections from intermediate parties. MITM attacks become a lot harder.
      The server you are connecting to will probably still know who you are, mainly because you tell them in several different ways, of which cookies are only one.

      --
      "First they came for the slanderers and i said nothing."
  9. Trap!!! by Anonymous Coward · · Score: 0

    It's a Trap, ignore this service!

    They want to get a list of people using tor for further monitoring. What easier method than tricking the fools into using facebook from tor....

    Run fast and far. Ignore the service.

  10. Privacy from whom? by Anonymous Coward · · Score: 0

    - Does Facebook still log my location/activity/IP address?
    Probably yes. I daresay they're using their own .onion nodes. Gotta serve those targeted ads to someone!

    - Can the NSA/Insert Government Agency here still request Facebook for personal data?
    Ridiculously, undeniably, yes.

    - Can my work/ex/friends/family etc still see the evidence of my 'partying' due to Facebook's facial matching tags?
    Yes

    As you can see I'm struggling to come up with a reason as to why people - especially those who use Faceook - would bother. Just continue to treat your mobile as a compromised device and leave the "anonymity" for a non-Facebook device when you need it.

  11. This is absolutely right. by neiras · · Score: 4, Interesting

    If you enable Tor within the Facebook app, Facebook gets:

      o the entry point to Tor that you are using
      o the exit node from tor that you come out of
      o your signed-in identity, as usual

    Adding Tor to the Facebook app gains you the following:

    o the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)

    If enough users enable Tor, Facebook will be able to map Tor circuits in real time, and Tor will do nothing to protect you from government agencies asking Facebook "was this user using Tor? What entry point did they use?"

    1. Re:This is absolutely right. by vux984 · · Score: 1

      If enough users enable Tor, Facebook will be able to map Tor circuits in real time,

      This aspect sounds potentially bad enough that it would undermine tor for all users, not just facebook users.

      If so, it seems like the tor network needs to blacklist connecting to facebook from exit nodes.

      the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)

      Yeah, I can't see why this would even be a feature needed, unless to dodge facebook blocks while using the corporate network at work... and if so WTF... if the company is blocking facebook using tor to dodge it is grounds for dismissal...

    2. Re: This is absolutely right. by Anonymous Coward · · Score: 0

      No, that's not possible unless they can determine that other apps are using the same circuits, which is unlikely to say the least. Tor had been designed to avoid this problem.

    3. Re: This is absolutely right. by Anonymous Coward · · Score: 0

      I think you're wrong on this one GP is right from any perspective. You cant vet TOR at the client level that seamlessly, plus any proxy before TOR make it next to impossible. You could fake agents or a million ways around. Unless say TOR required app signing etc and enforced a walled garden on its own then TOR could be in a bit of trouble because of this.

  12. Time for FaceNet by geekmux · · Score: 1

    Dear Facebook,

    We have decided that you now justify your own network, so no more need to be sharing with the rest of us.

    Please take the next hop to the nearest smaller subnet. You will be greeted by an outbound firewall named Skip.

    Oh and one more thing. Please ensure you take your fucking Tor security experts with you.

    Regards,

    - The Internet

  13. Brilliant Idea by Anonymous Coward · · Score: 0

    Yes, let's make it easier for the US agencies to identify you as you exit one of the most monitored web sites out there. It's not like FB dumps tracking cookies in your damn browser.

    I would not put any faith to any web site that doesn't even validate e-mails that people use to sign up properly or at all.

  14. How is this even pretend private? by Lordfly · · Score: 1

    So let me get this straight. Facebook, a company designed from the ground up to know everything about you and your friends, is offering a small segment of its userbase (paranoid Android users) the ability to connect using Tor.

    Discounting the fact that the phone is likely not rooted, and thus not 100% private in the first place.... Discounting the fact that cell data communications are easily traceable from the tower..... You're still using a Tor exit node to connect to a website who knows more about you than you do yourself, and spews out your personal data to the highest bidder 24/7/365?

    I just.... i mean...... what?!

    --
    hookers and grits.
  15. What about the 3rd word by Anonymous Coward · · Score: 0

    Might be this is targeted for use in countries where the governments want to suppress use of Facebook use to prevent organizing demonstrations, revolutions etc.. Also the mobile app would make sense as in some parts of the world people might have a basic smartphone, but no desktop computer.

  16. Just what I needed! by sidevans · · Score: 1

    The illusion of privacy while Facebook give away / sell my data.

    Thanks Mr Zuckerburger, I feel much better now...

    --
    I'm not signing anything
  17. Privacy from.... by Anonymous Coward · · Score: 0

    If you live in Shithole Arabia, then I guess this is what this means: your government won't spy on you. Only the US government will.

  18. the internet is like International waters by Anonymous Coward · · Score: 0

    pretty much anything goes. the governments would like to tell you that there are rules (CFAA?) but the truth is that no one fully understands how to gain control over it yet they all try. in this analogy social media companies are like pirates stealing your data for profit. Using this train of thought its so funny how many people just row out there in a dinghy and expect to come out alright. especially when the pirates hold a island party and everyone just moors up to the island like sheep to the slaughter. Using tor is like trying to camouflage your ship as another ship, people will still know there is a ship there but they wont know really whose ship it is but every time that you dock at an island (servers) and get off to trade (information) anyone on that island can really see who you are.

    Proper OP-SEC is about vigilance and security through layers.