Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Android App Gains Privacy-Enhancing Tor Support (facebook.com)

Posted by samzenpus on from the anonymous-liking dept.

Mark Wilson writes: Back towards the end of 2014, Facebook unveiled a new .onion address that allowed Tor users to visit the social network securely. Following on from this, the company is now giving Android users the ability to browse the site using Tor and the Facebook app. Security, privacy and anonymity may be words readily associated with Tor, but few people would use them in the same sentence as Facebook. The social network says that there is increased demand for secure connections to Facebook from Tor-enabled browsers, hence spreading to the largest mobile platform. The news will make some mobile users happy, but there are currently no plans to migrate the feature from Android to iOS.

19 of 43 comments (clear)

  1. haha. hahaha. by Anonymous Coward · · Score: 1

    Facebook. Privacy. Same Sentence?

    I'd expect it's more likely a way to subvert the TOR network by putting multiple nodes on it that will allow tracking of data.

    1. Re:haha. hahaha. by fuzzyfuzzyfungus · · Score: 2

      It's also idiotic because(as the TOR project makes no secret of) TOR actually reduces your security in the context of accessing authenticated services and cannot regain the privacy you lose by signing in with account credentials tied to something.

      If you are going to log in to some site, you want SSL/TLS: sure, any adversary on the wire will know that you are talking to facebook; but stealing your password or getting the details of what you are doing there will be tricky. TOR is good for making hard to trace connections to random resources; but why would you possibly want an exit node over which you have no control signing in to facebook for you?

    2. Re:haha. hahaha. by SumDog · · Score: 1

      It makes sense if you sign up to Facebook via Tor and then only access FB via Tor and don't make any connections to people you know in real life. There aren't a lot of use cases I can think of. Maybe if you live in The Netherlands or Colorado and want to make a page for your legal weed store? You'd have to create a fake person and then a real page ... you could access the page via a real account outside of Tor to like it, along with your customers. If later down the line, the federal government decides to come in again and shut down weed stores in states where it's legal, it's one less piece of evidence attached to you. ...but that's not a good example; plenty of problems with that use case....and there's still no advantage of Tor within their mobile app as their mobile app will have access to all your other accounts and personal info anyway.

      Yea, this is just dumb. It's gotta be a marketing stunt.

    3. Re:haha. hahaha. by AHuxley · · Score: 1

      Think of what a gov backed onion routing network really needs to hide its freedom fighters, color revolutions, NGO's, spies... a much larger pool of global users to make local tracking harder.
      By adding a lot of new users the game changes for other actors trying to trace back onion routing users of interest.
      How to ensure the flood of new users stay in the system? Get a captive site to network them in.
      Nothing to really do with any users privacy but to provide bulk cover for other gov projects and their contacts.
      Security, privacy and anonymity for dissident networks, not so much for social media users been tracked by ads.

      --
      Domestic spying is now "Benign Information Gathering"
  2. Great by Anonymous Coward · · Score: 5, Funny

    Can't wait till I can log into Silk Road with my facebook account.

    1. Re:Great by fluffernutter · · Score: 1

      Sorry dude, my mouse skills are lacking and I moderated you overrated by mistake. Now I shall post to undo it, since there doesn't seem to be any other way. Someone else mod this guy up!

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  3. Bullshit ... by gstoddart · · Score: 1

    Privacy enhancing from Facebook?

    Oh, you mean they'll still spy the fuck out of you and rummage through your contacts, but they'll pretend to keep you safe from others?

    Honestly, why use the app at all? Use your web browser and don't accept their snooping on your contacts and other shit.

    --
    Lost at C:>. Found at C.
    1. Re:Bullshit ... by fluffernutter · · Score: 1

      Nobody HAS to use Facebook... until you find out that it's the only place your friends are willing to communicate special events such as weddings and birthdays.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  4. First rule of TOR by penguinoid · · Score: 5, Informative

    The first rule of TOR is that you don't sign in to Facebook or any other similar thing, else you link your account to your identity. This especially matters for Facebook because they have those little scripts all over the web to track what websites you visit, all those sign in/comment with Facebook widgits will know who you are.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:First rule of TOR by fluffernutter · · Score: 1

      Everybody knows the first rule of tor is you DON'T TALK ABOUT TOR.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    2. Re:First rule of TOR by Shane_Optima · · Score: 2

      It depends on what your motivation for using TOR is. The encryption and obfuscation works in both directions, so the ISP and/or whoever owns the access point you're using (coffee shop, employer, etc.) and/or honeypot operators are not able to spy on or hijack your Facebook session.

      TOR may be overkill for that use case, but it's free and arguably easier to use vs. a commercial VPN.

      That said, a TOR exit node is going much more suspect then your average coffee shop access point.

    3. Re:First rule of TOR by AmiMoJo · · Score: 1

      It depends what you are using Tor for. Probably not anonymity, since you are on Facebook... But it works well for bypassing censorship and preventing your government and ISP from directly monitoring what you are doing. Say you are in a country where Facebook is banned but want to maintain a page there so people can read about and support your struggle.

      Also, just use Tor in a VM (Tails) and you don't have to worry about the web beacon thing, which you should have blocked with PrivacyBadger anyway.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Re:A private connection to give away privacy? by gweilo8888 · · Score: 1

    ...and the doors to the armored car welded open.

  6. This is absolutely right. by neiras · · Score: 4, Interesting

    If you enable Tor within the Facebook app, Facebook gets:

      o the entry point to Tor that you are using
      o the exit node from tor that you come out of
      o your signed-in identity, as usual

    Adding Tor to the Facebook app gains you the following:

    o the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)

    If enough users enable Tor, Facebook will be able to map Tor circuits in real time, and Tor will do nothing to protect you from government agencies asking Facebook "was this user using Tor? What entry point did they use?"

    1. Re:This is absolutely right. by vux984 · · Score: 1

      If enough users enable Tor, Facebook will be able to map Tor circuits in real time,

      This aspect sounds potentially bad enough that it would undermine tor for all users, not just facebook users.

      If so, it seems like the tor network needs to blacklist connecting to facebook from exit nodes.

      the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)

      Yeah, I can't see why this would even be a feature needed, unless to dodge facebook blocks while using the corporate network at work... and if so WTF... if the company is blocking facebook using tor to dodge it is grounds for dismissal...

  7. Re:How does this help? by phantomfive · · Score: 1

    Tor doesn't enhance privacy as soon as you send a cookie.
    Tor hides your connections from intermediate parties. MITM attacks become a lot harder.
    The server you are connecting to will probably still know who you are, mainly because you tell them in several different ways, of which cookies are only one.

    --
    "First they came for the slanderers and i said nothing."
  8. Time for FaceNet by geekmux · · Score: 1

    Dear Facebook,

    We have decided that you now justify your own network, so no more need to be sharing with the rest of us.

    Please take the next hop to the nearest smaller subnet. You will be greeted by an outbound firewall named Skip.

    Oh and one more thing. Please ensure you take your fucking Tor security experts with you.

    Regards,

    - The Internet

  9. How is this even pretend private? by Lordfly · · Score: 1

    So let me get this straight. Facebook, a company designed from the ground up to know everything about you and your friends, is offering a small segment of its userbase (paranoid Android users) the ability to connect using Tor.

    Discounting the fact that the phone is likely not rooted, and thus not 100% private in the first place.... Discounting the fact that cell data communications are easily traceable from the tower..... You're still using a Tor exit node to connect to a website who knows more about you than you do yourself, and spews out your personal data to the highest bidder 24/7/365?

    I just.... i mean...... what?!

    --
    hookers and grits.
  10. Just what I needed! by sidevans · · Score: 1

    The illusion of privacy while Facebook give away / sell my data.

    Thanks Mr Zuckerburger, I feel much better now...

    --
    I'm not signing anything