Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Android App Gains Privacy-Enhancing Tor Support (facebook.com)

Posted by samzenpus on from the anonymous-liking dept.

Mark Wilson writes: Back towards the end of 2014, Facebook unveiled a new .onion address that allowed Tor users to visit the social network securely. Following on from this, the company is now giving Android users the ability to browse the site using Tor and the Facebook app. Security, privacy and anonymity may be words readily associated with Tor, but few people would use them in the same sentence as Facebook. The social network says that there is increased demand for secure connections to Facebook from Tor-enabled browsers, hence spreading to the largest mobile platform. The news will make some mobile users happy, but there are currently no plans to migrate the feature from Android to iOS.

5 of 43 comments (clear)

  1. Great by Anonymous Coward · · Score: 5, Funny

    Can't wait till I can log into Silk Road with my facebook account.

  2. First rule of TOR by penguinoid · · Score: 5, Informative

    The first rule of TOR is that you don't sign in to Facebook or any other similar thing, else you link your account to your identity. This especially matters for Facebook because they have those little scripts all over the web to track what websites you visit, all those sign in/comment with Facebook widgits will know who you are.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:First rule of TOR by Shane_Optima · · Score: 2

      It depends on what your motivation for using TOR is. The encryption and obfuscation works in both directions, so the ISP and/or whoever owns the access point you're using (coffee shop, employer, etc.) and/or honeypot operators are not able to spy on or hijack your Facebook session.

      TOR may be overkill for that use case, but it's free and arguably easier to use vs. a commercial VPN.

      That said, a TOR exit node is going much more suspect then your average coffee shop access point.

  3. Re:haha. hahaha. by fuzzyfuzzyfungus · · Score: 2

    It's also idiotic because(as the TOR project makes no secret of) TOR actually reduces your security in the context of accessing authenticated services and cannot regain the privacy you lose by signing in with account credentials tied to something.

    If you are going to log in to some site, you want SSL/TLS: sure, any adversary on the wire will know that you are talking to facebook; but stealing your password or getting the details of what you are doing there will be tricky. TOR is good for making hard to trace connections to random resources; but why would you possibly want an exit node over which you have no control signing in to facebook for you?

  4. This is absolutely right. by neiras · · Score: 4, Interesting

    If you enable Tor within the Facebook app, Facebook gets:

      o the entry point to Tor that you are using
      o the exit node from tor that you come out of
      o your signed-in identity, as usual

    Adding Tor to the Facebook app gains you the following:

    o the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)

    If enough users enable Tor, Facebook will be able to map Tor circuits in real time, and Tor will do nothing to protect you from government agencies asking Facebook "was this user using Tor? What entry point did they use?"