While in the past Facebook has occasionally blocked Tor connections because of security considerations, the company has decided it will help Tor users from now on, and announced that they have created a Facebook onion address.
Located at , it “provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud.”
“The idea is that the Facebook onion address connects you to Facebook’s Core WWW Infrastructure […] and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre,” Alec Muffett, a Software Engineer for Security Infrastructure at Facebook London, has shared on Friday. This way users don’t have to worry about malicious Tor exit nodes.
In the past, using Tor to access Facebook was sort of a gamble, as the social network’s security mechanisms would often block access because “from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada.”
Facebook has been helped on this scheme by Dr. Steven Murdoch of UCL and Runa Sandvik of The Tor Project.
While some Facebook and Tor users urged others not to think that by using this scheme they will be completely anonymous, Sandvik says that “you get around the censorship and local adversarial surveillance, and it adds another layer of security on top of your connection.” But, she adds that “no, you’re not anonymous to Facebook when you log in.”
Tor users are also advised to have a look at The Tor Project’s leader Roger Dingledine’s blog post addressing the pros and cons of Facebook’s latest move, as well as the discussions it started.
Among the things addressed is also Facebook’s choice to use SSL atop the onion address.