Facebook Adds Tor Support - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Social
News
10/31/2014
04:15 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Facebook Adds Tor Support

Facebook wants to allow people to use its service without being watched or censored. Is that some kind of privacy oxymoron?

Facebook: 10 New Changes That Matter
Facebook: 10 New Changes That Matter
(Click image for larger view and slideshow.)

Facebook has begun offering access to users through Tor, software that allows people to use the Internet anonymously.

Developed to protect US intelligence communication by the US Naval Research Laboratory in the mid-1990s and augmented by the Defense Advanced Research Projects Agency (DARPA), The Onion Routing (TOR) project was first released in 2002 and has become the gold standard for online anonymity.

It remains controversial only because some believe privacy can be made available to some but not to others, as if guns worked only for the good guys or encryption had a backdoor only the good guys could access. It is a tool that provides pretty good anonymity, for better or worse.

Tor has been used to protect intelligence and to expose it -- former NSA contractor Edward Snowden used Tor (in conjunction with Tails) to pass information on the National Security Agency's Prism system to the press. It has been used to protect individuals from abuse by political oppressors and violent stalkers; it has also been used to protect individuals who commit crimes.

[Should we love or fear a world of Internet-connected objects? Read The Internet of Things: 7 Scary Security Scenarios.]

Facebook wants to make it easier for Tor users to connect to its social network, an act that in some countries might pose problems. For example, Facebook has been banned in China since 2009, a consequence of government concerns about social media as a catalyst for such things as the ethnic riots in the Xinjiang region.

Tor users have been able to connect to Facebook in the past, but not without problems. Facebook security engineer Alec Muffett explains in a blog post that Tor presented problems for the company's security infrastructure: "Tor challenges some assumptions of Facebook's security mechanisms -- for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a 'botnet,' but for Tor this is normal."

Facebook has improved Tor access through a special URL, https://facebookcorewwwi.onion, that works only for Tor-enabled browsers. And it has taken the unusual step of providing an SSL certificate to affirm the authenticity of the Facebook onion address. This marks the first time a certificate authority has issued an SSL certificate for a Tor .onion address. 

There's an element of cognitive dissonance in all this: The notion of using anonymity software to access an account strongly tied to personal identity, at a service with a long history of privacy challenges, is full of contradictions.

But Facebook has been softening its stance on identity and moving to improve security, perhaps because its previous calls to share everything sound odd now that the NSA's efforts to gather everything have come to light. The social network recently acknowledged that drag queens should be able to use stage names as their Facebook identities and has allowed Facebook login to function anonymously in third-party apps. Like other companies offering cloud-based services in the wake of Snowden's revelations about the breadth of data gathering by government authorities, Facebook has had to take steps to restore faith in the security it provides to users.

Unfortunately, Tor might not be enough to protect Internet users from scrutiny. According to The Guardian, the NSA targets users of Tor and can generally identify them.

It's safe to assume that other governments are trying to do so as well and might be able to. Russia's Interior Ministry over the summer offered 3.9 million rubles (US$90,000 at current rates) for information that could defeat Tor, which has seen growing usage in that country.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
11/3/2014 | 1:52:56 PM
You Don't Say
Sorry, but given everything I know (and have personally experienced) with regard to Facebook and its lip service only privacy policy throughout the years, the fact that it now wants to pretend to be concerned about user privacy is an enormous joke.  Trusting Facebook to utilize Tor is like trusting that the so called organic produce Walmart is selling is actually the real deal.  (Hint:  It ain't.)  
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
11/2/2014 | 9:41:22 PM
Re: Serving users
I think personal information leaking to some extent is unavoidable in modern workld except you do not use any electroic device and do not touch internet, which is almost impossible. The user data is a gold mine for all business, not only just Facebook. The ease of connection and gaining information brought the trouble of personal data leaking as well.:-(
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
11/1/2014 | 4:29:55 PM
Serving users
I think in light of the fact that government agencies probably capture more data on innocent citizens than they want to admit has brought Facebook to this point. 

My belief is that Facebook will use my personal data to sell me things. That is their whole strategy. And even though the Guardian says the US government can detect Tor users, Facebook still wants to cater to a privacy-oriented crowd. Even so, what is using Tor with Facebook accomplishing? Hiding your location? That's about it. 
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll