14 DAY TRIAL // Well, well, well, looks like Facebook is taking a huge step for those who want to remain anonymous on the platform by adding a way for people to use Tor to access the social network directly.
Anyone with a TOR-enabled web browser can visit https://facebookcorewwwi.onion/ to get in the social network’s servers that provide end-to-end encryption.
Facebook’s Alec Muffett, software engineer for Security Infrastructure, explains that it’s important for folks over at Facebook to provide methods for people to use the site securely. People can connect to Facebook in many different ways, which is one of the reasons they have implemented HTTPS across the service, and Perfect Forward Secrecy, HSTS, and other technologies which helps give people more confidence that they are securely connected to Facebook.
But, as they point out, more can be done. Tor, for instance, challenges some assumptions that Facebook’s security mechanism make. For instance, the system will believe a certain individual was connecting from Australia, while in the next moment he or she may appear to be in Sweden, Canada, or any other place around the Earth. In such a situation, the system flags the account as being hacked, which certainly isn’t the case when using Tor.
Since Facebook hasn’t built such considerations into its infrastructure until now, there have been many people who couldn’t connect to Facebook using Tor.
Using the link above connects users to the core WWW infrastructure, providing end to end communications. “We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's ‘SSL Certificate Warning’ for that onion address and increases confidence that this service really is run by Facebook,” the company notes.
They add that by issuing a SSL certificate for a Tor implementation is a novel solution to attribute ownership of an onion address.
Tor is an open source project that was launched in 2002 to allow people to access the Internet without sharing identifying information. That means their IP address and physical location is hidden from the websites they visit and from any onlookers as the real address pings back and forth between servers.