Alec Muffet has done a lot of work to get Facebook running on TOR and he's a true believer. I really enjoyed working with him when I was at Facebook. He also did a lot of work to get .onion domains to be recognized by registrars as a special purpose domain name. This let us issue certificates on .onion.
I don't know if the story behind the facebookcorewwwi.onion domain name itself has been talked about much, but we wanted a memorable name for the domain so we took a new cluster that hadn't been put in production yet and threw something like 500k cores at brute forcing onion names till we had a memorable domain name. Alec had a script that looked for hashes that started with facebook and then he picked the one that seemed to fit the most. And that's how we have facebookcorewwwi.onion now.
It took me only 24 hours and about $200-300 in compute to hit Blockchains hidden server key which is:
blockchainbdgpzk.onion
I'm pretty sure it's the second most trafficked site after FB
If anyone is looking at setting up a hidden service and wants a memorable name I still have the cluster setup.
Matching 10 characters isn't much of a challenge - it's why hidden service addressed on their own don't provide identity authentication and why we both went with SSL cents for Tor hidden services (provided by Digicert - who have been great advocates for the cause)
Sorry I missed your reply - I was using AWS G1 insances (on the spot market) plus my own password cracking cluster (the old one had 6 ATi cards, building a new one now)
We generated many candidates beginning with facebook, so I don't recall when that one was found--it just happened to be the one that looked the best. There's a number of backup memorable domains that we kept the keypairs for just in case facebookcorewwwi gets compromised somehow.
I don't remember how long we ran it for, but IIRC we had enough candidates to stop after a week or two. I'm guessing something like 100-200M cpu hours?
FWIW, we ran it on and off for about a month IIRC, as the cluster was put through its paces prior to going live. I also seem to remember Matt Jones doing a minor tweak to the scallion code to speed things up as well...
The name of .onion address is the hash of a public key, so you can't choose it, or rather the only way is to generate random public and private key pairs and to keep the one that interest you.
Facebook must have generated an awful lot of key pairs to get "facebookcorewwwi". By the way, I hope they deleted the other generated pairs…
I have good faith that they didn't, or certainly not all of them. When Alex described the entire process they went through, he also smirked that should that primary key ever get compromised they have several others, almost as good, ready as drop-in replacements.
I do think he also mentioned that they only cared about keys that had their required prefix; all others were destroyed without anyone ever having access to them.
> I do think he also mentioned that they only cared about keys that had their required prefix; all others were destroyed without anyone ever having access to them.
Okay, that is what I was implying would be terrible otherwise. But actually it is quite obvious that they would not spend the disk space necessary the keep every single generated key pairs now that I think about it.
The number of generated key pair to find "facebook" + keywords must have been gigantic, maybe even so much that it could be used as a kind of rainbow table which would allow people (or three letters agencies) who can access it to attack hidden services that use one of the .onion for which a corresponding private key is known.
Nope. They ran a cluster to generate billions of addresses, and used some logic to find a nice one. But that won't help them a bit to find a specific address, since all the addresses they generated are only a vanishingly small fraction of the possible addresses.
That shouldn't matter. If the scheme is vulnerable when some company generates a bunch of keys, it is vulnerable whether those keys are deleted or not.
The onion-name is a hash of the public key the service uses, so you can't just pick a name and use it. They had to try many keypairs to find some that hashed to "facebook...." (Normally you generate your key and just use whatever name that hashes to, but it's cool to have one that's easy to remember)
Also, if I'm not mistaken, this means that if YOU can brute force a vanity domain, anyone else willing to throw down the same amount of computing power can perform the same brute force and discover your private key, taking over your onion site?
It requires substantially more compute power to match "facebookcorewwwi" vs just finding a hash with a prefix of "facebook" that looks readable. Good luck hashing the remaining eight characters!
But for the non-hash-aware among us, it would take on average 2,147,483,647 as long to brute force the last 8 with the same computing power and 4,294,967,295 as long to hash every combination of the last 8. This all assumes no vulnerabilities in the algorithm, of course.
Normally you brute force vanity addresses by having a range of acceptable outcomes, whereas to brute force a specific vanity address* you are only targetting a single outcome.
So they might have just set it to filter for facebook[dictionaryword]+ and this was the best match.
* Actually any address, it's not limited to brute forcing vanity addresses.
I guess I incorrectly assumed the process would be repeatable, but now I see that getting a specific duplicate equals bruteforcing the entire key space - even if the prefix is a chosen vanity name. I confused it with the effort of getting a similar address where just the vanity prefix needs to match.
Sure. The same is true for anything that uses public key encryption (Bitcoin for one). But the amount of computing power needed doesn't exist.
According to this person's math [1]: "It would take ~6.7e40 times longer than the age of the universe to exhaust half of the keyspace of a AES-256 key"
I don't know if Tor uses AES-256, but I'm sure any reasonable encryption algorithm would be similar.
.onion addresses are just 80 bits, not 256. Someone estimated[1] that the amount of work to brute force one address is approximately the same as the amount of hashing that has been computed by the bitcoin network up to now, so it's clearly not physically impossible. This weakness is apparently a practical problem, because it made people unwilling to automatically issue SSL certificates for .onion addresses [2].
The energy calculation assumes the computation is irreversible. If you use reversible computing, there is no lower bound: you can compute as much as you want for as little energy as you want.
The time calculation assumes our current computers and disregards Moore's law.
You have to create the algorithm to reverse an arbitrary AES-256 key, which is considered to be impossible, so that doesn't really make a difference. Your comment about current computers fails to grasp the scale that we are talking about here:
> It would take 10^38 Tianhe-2 Supercomputers running for the entirety of the existence of everything to exhaust half of the keyspace of a AES-256 key.
Let's assume that Moore's law is true for forever. In 300 years we will have a super computer capable of cracking a single AES-256 key in 37 millennium. However claiming that Moore's law will stay the same for 300 years when many think it won't last 30 is foolhardy.
>You have to create the algorithm to reverse an arbitrary AES-256 key, which is considered to be impossible, so that doesn't really make a difference.
What? Why is brute force impossible to code? I don't understand what you're claiming.
I agree that adding in Moore's law doesn't change the numbers by much. Moore's law plus weakening of cryptographic assumptions might do it, though. Plenty of previously-believed-to-be-strong crypto algorithms have been cracked, it's reasonable to think that we just don't have the tools to create unbreakable codes yet. (E.g. RSA is known to be breakable with quantum computers with Shor's algorithm.)
> What? Why is brute force impossible to code? I don't understand what you're claiming.
You claim that a reversible algorithm takes zero time. I said that requires a reversible algorithm that applies to an arbitrary AES-256 key which is currently thought to be impossible.
Brute forcing is not breaking but instead simply enumerating the key space and is subject to the slow downs we are talking about here.
> I agree that adding in Moore's law doesn't change the numbers by much. Moore's law plus weakening of cryptographic assumptions might do it, though. Plenty of previously-believed-to-be-strong crypto algorithms have been cracked, it's reasonable to think that we just don't have the tools to create unbreakable codes yet. (E.g. RSA is known to be breakable with quantum computers with Shor's algorithm.)
But you are missing the point of cryptographic systems, the goal typically isn't to be forever uncrackable, it is to be effectively forever uncrackable which includes upgrading the strength of your cryptography over time.
If we were talking about cracking crypto within 100 years then maybe we could talk about reasonable fear, but all of these things involve timelines that are longer than that (including quantum computer work).
Shores algorithm doesn't break anything. It just reduces the key space. Considering the major increase in energy costs and major lag in computational power of quantum computing, shores algorithm won't be a threat to today's crypto for hundreds of years to come.
Onion domains are just an encoding of a hash of a public key. To get a memorable name, you have to find a keypair that hashes to some letters you want. There is no correlation between any of the characters, so you have to do an exhaustive search to find nice strings.
I remember this was talked about by a group at Ohio Linuxfest a couple years ago and also went into IP load balancing at scale. Really neat work being done there.
It is encrypted, but when you're going to facebookcorewwwi.onion you only know that you're connecting to server that knows the corresponding private key, of which "facebookcorewwwi" is a hash. Which is already good. However, seeing EV certificate on this domain also shows you that the corresponding private key for HTTPS connection is signed by a certificate authority: that is, if you trust this CA, you can pretty much trust that you're connecting to Facebook, Inc.
To add on that explenation, EV is about identity. Its what should differential someone pretending to be facebook using facebookcorewwwl.com and the real entity. Its less about encryption and keys, and more about a CA claiming to have looked at the companies registration papers and other government official documents and thus confirmed their identity.
That's true. Exit nodes do not play a role in hidden services. But, Rendezvous point does. So, If your node somehow selected as rendezvous point for meeting, then you could possibly sniff the traffic.
Related: Please Facebook, let me peek over your walled garden. Taking a privacy-friendly stance, with the current Facebook, hurts my social life.
I do not trust your company, and I think you are bound to act unethically in the future. But I do not ask you to become a trustworthy ethical company. Mess with the accounts of my friends all you want. I just want to be invited to the next BBQ. People have stopped using e-mail for announcing these social events, and _all_ use Facebook. Could it be possible for me to not be on Facebook, yet still stay up-to-date on what my friends, or hell, even my parents now, are doing? A more advanced social graph API that hooks into email, RSS, Twitter, whatever... ?
I'm sure you also have my email-address from the address books of my contacts, so you could verify me.
As one of your longest non-users (I remember when TheFacebook required a Harvard-email for invite), please let me become a semi-user. It won't pay you a dime, but it will make the world a better place.
Facebook users can invite non-Facebook users by email to events, if they want to.
But for viewing what your friends and parents are doing on Facebook? Well, they could change their privacy settings to be public, but that would hurt their privacy. You want to be in their social graph, but not have a Facebook account. What does that even mean? Do you just not want to have a password? There's no rule you have to post any content, if you just want to view other's.
> Facebook users can invite non-Facebook users by email to events, if they want to.
This stops after a while. Even when you stay a pleasant person, you'll always be "that guy" requiring an extra action to contact. The social ripple/ping of an event stays inside Facebook.
> You want to be in their social graph, but not have a Facebook account.
In the ideal form this would be a totally open protocol (with backing of Facebook, Google, ... and W3C).
In the current form, I do not know enough about Facebook to suggest a good system. Yes. I want to be in their social graph, but not have a Facebook account or be under Facebook TOS. If that is meaningless at the moment, maybe we should make it mean something.
This is a social problem, not a technical problem. Encourage your social group to not use proprietary walled-gardens to plan and publicize their events. They'll all be better off for it.
I didn't have to convince anyone, but most of my friends are already off Facebook. For years, I've lead by example through organizing events via other means, and contacting all interested parties directly. You don't have to convince them to delete their account, just to not use it for organizing events.
I'm fairly sure you can just create a facebook account and enable email notifications. You'll never have to log in or upload any personal information, but you'll receive an email whenever you friends invite your placeholder account to an event.
I've recently tried using FB via TOR (Browser) for the first time, but was unable. After entering the onion address and my FB credentials, I was informed that the account is temporarily blocked (presumably because of first access via TOR). I was presented with an option of unblocking it by recognizing a few photos of friends and matching them to names - but unfortunately, all those photos showed as blank, white squares!
So, I wasn't able to login via TOR via the purposefully created .onion address. Also, sent an issue report via non-TOR login about this, but never got any response.
Note also that this seems to mean to me, that there may be people who are cut off from FB via TOR same as me, but who don't even have a way to notify FB about the fact. And thus not having any chance of having the bug fixed.
That's a standard challenge if you try to log into your FB account from a new machine / IP address that geolocates somewhere you don't typically seem to be. Of course, that's pretty ironic since your Tor exit could be anywhere, but it's not specific to Tor anyhow. I have seen the same behavior using VPN, too.
The problem is not the existence of the challenge. The problem is it is broken in a fresh, unmodified install of the TOR Browser. Sorry, but I can't recognize a pure white square properly as a person.
There isn't an exit when accessing an onion address - the identity of the client-chosen part of the circuit would be unknown to the hidden service operator.
Report this as a bug and it will get routed to Alec and promptly fixed. The issue here is that constructing the page requires pullling from different places (cdn, etc) and sometimes someone changes the way things are set up internally to deliver this and the person making the changes is not aware of the mods needed to deal with the .onion support.
As I said, I've already reported as a bug via FB, weeks ago, haven't heard from anybody since then. Is there some other way I should use? As to the root cause, that's what I suspected, and it also tells me that the TOR gateway seems not well covered by tests and thus prone to breaking. And you won't know, as TOR users have no way to report in-band.
So I didn't tell you this or suggest it in public, but it helps to sometimes use that _other_ social network to tell FB folks that something is not working. A lot of user reports of Tor<->FB issues get to the appropriate team in the London office via Twitter...
Ehmh. Now... I'm semi-embarassed to admit that I don't use Twitter. (Although really, not really even semi.) And at this point, I don't think I care enough. Also, as much as I'm grateful to you for following up and trying your best at helping me find a contact channel, please note I've already tried two channels. The in-FB one, which I'd expect could be treated with some seriousness, then HN. Is it still not enough? am I to believe if I tried Twitter someone would suddenly magically care? I'm hard pressed. And I don't care enough to beg and dance for however long it would have to take; especially given that this already signals to me that the FB team simply doesn't care either. So even if I succeeded in persisting and breaking through, the chance is big it'd soon break in some other way. And unfortunately I don't plan on becoming unpaid full-time FB QA.
No, you retain all of the properties of Tor hidden services: censorship resistance, authenticated end-to-end encryption, onion routing that hides your source IP.
Obviously if you log into a Facebook account with your real-world identity then all actions performed on the site will be linked with it, but that is expected.
I think his point is that if you are using Facebook, you are still limited by the level of trust you have with them. That should be quite low for any privacy conscious internet user. That you are using a different IP and a pseudonym might be a hoop for them to jump through through to figure your identity out should be considered in the context that they are likely already collecting data about you without your consent from many different sources. When it comes to jumping through these kinds of hoops, Facebook is a circus lion.
When I was traveling in China, I would have had no access to Facebook if it weren’t for Tor. All I needed was my USB drive with a Tor + Linux and I could access the free Internet from any computer. Providing anonymity of identity is just one of the many uses of tor. [1]
No, not really: even if you could block all the known tor relays there are still the bridges that are exactly meant for this situation: bridges are like normal relays but their full list is not disclosed so it shouldn't be possible to block them entirely.
This is probably what he has been using.
If your plan was to remain anonymous on FB, it would. But that's not what their .onion service is for.
The ingenuiety of the hidden service is that FB basically inverted Tor's idea. Tor is really good at bypassing restrictive net filters, while at the same time it hides your browsing destination. So in effect FB turned a Tor address into their own highly resilient web proxy. Where a proxy normally provides a guarded way out of a network, the hidden service provides an otherwise untraceable way in.
Now, technically it is ~possible to identify FB-Tor traffic from regular Tor traffic. At least in some sense. Because the address is inside the .onion network, there are only half as many routing hops between the client and the server. So if you, as a well funded governmental adversary, first identify nearly all Tor traffic, you can then see which clients receive their responses notably faster than the rest.
These faster roundtrips are very likely using hidden services. If you then drill down even further, I am sure you should be able to identify a reasonably large fraction of your own subjects who are clearly accessing FB and thus stepping around the nationally imposed censure.
For the record, Alec didn't consider the above traffic analysis attack particularly feasible. And we both agreed that the straightforward solution is to get a lot more traffic for hidden services in general. Once FB is not the sole huge site with a hidden service, their traffic cannot stand out.
This came up in a discussion we had. FB is proposing (and funding) development that would make hidden services faster. One of the measures would be to make [some?] hidden services reachable over 3 hops only.
A quick search does not bring anything on the topic up, but it can easily be that I try to search for wrong key words.
Normally it wouldn't. But as I understand, in FB's case the last hop will be served by a fleet of extremely well connected, high-bandwidth edge nodes. And I would be sorely surprised if they didn't have peering agreements in practically all internet exchanges.
So under the faster onion routing, when accessing FB.onion your roundtrip is total of 6 hops. Hops 3 and 4 will be made to an edge node network, so the "last hop in" and "first hop out" will be, on average, faster. Even if the circuit was reconfigured midway through the session, the fast innermost hop would still exist.[~]
It's just another timing attack, with passive traffic analysis. I wonder how much one could do with active attacks.
~: I have no knowledge how FB has configured their Tor network connectivity, but I do know that the private key is not held on a single termination point. (The traffic volume is too much for a standalone node.) Hence I am making an educated guess that their onion address is advertised from multiple edge systems.
But there's still no difference between visiting FB.onion under a 3-hop system and visiting Google or Netflix or any of the many sites that have distributed servers.
(I suppose that different protocols are being used that have different times, but that seems negligible; wouldn't bet on that though.)
In that case it looks like I have misunderstood the last hop for hidden services.
When using a public site over Tor, the connection looks like this:
1. User connects to a relatively nearby entry node (guard) [hop #1]
2. Guard node routes the packet via a relay [hop #2]
3. Relay routes the packet to an exit node [hop #3]
4. Exit node routes the packet out of the Tor network, and has responsibility for finding the actual destination. Even for a globally available high-traffic site the route from exit node to the nearest edge node has to travel across a couple of networks.
Now, under the proposed 3-hop hidden service protocol - when user accesses a hidden service, I had understood that the "exit node" is replaced by the hidden service itself. So the connection would look like this:
1. User connects to a nearby guard node [hop #1]
2. Guard node routes the packet to a relay [hop #2]
3. Relay node routes the packet to the hidden service [hop #3]
4. There is no step four. The packet has been delivered to its destination network.
For a random hidden service this probably wouldn't matter much, but if/when the third hop is provided by a globally accessible edge network, the latency between relay and final destination should be quite good.
With the elimination of post-Tor routing steps, and with the constantly better latency from relay to the hidden service, I expect the overall latency for this particular Tor circuit to be measurably lower. After all, there are no public hops beyond the circuit termination nodes. So from traffic analysis point of view, Tor/FB traffic should stand out from other Tor traffic.
And I think I found some references, at last. Search for "Direct Onion Services: Fast-but-not-hidden services" draft discussion on tor-dev archives.
Anyway, skipping the third hop would decrease user anonymity, because you'd only need two relays to cooperate to identify the user and who they're connecting to. Regular tor requires all three to cooperate.
The proposal uses a rendezvous point instead of an exit node, but that shouldn't affect speed as far as I see.
Not if the user merely intends to get past a firewall the country has... their purpose isn't anonymity, but free communication, unfortunately they must don anonymity to achieve free communication.
But if one of your friends is not really your friend, and you won't know until it's too late, they'll know you got past the firewall and that could be enough to get you into troubles. You better have to stay fully anonymous, which limits what you do on Facebook. You probably want different accounts for different groups and an empty timeline in every account.
It may be that it just isn't that strictly enforced for a variety of reasons. China allows a number of VPN services that bypass the firewall to function. My guess is that it isn't a huge deal because the vast majority of people don't care enough to go out of their way to bypass the firewall; the social effects of having that firewall are still in place.
Start enforcing it heavily and the people that DO use those services may start protesting or moving into activist roles.
Which also tends to be the subset of people that have studied abroad, various repatriated huaqiao and college students at some of the more metropolitan colleges and I guess tech people/white collar workers.
Cracking down on college students seems like a really dumb idea.
I think this is a good reminder of why they would want to keep people just barely satisfied. China will go that far, but it's an expensive point to make.
Since Tiananmen, the party has basically bargained that people will accept economic progress as a substitute for political freedom. Now that the rapid growth of the last two decades is starting to slow down, we'll have to see how the CCP and Chinese people respond.
If you assume that Facebook will comply with whatever entity you're trying to avoid, by using Onion, it sounds like a pretty bad idea to me, yes. In theory you could probably use a separate browser and Tor session for Facebook, and for your other browsing - making it a little harder to associate your Facebook login with your Tor session (ip). Sounds like a terrible idea, though.
Now, for some of the reasons why you'd want to use Facebook via Tor, it might not matter much - using Facebook might be bad enough (eg: it could be considered subverting state censorship) -- so if Facebook is already colluding with your adversary, just having a Facebook account might be enough to give you problems.
It might be enough for a legal veneer of plausible deny-ability, although I doubt it: Eg, perhaps you're a drone pilot and you login to Facebook via Tor, and paste in a gpg-encrypted, ascii-armored text-message to a journalist on Facebook. You could claim someone must've hacked your account. Or you could collude with someone else, and "borrow" their account. I don't think it'd keep you out prison though.
There are several advantages of Facebook over Tor. One of them is that your ISP is unable to see who what site you are talking to, and that Facebook is unable to see your source IP address.
They make money from knowing who people are, and selling that. This cleaves the driving tor concept by deanonymizing users.
For anybody as large as Facebook, if enough people go for it, the remaining slice of the pie will be really small (because not all have tor, but many of those that have, have Fb).
Not really, if your expected adversary is your local nation state that wants to watch your Internet traffic for domestic political dissent (Iran, Ethiopia, China, etc).
"The short answer is that for the first half of it ('facebook'), which is only 40 bits, they generated keys over and over until they got some keys whose first 40 bits of the hash matched the string they wanted."
"Then they had some keys whose name started with 'facebook', and they looked at the second half of each of them to pick out the ones with pronouncable and thus memorable syllables. The 'corewwwi' one looked best to them — meaning they could come up with a story about why that's a reasonable name for Facebook to use — so they went with it."
(Corrected: Hash of public key not private key per itsbenweeks below)
They "allocated" the key by using it. Others are not more likely to generate the key they found than any other specific key. This is statistically unlikely due to the extremely huge number of possible keys.
Well, did they generate keys they liked and then tried to use them immediately, hoping nobody had generated the same key in the meantime, or did they generate only keys they would like and "registered" them all but kept just one? If so, what happens to allocated but unused keys? What I'm trying to figure out is:
There's nowhere to register the key, tor is decentralized. They simply start conducting their business using the key they found. There's no waste of key space for the unused keys, merely a minuscule chance of collision with other random users. I guess you could think of attempting to find hash collisions as a race condition of sorts, but it is a very long race for the attacker.
Yes, the hash is "facebookcorewwwi", this is the hash of the public key of one of the keypairs facebook generated. We can't pretend to be facebook without knowledge of the corresponding private key, however.
To make this more clear, most tor hidden service sites that don't have loads of computing power to bruteforce a vanity domain have uris that look like http://3g2upl4pq6kufc4m.onion
1. You can't generate vanity you like, but you can generate billions of keys and choose one you like the most.
2. You can't "register" key. If some person manage to generate key with same vanity he can use same address as facebook, but practically this is nearly impossible. And if that happen this can be easily detected by facebook so they can just change official key.
It's funny that they say people use Tor "for a variety of reasons related to privacy, security and safety". They left out "firewall circumvention", which I have to believe is the #1 reason, at least in China.
China uses fairly complex artificial intelligence to detect TOR connections. Anything that "behaves like" TOR or a VPN is quickly caught on to and blocked.
There are a few attempts designed to make TOR look more like standard web traffic, which are really interesting.
It's definitely a cat-and-mouse-style game. Some have more success than others.
"Broken" would suggest that this isn't intentional. But yes, you are correct; domestic internet is fine, but traffic in/out is slowed and interfered with nearly to the point of being unusable.
I use "Tinfoil for Facebook" on my Android phone. It's a wrapper around the mobile site with some extra features, and you can tell it to use "Orbot" (Tor client for Android), and you can tell it to use the onion address as well if you want (which I do). Which means I can use Facebook over Tor without using the official app which steals god knows what data from your phone.
You don't get mobile notifications this way, so I just get my notifications via email instead. And I uploaded my public PGP key to Facebook, so the emails they send me are encrypted. Getting notifications via email also means that Facebook doesn't even know if or when I've read a particular notification.
To read those encrypted emails on my phone I use K-9 Mail with OpenKeyChain. My Yubikey Neo acts like a smart card reader to my phone over NFC so I don't need to give my phone direct access to my secret PGP key.
This setup works for me because I try to limit my Facebook usage, keep my number of "friends" on there to a minimum, and lie to Facebook whenever they want me to explicitly supply information.
Given Facebook's real-name policy, and the fact that it's literally a social network of your best friends, then since all Facebook pages are HTTPS anyway, the idea of using it over tor is... Uh... a bizarre
in theory the only thing you're leaking over a plain https is, "Hey this guy has friends." (this connection is visiting facebook).
meanwhile in theory I'd expect facebook to leak everything else on their end, because come on. I have next to zero expectation of privacy on facebook.
by that I mean you think people are planning terrorist plots over facebook? come on.
so I find the mashup of tor with facebook to be kind of bizarre.
There are countries where people go to jail over Facebook or Twitter comments and even just using it could be triggering some arcane investigation against you.
Also Iran (likely others) did try to inject tracking JS in plain HTTP and they got the ability for a while to have valid certs so HTTPS is not really helping if you are not really paranoid with certs and hashes that is really difficult to archive.
Once you got Tor running and connect to an onion you have quite a few guarantees that are hard to circumvent/spy on for a government.
> by that I mean you think people are planning terrorist plots over facebook? come on.
It sure has likely happened. Due to Facebook only access (internet.org) for a lot of the world using mobile and Facebook is the only access to internet that is affordable. Online shopping is also handled over Facebook in these countries.
While Facebook shares your data with courts it has no way of knowing who you are if you are using Tor. At least it can't forward your location to the local secret service to beat you up. A somewhat qualified court request from a western country is also something different than arbitrary repression from dictatorships.
This is a very good comment that answers my question. Would you move up a layer: why would (why do) these countries allow any citizen to run tor without a visit from the (not so) secret police?
FB probably supports TOR for those who wish to use Facebook against the policy of their countries government or to gain more possible privacy from said governments.
If you expect facebook to leak everything they know about you then connecting through tor allows them to know one less thing about you (the location you used to visit facebook).
Actually you share one more, important, datum: This user uses Tor. Likely uses Tor for other, possible nefarious, purposes too. Likely has a high X_keyscore.
Your real profile and location can be inferred from your browsing habbits and friend's data.
Unfortunately, with the current size of Facebook, even "not having an active Facebook account" shares data, especially when you are in an age category where all your peers do have profiles. It's a negative signal to recruiters and employers ("must have something to hide...").
> It's a negative signal to recruiters and employers ("must have something to hide...").
Fuck them. Is this the line of thinking you want to align your live to?
We need to work together to stop that from happening. In the end the best fake profile win's and it's a competition in hiding your sins. Medieval ages called and complained that you used them to compare to this mess.
Every second/third? totally fine, everything perfect guy has some unhealthy addiction but the guy who uses Tor for playing around or ordering drugs is suspicious? It's laughable. You only get some collections of narcissists and psychopaths as employees that still do occasionally harm to your company and use drugs like everyone else.
What the fuck is going on. It's 2016 and I'm feeling like 1516.
sure, but people usually obscure their location by using a vpn, not going through the hassle of going through tor.
So what I've written:
>so I find the mashup of tor with facebook to be kind of bizarre.
is even more so if anyone's reason is "I really, really, don't want facebook to know where I am!" I mean I just don't get it. Especially to the tune of 1 million people.
What is the hassle of using tor? You have to download, configure, and run some software, just like you'd have to to connect to a vpn, but you don't have to, yanno, set up a vpn... You also don't have to rely on the integrity of a single proxy.
There are search engine(s) specialized for TOR. As per Wikipedia[1]: 'Ahmia is a clearnet search engine for Tor's hidden services'. It was part of Google summer of code in 2014[2].
Cool, been looking for something like this. However, it should be noted that this is not what parent asked about. Parent was wondering if Google was usable for regular web searches using a client that came from a Tor exit node via the Tor network.
I thought .onion addresses were for anonymous hidden services, which Facebook is not. What's the advantage of accessing a .onion versus using Tor to visit the normal facebook.com?
If you are using TOR to connect to facebook.com, your connection has to leave the TOR network. This gives a lot of power and control to whoever is your exit node out of the network. Although they can't see who you are, they have full MiTM of your traffic. SSL helps a lot with this obviously, but it's still not the most ideal scenario.
Traffic directed to hidden services never "leaves" the TOR network, so it doesn't hand over any control to exit nodes and the (possibly malicious) people running them.
I don't know if the story behind the facebookcorewwwi.onion domain name itself has been talked about much, but we wanted a memorable name for the domain so we took a new cluster that hadn't been put in production yet and threw something like 500k cores at brute forcing onion names till we had a memorable domain name. Alec had a script that looked for hashes that started with facebook and then he picked the one that seemed to fit the most. And that's how we have facebookcorewwwi.onion now.