News

Facebook opens up link to dark web via Tor

Tor-friendly .onion address gives users anonymity

4 Nov 2014

Facebook will no longer try to stop Tor users from accessing its social network.

Until now, Facebook's security policies had prevented people from accessing the site via the so-called "dark web".

Users will be able to visit the site via a secure browser using the Tor network to anonymise where the user is. Tor works by adding multiple layers of encryption to data and relaying this information through random computers around the world.

The change in policy means users can access the site "without losing the cryptographic protections", according to Facebook.

Users can access Facebook anonymously through https://facebookcorewwwi.onion/ and use this address to prevent their location becoming exposed or other information about them to others.

Previously, Facebook locked out this type of traffic for fear it was under attack from a botnet.

"Tor challenges some assumptions of Facebook's security mechanisms," said Alec Muffett, software engineer for security infrastructure at Facebook London, in a blog post.

"For example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts, such behaviour might suggest that a hacked account is being accessed through a 'botnet', but for Tor this is normal."

The access also uses SSL security on top of Tor as Facebook's architecture requires this to accept the connection, rather than for any security concerns.

Muffett said in using Tor lessons could be learnt about scaling and deploying services via the Facebook onion address. He added that a medium-term goal will be to support Facebook's mobile-friendly website via an onion address, but in the meantime Facebook expects the service to be of "an evolutionary and slightly flaky nature".