Facebook says you can be social and secure, acquires .onion address for Tor users

The so-called darknet, which is accessible via the anonymizing Tor network, has a reputation for being home to many disreputable sites. But now the biggest social network in the world is available via Tor. Facebook announced Friday that it is available to Tor users via a .onion address--the pseudo-top-level-domain used by Tor hidden services.

Anyone wishing to connect to Facebook via Tor can do so by typing https://facebookcorewwwi.onion/ into their web browser when connected to Tor (it won't work otherwise). Facebook says Tor users who visit the social network's .onion site are protected with end-to-end encryption since the .onion site connects directly to a Facebook data center via SSL.

Facebook's new .onion site makes it easier for users to connect to the social network via Tor without running into problems. Facebook's security systems, for example, may flag a Tor-connecting account for being hacked. Like a hacked account, Tor user traffic can appear to be coming from several different countries in a short period of time.

Why this matters: Facebook's very nature as a social network where anonymity is shunned may seem a strange candidate for creating a Tor site. But there are many reasons to connect to Facebook as securely as possible without revealing your location despite the loss of anonymity on Facebook itself. Participants in the 2011 protests against the Mubarak regime in Egypt, for example, used Facebook to mobilize protesters and inform the public.

A first for SSL

Facebook's SSL connection via Tor is also a first for the world of .onion sites. The social network's Tor hidden service is the first .onion address to receive a legitimate SSL certificate from an issuing certificate authority, according to a tweet from Runa Sandvik, who contributes to the Tor Project.

An SSL certificate is used by your browser to verify that you are connecting to the site you think you are. Facebook says it wanted to use an SSL certificate that cites its .onion address to give users confidence that they were indeed connecting to Facebook and not a malicious imitation.

Try it yourself

If you'd like to try out Facebook's new .onion site, download the Tor Browser from the Tor Project's site (we recently provided a brief tutorial on how to install the browser). Once you're up and running just type Facebook's .onion address into the browser's address bar and you'll be securely checking out your Facebook news feed in no time.

Related:

Subscribe to the Best of PCWorld Newsletter

Comments