Facebook Offers Users A Taste Of The Onion Ring With TOR Anonymity Over SLL Network
Facebook seems to have been focusing giving its users the ability to be anonymous in recent weeks. In October it was rumored that the company was working on a new mobile app, which has been designated Rooms, that would allow users to interact with each other under an alias. But now, Facebook is making its social media website more Tor-friendly.
The company announced that Tor users could get a secure connection to its servers by visiting https://facebookcorewwwi.onion/ that will provide end-to-end encryption. Prior to this, it was a chore for Tor users to connect through a Tor-enabled internet browser since Facebook’s security would tend to treat Tor as a botnet.
“We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link,” explained Facebook London security software engineer Alec Muffett. “As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's “SSL Certificate Warning” for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion.”
Facebook’s SSL certificate of Tor is the first time a website with a Certificate Authority, which means Facebook can issue digital certificates, has certified a connection for Tor users.
The company announced that Tor users could get a secure connection to its servers by visiting https://facebookcorewwwi.onion/ that will provide end-to-end encryption. Prior to this, it was a chore for Tor users to connect through a Tor-enabled internet browser since Facebook’s security would tend to treat Tor as a botnet.
“We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link,” explained Facebook London security software engineer Alec Muffett. “As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's “SSL Certificate Warning” for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion.”
Facebook’s SSL certificate of Tor is the first time a website with a Certificate Authority, which means Facebook can issue digital certificates, has certified a connection for Tor users.
