What Is Facebook’s Tor ‘Hidden Service?’ Why Does It Matter?
The world’s least-anonymous social network has joined Tor, a network that enables online anonymity. Facebook’s new hidden service enables Internet consumers who use Tor — in order to protect their privacy and security — to use Facebook without their web traffic giving away their identity and without being shut out by the social network’s detectors for fraudulent activity.
In a post on the “Protect the Graph” page, Alec Muffett, a software engineer for Security Infrastructure at Facebook London, wrote that Tor users can access Facebook’s website directly over the Tor network. The new site, which can only be accessed from the Tor browser via https://facebookcorewwwi.onion/, enables users to connect to Facebook’s core infrastructure via a random pathway through several different servers on the way to Facebook’s data center so that anyone observing the traffic will find it difficult to trace users to their origin.
The service also uses SSL, and Facebook has provided an SSL certificate that cites the onion address, a domain used by Tor hidden services. As PCWorld reports, Facebook’s hidden service is the first .onion address to receive a legitimate SSL certificate from an issuing certificate authority, and that goes a long way toward assuring users that the service is actually run by Facebook. The browser uses an SSL certificate to verify that a user is connected to the site that he or she intends to connect to, and the post by Muffett notes that Facebook wanted the SSL certificate to cite the .onion address to give readers confidence in the legitimacy of the service.
Muffett notes that the current iteration of the service is just the beginning. “Over time we hope to share some of the lessons that we have learned — and will learn — about scaling and deploying services via the Facebook onion address; we have many ideas and are looking forward to improving this service. A medium-term goal will be to support Facebook’s mobile-friendly website via an onion address, although in the meantime we expect the service to be of an evolutionary and slightly flaky nature.”
What is Tor? How does it work?
As the Tor Project website explains, Tor was originally designed and implemented as an onion routing project of the U.S. Naval Research Laboratory for the purpose of protecting government communications. It’s now used for a variety of purposes by “normal people, the military, journalists, law enforcement officers, activists, and many others.”
Tor describes itself as a “network of virtual tunnels” that enable individuals and groups to improve their privacy and security on the Internet. They can use Tor to keep websites from tracking them, or connect to news sites, messaging services, or other sites blocked by local Internet providers. Tor’s hidden services protocol enables users to publish websites without revealing the location of the site.
Tor protects users against traffic analysis, a form of Internet surveillance that can be used to infer “who is talking to whom over a public network.” If they can track the source and destination of Internet traffic, various Internet spies can track users’ behavior and interests.
Tor’s website explains that “Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that’s an email message, a web page, or an audio file.”
Even encryption won’t fully protect users against traffic analysis. “Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you’re doing and, possibly, what you’re saying. That’s because it focuses on the header, which discloses source, destination, size, timing, and so on.” Encryption also doesn’t protect against more sophisticated forms of traffic analysis, where hackers spy on different parts of the Internet and use statistical techniques to track the communication patterns of organizations or individuals.
So Tor uses a “distributed, anonymous network” to distribute users’ “transactions” over several different, randomly-selected places on the Internet. The website explains, “The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints.”
Data packets transmitted via the Tor network go through several relays, and no individual relay ever knows the complete path that a data packet has taken — just the one that gave it the data, and the one to which it will pass the data. So if a relay is compromised, it won’t be able to figure out the full picture of where a packet originated and where it’s going. While Tor uses the same circuit for connections that happen within the same 10 minutes, later requests are assigned a new, random circuit.
How does Facebook’s hidden service work?
When connecting to Facebook over Tor, users still need to log in, and generally can’t use pseudonyms, so they’re still known to Facebook. But according to Wired, former Tor developer Runa Sandvik explains, “No, you’re not anonymous to Facebook when you log in, but this provides a huge benefit for users who want security and privacy.” She notes, “You get around the censorship and local adversarial surveillance, and it adds another layer of security on top of your connection.”
The Tor project was designed to prevent censorship and to circumvent surveillance, and Facebook’s hidden service will enable users to connect with the social network without outside parties gathering information about them via their web traffic. Facebook’s addition of SSL encryption protects users against surveillance systems, which Wired notes won’t be able to match up a user’s identity with their Facebook activity, even when spies watch Facebook connections or the user’s local traffic. And as Sandvik tells Wired, Facebook’s new service provides an added layer of security beyond what the user can achieve just by running Tor him or herself.
Tor users are warned of malicious “exit nodes,” the final computer in the randomized path that their traffic takes around the internet. Exit nodes can be used to spy on unencrypted traffic, or even strip encryption away. But when both the user and Facebook run Tor, the traffic doesn’t leave the Tor network until it’s secure within Facebook’s infrastructure.
Has Facebook worked with Tor in the past?
Greenberg reports that until now, Facebook has made it difficult for users to access the social network over Tor, sometimes even blocking their connections, because traffic generated through Tor sets off red flags with the other important security measures that the social network has put in place. As Muffett explained in his post:
Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.
Considerations like these have not always been reflected in Facebook’s security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor.
Adam Clark Estes reports for Gizmodo that Facebook has received numerous complaints over the years from users who have said that the site doesn’t function properly with Tor when they are able to log in with the anonymous network. It loaded irregularly, displayed fonts incorrectly, or sometimes didn’t load at all.
That’s because Facebook’s security measures often think that users trying to log in with Tor are botnets — a network of computers infected with malware and controlled as a group — trying to access hacked accounts. Like an attacker hacking an account, the traffic generated by a user accessing a Facebook account via Tor may appear to come from a variety of different countries in a short amount of time. Facebook’s adoption of the Tor hidden service protocol provides a more reliable option for users who want their web traffic to remain anonymous.
Why does Facebook’s Tor service matter?
Top sites like Facebook, Google, and Twitter have made the move to implement SSL encryption over the past few years, to better protect users’ traffic. So is the move to Tor the next logical extension of current privacy measures? Will other tech companies make the jump to the anonymous network? Sandvik hopes so, and tells Wired, “I would be really excited to see other tech companies that want to do the same. And I’d love to help them.”
A post on the Tor Project blog took a similar stance. The post addressed several lines of thinking about the Facebook hidden service, and noted that “visiting Facebook over Tor is not a contradiction,” because anonymity “isn’t just about hiding from your destination.” Instead, privacy and security measures should reflect the ability of technology to let users decide who gets to see their information:
There’s no reason to let your ISP know when or whether you’re visiting Facebook. There’s no reason for Facebook’s upstream ISP, or some agency that surveils the Internet, to learn when and whether you use Facebook. And if you do choose to tell Facebook something about you, there’s still no reason to let them automatically discover what city you’re in today while you do it.
While the post does raise some concerns about Facebook’s obtaining an SSL certificate for the .onion address — which the Tor Project team worries could reinforce to users that such a measure is necessary — the post is generally optimistic about Facebook’s adoption of the hidden services protocol.
Tor users not only gain more control over their privacy, but also gain the freedom to choose the sites that they visit, especially in places like Iran or China, where sites like Facebook have been blocked. To the Tor team, Facebook’s move to adopt hidden services signals that it’s decided “that it’s ok for their users to want more safety.” Facebook’s participation could help the team to make further improvements to hidden services, and the post notes that “we’ve been talking to some Facebook engineers this week about hidden service reliability and scalability, and we’re excited that Facebook is thinking of putting development effort into helping improve hidden services.”
While the creation of the hidden service could help Facebook to gain more security-minded users, it could also help the site to build its user base globally, especially in countries where websites are blocked and censored. The hidden service will help users in those countries access the social network without the risk of their web traffic giving away their identity. But for many users, the news comes as another acknowledgment of the grim reality that users’ traffic and online activity are often left visible to more spies than they would like to think.
When Facebook, a social network that rose to ubiquity by encouraging users to share all kinds of details about their lives, implements a growing array of security measures, those actions should signal to users not only the seriousness of the security concerns out there, but also the real value of their information, which is a key commodity for both legitimate and less-than-ethical parties on the Internet.