Facebook and Anonymity, the Unlikely Friends, Finally Agreed for Truce

Facebook logo - onionsThe social network giant Facebook is often criticized over privacy concerns. As people have started saying Facebook as the "pioneer of privacy invasion", the company has attempted strategies to make things more transparent to its users. And on Friday, October 31st, 2014, the social network made a historic move in the name of security and anonymity.

Back in 2013, Facebook has said that it would work with Tor on a possible solution. After more than a year, it seems that this has come to a reality. Furthermore, Facebook even launched its own Tor address, despite Facebook still acknowledged that the network poses risks. The dedicated Tor link ensures people who visit the site from the anonymous web browser won't be mistaken for botnets.

And as a social network regarded to be the least anonymous website ever that never get much of a reputation for letting users hide their identities online, joining the web's most anonymous network is certainly a big deal.

Despite many concerns regarding privacy issues, Facebook has done a much better job ensuring security methods on the internet. Because of its massive user base and wide usage, Facebook understands that a compromised account can do real damage to the user.

With the big claim, Facebook is becoming the first website with a Certificate Authority - a way of establishing secure connections with users - to launch a dedicated Tor URL. By launching its own Tor hidden service, Facebook released a version of its website that runs the anonymity software. Facebook's Tor site https://facebookcorewwwi.onion can only be accessed by users running the Tor software.

Tor doesn't just let users hide their identities from the sites they visit, and it's also designed to circumvent censorship and surveillance that occurs much closer to the user's own connection. And since Facebook uses SSL encryption, no surveillance system watching either Facebook's connection or the user's local traffic should be able to match up a user's identity with their Facebook activity.

"You get around the censorship and local adversarial surveillance, and it adds another layer of security on top of your connection," wrote Runa Sandvik, a former Tor developer, in a blog post.

Until now, Facebook has made it difficult for users to access its site over Tor, sometimes even blocking their connections. When Tor users are able to login, the site doesn't work as intended. For example, fonts were all over the place, and ads were misplaced. Facebook, meanwhile, realizes that Tor's method of routing connections through several computers in order to preserve the users' anonymity compromises some of the many important security measures the site has already implemented. Because Tor users appear to log in from unusual IP addresses all over the world, they often trigger the site's safeguards against botnets.

"Tor challenges some assumptions of Facebook's security mechanisms - for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada," wrote Alec Muffett, a Security Engineer for Facebook. "Considerations like these have not always been reflected in Facebook's security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor."

Facebook’s Tor site is designed to provide an extra layer of security than running Tor on the user’s end alone can provide. The company said that it uses SSL atop Tor with a certificate that cites the unique Tor address. Tor users are often warned about malicious "exit nodes" that can sometimes be used to spy on their unencrypted traffic or in some cases, even strip that encryption away. When both the user and Facebook are running Tor, the traffic doesn't leave the Tor network until it's safely within Facebook's infrastructure. This, the company said, will allow Tor to maintain a secure connection and prevent users from being redirected to fake sites.

Over the past few years, sites like Google, Facebook, and Twitter have all implemented default SSL encryption to protect users' traffic. Sandvik sees Facebook’s Tor hidden service as a sign that Tor may be the next basic privacy protection Silicon Valley companies will be expected to offer their users.

"I would be really excited to see other tech companies that want to do the same," she said. "And I'd love to help them."

Facebook launching its own dedicated Tor service may seem like a strange move. Facebook still prohibit pseudonyms, and Tor users on the site are hardly anonymous to Facebook itself. But at least, Facebook users can now protect their identities from everyone else that want to spy on them.

"This provides a huge benefit for users who want security and privacy," said Sandvik.

By using Tor (acronym for The Onion Router), users can hide their activities and location from government agencies, corporations, or anyone else. This is done by Tor directing internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to hide the user from anyone else. Because of its ability to anonymize connection, the network is becoming more popular after Edward Snowden leaked his first revelation. The network that is also a tool for Julian Assange's WikiLeaks operations, is commonly used to gain access to censored information, to organize political activities, and to circumvent laws against criticism of heads of state. It's also a way to enter the "dark corners of the web" where many disreputable sites are located.