Facebook says you can be social and secure, acquires .onion address for Tor users

Facebook, anonymous? Hardly, but users may still want Tor's location-hiding security while they use the service.

The so-called darknet, which is accessible via the anonymizing Tor network, has a reputation for being home to many disreputable sites. But now the biggest social network in the world is available via Tor. Facebook announced Friday that it is available to Tor users via a .onion address--the pseudo-top-level-domain used by Tor hidden services.

Anyone wishing to connect to Facebook via Tor can do so by typing https://facebookcorewwwi.onion/ into their web browser when connected to Tor (it won't work otherwise). Facebook says Tor users who visit the social network's .onion site are protected with end-to-end encryption since the .onion site connects directly to a Facebook data center via SSL.

Facebook's new .onion site makes it easier for users to connect to the social network via Tor without running into problems. Facebook's security systems, for example, may flag a Tor-connecting account for being hacked. Like a hacked account, Tor user traffic can appear to be coming from several different countries in a short period of time.

Why this matters: Facebook's very nature as a social network where anonymity is shunned may seem a strange candidate for creating a Tor site. But there are many reasons to connect to Facebook as securely as possible without revealing your location despite the loss of anonymity on Facebook itself. Participants in the 2011 protests against the Mubarak regime in Egypt, for example, used Facebook to mobilize protesters and inform the public.

A first for SSL

Facebook's SSL connection via Tor is also a first for the world of .onion sites. The social network's Tor hidden service is the first .onion address to receive a legitimate SSL certificate from an issuing certificate authority, according to a tweet from Runa Sandvik, who contributes to the Tor Project.

An SSL certificate is used by your browser to verify that you are connecting to the site you think you are. Facebook says it wanted to use an SSL certificate that cites its .onion address to give users confidence that they were indeed connecting to Facebook and not a malicious imitation.

Try it yourself

If you'd like to try out Facebook's new .onion site, download the Tor Browser from the Tor Project's site (we recently provided a brief tutorial on how to install the browser). Once you're up and running just type Facebook's .onion address into the browser's address bar and you'll be securely checking out your Facebook news feed in no time.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags FacebookTor

More about Facebookindeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

More videos

Blog Posts