Monday, 3 November 2014

Facebook has created the ability for users to connect directly to the social network via anonymising "dark web" service Tor

Woman holds laptop with thumbs-up 'like' logo
Facebook's Tor support means users' traffic remains in the anonymising network

While it was already possible to access Facebook via Tor, the new set-up means all data is encrypted and Tor users are not mistaken for hacked accounts.

Users could access the site "without losing the cryptographic protections" of Tor, Facebook said.

It may appeal to people in places where the network is blocked.

Facebook is the first Silicon Valley giant to provide official support for Tor, a network built to allow people to visit web pages without being tracked and to publish sites whose contents would not show up in search engines.

Facebook's move would prove popular among those who wanted to stop their location and browsing habits from being tracked, said Dr Steven Murdoch, from University College London, who was consulted by Facebook for the project.

He explained users would still need to log-in, using real-name credentials, to access the site.

He told the BBC: "It's quite hard to use a social network completely anonymously, it somewhat defeats the point, unless you're just reading information.

"But just because you want to tell Facebook your name, doesn't mean they should be able to find out your location and your browsing habits."

The crucial change is the new Tor service - accessed through a Tor browser at https://facebookcorewwwi.onion/ - means all communication remains in the anonymous Tor network. Previously, some traffic would leave the closed network and access the open internet, potentially exposing a user's location and other information.

Dr Murdoch dismissed suggestions the move could anger governments who regularly approached Facebook with requests to hand over user information.

"It's not so much protecting people from governments," said Dr Murdoch, "but protecting from people who are spying on communications - that could be anyone from criminals to marketers."

Facebook, along with other major web companies, is currently pushing for permission to be more transparent over government requests it receives.

Security blockage

It has been possible to access Facebook through Tor for some time, albeit with some frustrations.

Tor is a network that anonymises users. One of the key ways it does this is by routing internet traffic through several locations - making it hard to track down where the user is browsing from.

But when accessing Facebook, this causes problems. One of the site's security measures is that if a user tries to log-in from an unexpected location, it will flag this as evidence the account has possibly been compromised.

Of course, it could just mean that a user has changed location - holidaymakers often find they must go through additional security steps, such as naming people in pictures, before being able to log-in while abroad.

"[Tor's] design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada," explained Facebook engineer Alec Muffett, who has led the site's Tor efforts, in a blog post.

"In other contexts such behaviour might suggest that a hacked account is being accessed through a 'botnet', but for Tor this is normal."

It meant accounts were being wrongly locked out. Other problems, such as fonts not displaying correctly, marred Facebook use on Tor.


By Dave Lee: Technology reporter, BBC News
Follow Dave Lee on Twitter @DaveLeeBBC

No comments:

Post a Comment