Facebook sets up ‘dark web’ link to access network via Tor
While it was already possible to access Facebook via Tor, the new set-up means all data is encrypted and Tor users are not mistaken for hacked accounts.
Users could access the site “without losing the cryptographic protections” of Tor, Facebook said.
It may appeal to people in places where the network is blocked.
China, Iran, North Korea and Cuba are among countries that have attempted to prevent access to the site.
So too have such countries attempted to block access to Tor itself. China in particular has attempted to implement measures to disrupt the network.
The creators of Tor have been engaged in a cat-and-mouse game with governments to keep the service accessible.
Facebook is the first Silicon Valley giant to provide official support for Tor, a network built to allow people to visit web pages without being tracked and to publish sites whose contents would not show up in search engines.
Facebook’s move would prove popular among those who wanted to stop their location and browsing habits from being tracked, said Dr Steven Murdoch, from University College London, who was consulted by Facebook for the project.
He explained users would still need to log-in, using real-name credentials, to access the site.
He told the BBC: “It’s quite hard to use a social network completely anonymously, it somewhat defeats the point, unless you’re just reading information.
“But just because you want to tell Facebook your name, doesn’t mean they should be able to find out your location and your browsing habits.”
Users will still need to log-in to use the site
The crucial change is the new Tor service – accessed through a Tor browser at https://facebookcorewwwi.onion/ – means all communication remains in the anonymous Tor network. Previously, some traffic would leave the closed network and access the open internet, potentially exposing a user’s location and other information.
Dr Murdoch dismissed suggestions the move could anger governments who regularly approached Facebook with requests to hand over user information.
“It’s not so much protecting people from governments,” said Dr Murdoch, “but protecting from people who are spying on communications – that could be anyone from criminals to marketers.”
Facebook, along with other major web companies, is currently pushing for permission to be more transparent over government requests it receives.
Dr Murdoch said Facebook’s Tor service did not increase the risk of Facebook being used for illegal purposes.
“Preventing Facebook from recording the IP address [location] makes tracing users harder,” he said. “But it was possible to access Facebook without disclosing your IP address before.”
It has been possible to access Facebook through Tor for some time, albeit with some frustrations.
Tor is a network that anonymises users. One of the key ways it does this is by routing internet traffic through several locations – making it hard to track down where the user is browsing from.
But when accessing Facebook, this causes problems. One of the site’s security measures is that if a user tries to log-in from an unexpected location, it will flag this as evidence the account has possibly been compromised.
Tor can be used to access Facebook in countries such as China, where the network is blocked
Of course, it could just mean that a user has changed location – holidaymakers often find they must go through additional security steps, such as naming people in pictures, before being able to log-in while abroad.
“[Tor's] design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” explained Facebook engineer Alec Muffett, who has led the site’s Tor efforts, in a blog post.
“In other contexts such behaviour might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.”
It meant accounts were being wrongly locked out. Other problems, such as fonts not displaying correctly, marred Facebook use on Tor.
What is Tor?
Tor is a special part of the internet that requires software, known as the Tor Browser bundle, to access it.
The name is an acronym for The Onion Router – just as there are many layers to the vegetable, there are many layers of encryption on the network.
It was originally designed by the US Naval Research Laboratory, and continues to receive funding from the US State Department.
It attempts to hide a person’s location and identity by sending data across the internet via a very circuitous route involving several “nodes” – which, in this context, means using volunteers’ PCs and computer servers as connection points.
Encryption applied at each hop along this route makes it very hard to connect a person to any particular activity.
To the website that ultimately receives the request, it appears as if the data traffic comes from the last computer in the chain – known as an “exit relay” – rather than the person responsible.
As well as allowing users to visit normal website anonymously, it can also be used to host hidden sites, which use the .onion suffix.
Tor’s users include the military, law enforcement officers and journalists – who use it as a way of communicating with whistle-blowers – as well as members of the public who wish to keep their browser activity secret.
But it has also been associated with illegal activity, allowing people to visit sites offering illegal drugs for sale and access to child abuse images, which do not show up in normal search engine results and would not be available to those who did not know where to look.
Follow Dave Lee on Twitter @DaveLeeBBC