Tuesday, November 4, 2014

Facebook's Hidden Onion Service helps protect users' privacy a little more

Facebook has long been criticized for its privacy concerns, but recently made a good move, creating a "Hidden Service" web address for the Tor browser.  You can download the Tor Browser Bundle here, and see video here (you can but don't have to put Tor on a USB).

Once you open Tor and check Tor at https://check.torproject.org/ go to https://facebookcorewwwi.onion/ to access Facebook's Hidden Service

Read Facebook's statement here on recent security implementations, including 

HTTPS across our service, and Perfect Forward Secrecy, HSTS, and other technologies

Here's what this does and doesn't do.

Tor wrote their own response after Tor users and journalists asked Tor for their thoughts.
Part one: yes, visiting Facebook over Tor is not a contradiction
I didn't even realize I should include this section, until I heard from a journalist today who hoped to get a quote from me about why Tor users wouldn't ever use Facebook. Putting aside the (still very important) questions of Facebook's privacy habits, their harmful real-name policies, and whether you should or shouldn't tell them anything about you, the key point here is that anonymity isn't just about hiding from your destination.
There's no reason to let your ISP know when or whether you're visiting Facebook. There's no reason for Facebook's upstream ISP, or some agency that surveils the Internet, to learn when and whether you use Facebook. And if you do choose to tell Facebook something about you, there's still no reason to let them automatically discover what city you're in today while you do it.
Also, we should remember that there are some places in the world that can't reach Facebook.

The Committee to Protect Journalists applauded the move too, citing how social media has become an important tool for journalism, and can now be accessed over Tor in countries that censor the internet and block access to social media sites
The Committee to Protect Journalists welcomes Facebook's move to enable access via a Tor hidden service, which came into effect on Friday. The step protects journalists and other users who are at risk of surveillancecensorship, or online attack.
The dedicated hidden service makes it much easier for a journalist using Tor to access Facebook, while making it extremely difficult for attackers to monitor their activities or location or to intercept or block their connections to Facebook. This is a substantial improvement in both safety and usability for journalists who use Facebook to disseminate news, connect with sources, and communicate with colleagues. It also means that journalists using Tor to protect their privacy and that of their sources when connecting to Facebook no longer have to worry about triggering Facebook security alerts which can temporarily lock out users from their accounts. 
but then continued to acknowledge that
The move does not prevent Facebook from monitoring the activities of its users as they navigate the site, but unlike normal browsing, access via Tor does not automatically convey to Facebook a user's physical location.
Facebook's move now hopefully puts pressure on other social media networks to do more to protect users

Many have also called for encryption for so called "private" communications that really aren't private.
From 2011

From 2013

And from 2014

WIRED writes
Over the past few years, sites like Google, Facebook, and Twitter have all implemented default SSL encryption to protect users’ traffic. Sandvik sees Facebook’s Tor hidden service as a sign that Tor may be the next basic privacy protection Silicon Valley companies will be expected to offer their users.

Let's hope so.

**Update 11/5 As with any new product, especially in cyber-security, there are always new developments to keep track of as more people try things out and find problems

No comments:

Post a Comment