Facebook has long been criticized for its privacy concerns, but recently made a good move, creating a "Hidden Service" web address for the Tor browser. You can download the Tor Browser Bundle here, and see video here (you can but don't have to put Tor on a USB).
Once you open Tor and check Tor at https://check.torproject.org/ go to https://facebookcorewwwi.onion/ to access Facebook's Hidden Service
Read Facebook's statement here on recent security implementations, including
Here's what this does and doesn't do.
The Committee to Protect Journalists applauded the move too, citing how social media has become an important tool for journalism, and can now be accessed over Tor in countries that censor the internet and block access to social media sites
Many have also called for encryption for so called "private" communications that really aren't private.
From 2011
From 2013
And from 2014
WIRED writes
Once you open Tor and check Tor at https://check.torproject.org/ go to https://facebookcorewwwi.onion/ to access Facebook's Hidden Service
Facebook is now available as a Tor hidden service, fantastic work by @AlecMuffett and the rest of the team: https://t.co/BCWuLwpL0t
— Runa A. Sandvik (@runasand) October 31, 2014
Read Facebook's statement here on recent security implementations, including
HTTPS across our service, and Perfect Forward Secrecy, HSTS, and other technologies
Here's what this does and doesn't do.
@walidsa3d Well, it would encrypt and anonymize your traffic to Facebook, but you're still posting as you in realtime @runasand @AlecMuffett
— Andrew Ford Lyons (@drew3ooo) October 31, 2014
@Vision @AlecMuffett The hidden service provides a huge benefit to users who want privacy and security, but not necessarily anonymity.
— Runa A. Sandvik (@runasand) October 31, 2014
@daniel_bohrer @lordminx Facebook does not have your IP and cannot hand it over in response to a court order.
— Eva (@evacide) October 31, 2014
Tor wrote their own response after Tor users and journalists asked Tor for their thoughts.Part one: yes, visiting Facebook over Tor is not a contradiction
I didn't even realize I should include this section, until I heard from a journalist today who hoped to get a quote from me about why Tor users wouldn't ever use Facebook. Putting aside the (still very important) questions of Facebook's privacy habits, their harmful real-name policies, and whether you should or shouldn't tell them anything about you, the key point here is that anonymity isn't just about hiding from your destination.
There's no reason to let your ISP know when or whether you're visiting Facebook. There's no reason for Facebook's upstream ISP, or some agency that surveils the Internet, to learn when and whether you use Facebook. And if you do choose to tell Facebook something about you, there's still no reason to let them automatically discover what city you're in today while you do it.
Also, we should remember that there are some places in the world that can't reach Facebook.
The Committee to Protect Journalists applauded the move too, citing how social media has become an important tool for journalism, and can now be accessed over Tor in countries that censor the internet and block access to social media sites
The Committee to Protect Journalists welcomes Facebook's move to enable access via a Tor hidden service, which came into effect on Friday. The step protects journalists and other users who are at risk of surveillance, censorship, or online attack.continued
The dedicated hidden service makes it much easier for a journalist using Tor to access Facebook, while making it extremely difficult for attackers to monitor their activities or location or to intercept or block their connections to Facebook. This is a substantial improvement in both safety and usability for journalists who use Facebook to disseminate news, connect with sources, and communicate with colleagues. It also means that journalists using Tor to protect their privacy and that of their sources when connecting to Facebook no longer have to worry about triggering Facebook security alerts which can temporarily lock out users from their accounts.but then continued to acknowledge that
The move does not prevent Facebook from monitoring the activities of its users as they navigate the site, but unlike normal browsing, access via Tor does not automatically convey to Facebook a user's physical location.Facebook's move now hopefully puts pressure on other social media networks to do more to protect users
Facebook now has a Tor hidden service. Twitter better step up its game. https://t.co/iEbqCBtNbr
— Eva (@evacide) October 31, 2014
Ok, all cynicism aside: companies providing direct Tor links is an unalloyed good. Keep it up Facebook! Now maybe Twitter can get onboard.
— Matthew Green (@matthew_d_green) October 31, 2014
Many have also called for encryption for so called "private" communications that really aren't private.
From 2011
What Twitter really needs is an "encrypt DM" option. Easy to implement. And would shield it and its users from Stasi 2.0 of any government.
— Ed Gerstner (印格致) (@silentypewriter) January 8, 2011
In response to the NSA's efforts to tap into data, @twitter is working to encrypt DM'ing. #socialmedia | http://t.co/oHxNTatuSG
— BOBBY REMIS (@BobbyRemis) November 1, 2013
And from 2014
Direct Messages Won’t Be Encrypted by @Twitter, So Careful What You DM http://t.co/uNRUsre4BD by @selenalarson in @RWW ht @Autom8
— Liberationtech (@Liberationtech) March 19, 2014
WIRED writes
Over the past few years, sites like Google, Facebook, and Twitter have all implemented default SSL encryption to protect users’ traffic. Sandvik sees Facebook’s Tor hidden service as a sign that Tor may be the next basic privacy protection Silicon Valley companies will be expected to offer their users.
Let's hope so.
**Update 11/5 As with any new product, especially in cyber-security, there are always new developments to keep track of as more people try things out and find problems
How to use Facebook over Tor without Javascript: https://t.co/BFrFutaAwZ (via @AlecMuffett)
— Runa A. Sandvik (@runasand) November 5, 2014
No comments:
Post a Comment