Facebook Restores Connections to Tor Users After Malware Spike

Facebook is no longer blocking visitors using the Tor anonymity service after its malware detection services saw a surge in activity this week from Tor exit nodes.

UPDATE – Facebook’s automated malware detection system temporarily blocked visitors who use the Tor anonymity service to access the social network after it found someone trying to mass scrape publicly viewable information from Facebook.

“A high volume of malicious activity across Tor exit nodes triggered Facebook’s site integrity systems which are designed to protect people who use the service,” a Facebook spokesperson said. “In order to protect people while we investigated the problem, access via these nodes was temporarily suspended.”

The issue has since been resolved, both organizations said, and Tor users are again able to access Facebook.

Tor developer Runa Sandvik told Threatpost that she did not have specific details on the activity in question other than someone was using Tor to do something malicious against Facebook, causing Facebook’s security systems to block an undetermined number of exit relays.

“There are around 1,000 exit relays, so when you use Tor to access a site, you’re using multiple exit relays to do so,” Sandvik explained. “With Facebook, if you were able to log on, you would be kicked out after a few minutes because Tor would choose another exit relay and it was being blocked. It wasn’t all exit relays, but a high enough number to be annoying and to make Facebook over Tor not usable for anyone.”

Sandvik said she started noticing issues two days ago; she uses Tor to access Facebook, she said. She reached out to a contact at Facebook who began investigating, and simultaneously was seeing similar reports from members of the Tor support team.

Tor is a free tool that keeps Web browsing sessions private and anonymous. The tool is a favorite, not only for privacy conscious users, or people concerned about censorship, but it has become a vital instrument for activists living in oppressed parts of the world to communicate with followers they otherwise would not be able to reach. Cybercriminals have also found solace on Tor and use the network to peddle spam, pharmaceuticals or other illicit activity online.

Sandvik, however, said there isn’t a typical user profile for someone who uses Tor to access Facebook, for example.

“Using Facebook over Tor doesn’t make you anonymous, but it does give you location anonymity,” Sandvik said, offering an example of protesters during the Turkish Spring uprisings who have made use of Tor to access social media. “Facebook will not know where in the world you are when you log on. It doesn’t give you total privacy because you will log on and post photos and content.”

Tor is essentially a network of voluntary users worldwide that act as proxies for Tor users’ Web traffic. Once a user downloads the free Tor software, the client contacts a Tor directory server for a list of Tor nodes. It selects a path to forward traffic until it reaches its destination; traffic is encrypted along the way. Each stop on the path knows only the previous hop in the chain and where it’s forwarding the packets; no individual node knows the whole chain through which traffic is passed. Individual Tor paths last only 10 minutes.

“The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints,” according to the Tor website. “Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it’s going.”

Tor has become a critical tool for political and social activists in oppressed countries, as well as non-governmental organizations, and even journalists. With recent malware attacks against Android phones belonging to Tibetans inside China and in exile for the purpose of surveillance, tools such as Tor can help secure not only privacy but physical safety.

“The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the others users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected,” the Tor website says.

Updated at 11:15 a.m. ET to include comments from Runa Sandvik of Tor, and to clarify throughout.

Updated at 12:30 p.m. ET with additional information.

Suggested articles