One Million Access Facebook Over Tor

Facebook tor

Facebook reports that for the first time in a given 30-day period, more than one million people access the social network over Tor.

Accessing Facebook over Tor may seem to be a contradiction, but apparently that’s not the case for a million or so users of the anonymity service.

Facebook on Friday said that in April, for the first time, there were more than one million people accessing Facebook over Tor in a 30-day period.

As a comparison figure, Facebook said that last June, for a typical 30-day period, it logged 525,000 people using Facebook over Tor.

“This growth is a reflection of the choices that people make to use Facebook over Tor, and the value that it provides them,” said Alec Muffett, software engineer for security infrastructure at Facebook in London. “We hope they will continue to provide feedback and help us keep improving.”

Facebook made itself available as a Tor hidden service in October 2014 and immediately alleviated problems that Tor users had in trying to connect anonymously to Facebook. Security controls native to Facebook put a number of roadblocks in the way of Tor users.

“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” Muffett said at the time. “In other contexts such behavior might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.”

Facebook’s Tor hidden service was also the first .onion address to be a SSL certificate from a Certificate Authority. The .onion address connects directly to Facebook’s infrastructure, rather than via an exit relay.

Since the debut of the. onion domain, Facebook has also built an onion mobile site, standardized the .onion domain name and enabled Tor connections for users of its Android app through Orbot.

“People who choose to communicate over Tor do so for a variety of reasons related to privacy, security and safety,” Muffett said. “It’s important to us to provide methods for people to use our services securely – particularly if they lack reliable methods to do so.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.