Facebook has finally added Tor support - a godsend for people who want to browse the social media site, but who are worried about the potential privacy and security risks about browsing without a proxy.
The announcement was posted on their official blog yesterday by Alec Muffett, Facebook's Software Engineer for Security Infrastructure. According to Muffett, the site also embraced SSL on top of the Tor connection to best utilize the system with their infrastructure. Facebook's utilization of Tor is novel in this way, Muffett says.
The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure - check the URL again, you'll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre.
Facebook previously embraced a strict policy towards Tor, which the site says is because of the unpredictability of its connections. "Tor challenges some assumptions of Facebook's security mechanisms," Muffett says. "For example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a “botnet”, but for Tor this is normal."
In addition to benefiting those who wish to have increased privacy in the Western world, the ability to access Facebook over Tor may be beneficial for those in countries that embrace Internet censorship - like China, Turkey, and Syria.
Muffett also says the site may plan in the future to add mobile support for Facebook access via Tor (by providing a mobile-friendly version of their website for cell phone-based Tor users).