Facebook may have a troubled history with user privacy, but it certainly works hard to protect its users’ security. The social network has just made Facebook available over Tor, an open source security solution that encrypts messages through multiple network nodes.
See also: Facebook, If You’re Serious About Privacy Controls, Let Me Control Them
Facebook security engineer Alec Muffett noted that Tor users often face additional hurdles while trying to browse Facebook because of the way Tor encrypts a user’s location. This has led to connectivity problems in the past.
“From the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” he wrote. “In other contexts such behaviour might suggest that a hacked account is being accessed through a ‘botnet,’ but for Tor this is normal.”
Now there is a Facebook onion address, which is only accessible to Tor-enabled browsers. Facebook will continue to issue an SSL certificate to Tor visitors so they can be assured they’re at the right place, despite the different address.
Commenting on Muffett’s announcement, users were immediately suspicious that Facebook was capable of creating a custom Tor address, as these can be instigated with brute force attacks. However, Tor’s original developer Roger Dingledine explained on a mailing list what was going on behind the scenes:
“So to be clear, they would not be able to produce exactly this name again if they wanted to. They could produce other hashes that started with “facebook”, but that’s not brute forcing all of the hidden service name,” he wrote.
See also: Facebook Makes Web Browsing More Secure
It’s been a year since Facebook enabled HTTP Secure browsing by default for all users. This latest measure shows the site is continuing to keep others, at least, from viewing your data.
Photo by brendangates.