Facebook made history on Oct. 31 by announcing the biggest irony in online privacy. The social network, which largely banks on users' real identities, has made a Facebook version exclusive to Tor users.
In a blog post, Facebook software engineer for security infrastructure Alec Muffett says Internet users who use the Tor browser to protect their anonymity can now visit Facebook via a special .onion address: facebookcorewwwi.onion.
Facebook even took a step further by providing an SSL certificate to confirm that the link is indeed Facebook's Tor address. This makes Facebook the first website with a Certificate Authority, a digital certificate that guarantees that the recipient is indeed who he claims to be, to launch a Tor-exclusive version with a certified connection to its URL.
"The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure -- check the URL again, you'll see what we did there -- and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre," says Muffett.
Tor is a network of tunnels that route Web requests, permitting users who would like to keep their identity anonymous for various reasons to use the Internet without allowing third parties to track them down.
First developed by the U.S. Naval Research Laboratory and the Defense Advanced Research Projects Agency (DARPA) in the mid-1990s, Tor was released to the public in 2002 and has since become the go-to software of Internet users who would like to keep their identities private.
Tor's anonymizing features have become useful for dissidents in censorship-heavy regimes, such as Russia and China, in communicating and organizing online and also for anonymous news sources submitting information to newspapers and other media outlets.
Former National Security Agency contractor Edward Snowden himself used Tor, in conjunction with Tails operating system and GPG email encryption, to hand over information from the NSA's surveillance program to journalists.
Users have long been able to use Tor to go on Facebook, but Facebook's security measures do not work well with Tor's method of routing connections through several computers to ensure anonymity.
Measures such as HTTPS, Perfect Forward Security and HTTP Strict Transport Security cause Facebook to think Tor users accessing the website are robots instead of real human users. This has caused a number of usability problems, such as fonts messing up and items such as ads and posts going all over the page.
With the new .onion URL in place, Facebook hopes to give Tor users an experience that is "more consistent with our goals of accessibility and security."
Critics, however, have already pointed out the flaws in Facebook's decision to release a Tor-specific URL, saying that having people use an anonymous browser to log in to Facebook and post pictures of themselves defeats the purpose of Tor.
However, the move is not likely dedicated to average users, who likely don't use Tor for their online activities anyway. As Lucian Armasu of Tom's Hardware points out, Facebook's Tor website is likely made for users living in oppressive regimes that block Facebook who use pseudonyms to promote their causes to Facebook's massive audience.
"Facebook, the platform, has been used for change in many countries, and Facebook must want to keep being a part of that, instead of seeing users flock to other more private and more secure platforms," he says.