
1M People Use Facebook Over Tor - Titanous
https://www.facebook.com/notes/facebook-over-tor/1-million-people-use-facebook-over-tor/865624066877648
======
nocarrier
Alec Muffet has done a lot of work to get Facebook running on TOR and he's a
true believer. I really enjoyed working with him when I was at Facebook. He
also did a lot of work to get .onion domains to be recognized by registrars as
a special purpose domain name. This let us issue certificates on .onion.

I don't know if the story behind the facebookcorewwwi.onion domain name itself
has been talked about much, but we wanted a memorable name for the domain so
we took a new cluster that hadn't been put in production yet and threw
something like 500k cores at brute forcing onion names till we had a memorable
domain name. Alec had a script that looked for hashes that started with
facebook and then he picked the one that seemed to fit the most. And that's
how we have facebookcorewwwi.onion now.

~~~
ludamad
I don't understand quite, why so much brute force?

~~~
danielvf
Onion names are sort of public keys. You generate a secret key, then that's
transformed/hashed into the public key that is your onion address.

Since onion addresses are essentially random strings of a certain length, the
only way to get a "vanity" onion address is to brute force it.

~~~
0x0
Also, if I'm not mistaken, this means that if YOU can brute force a vanity
domain, anyone else willing to throw down the same amount of computing power
can perform the same brute force and discover your private key, taking over
your onion site?

Edit: probably wrong, see below

~~~
jchendy
Sure. The same is true for anything that uses public key encryption (Bitcoin
for one). But the amount of computing power needed doesn't exist.

According to this person's math [1]: "It would take ~6.7e40 times longer than
the age of the universe to exhaust half of the keyspace of a AES-256 key"

I don't know if Tor uses AES-256, but I'm sure any reasonable encryption
algorithm would be similar.

[1]
[https://www.reddit.com/r/theydidthemath/comments/1x50xl/time...](https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/)

~~~
ikeboy
The energy calculation assumes the computation is irreversible. If you use
reversible computing, there is no lower bound: you can compute as much as you
want for as little energy as you want.

The time calculation assumes our current computers and disregards Moore's law.

~~~
Guvante
You have to create the algorithm to reverse an arbitrary AES-256 key, which is
considered to be impossible, so that doesn't really make a difference. Your
comment about current computers fails to grasp the scale that we are talking
about here:

> It would take 10^38 Tianhe-2 Supercomputers running for the entirety of the
> existence of everything to exhaust half of the keyspace of a AES-256 key.

Let's assume that Moore's law is true for forever. In 300 years we will have a
super computer capable of cracking a single AES-256 key in 37 millennium.
However claiming that Moore's law will stay the same for 300 years when many
think it won't last 30 is foolhardy.

~~~
ikeboy
>You have to create the algorithm to reverse an arbitrary AES-256 key, which
is considered to be impossible, so that doesn't really make a difference.

What? Why is brute force impossible to code? I don't understand what you're
claiming.

I agree that adding in Moore's law doesn't change the numbers by much. Moore's
law plus weakening of cryptographic assumptions might do it, though. Plenty of
previously-believed-to-be-strong crypto algorithms have been cracked, it's
reasonable to think that we just don't have the tools to create unbreakable
codes yet. (E.g. RSA is known to be breakable with quantum computers with
Shor's algorithm.)

~~~
Guvante
> What? Why is brute force impossible to code? I don't understand what you're
> claiming.

You claim that a reversible algorithm takes zero time. I said that requires a
reversible algorithm that applies to an arbitrary AES-256 key which is
currently thought to be impossible.

Brute forcing is not breaking but instead simply enumerating the key space and
is subject to the slow downs we are talking about here.

> I agree that adding in Moore's law doesn't change the numbers by much.
> Moore's law plus weakening of cryptographic assumptions might do it, though.
> Plenty of previously-believed-to-be-strong crypto algorithms have been
> cracked, it's reasonable to think that we just don't have the tools to
> create unbreakable codes yet. (E.g. RSA is known to be breakable with
> quantum computers with Shor's algorithm.)

But you are missing the point of cryptographic systems, the goal typically
isn't to be forever uncrackable, it is to be effectively forever uncrackable
which includes upgrading the strength of your cryptography over time.

If we were talking about cracking crypto within 100 years then maybe we could
talk about reasonable fear, but all of these things involve timelines that are
longer than that (including quantum computer work).

~~~
ikeboy
>You claim that a reversible algorithm takes zero time.

No, you misread my comment. Reversible computing can take almost no energy.

------
putasidemobile
Related: Please Facebook, let me peek over your walled garden. Taking a
privacy-friendly stance, with the current Facebook, hurts my social life.

I do not trust your company, and I think you are bound to act unethically in
the future. But I do not ask you to become a trustworthy ethical company. Mess
with the accounts of my friends all you want. I just want to be invited to the
next BBQ. People have stopped using e-mail for announcing these social events,
and _all_ use Facebook. Could it be possible for me to not be on Facebook, yet
still stay up-to-date on what my friends, or hell, even my parents now, are
doing? A more advanced social graph API that hooks into email, RSS, Twitter,
whatever... ?

I'm sure you also have my email-address from the address books of my contacts,
so you could verify me.

As one of your longest non-users (I remember when TheFacebook required a
Harvard-email for invite), please let me become a semi-user. It won't pay you
a dime, but it will make the world a better place.

~~~
mcpherrinm
Facebook users can invite non-Facebook users by email to events, if they want
to.

But for viewing what your friends and parents are doing on Facebook? Well,
they could change their privacy settings to be public, but that would hurt
their privacy. You want to be in their social graph, but not have a Facebook
account. What does that even mean? Do you just not want to have a password?
There's no rule you have to post any content, if you just want to view
other's.

~~~
putasidemobile
> Facebook users can invite non-Facebook users by email to events, if they
> want to.

This stops after a while. Even when you stay a pleasant person, you'll always
be "that guy" requiring an extra action to contact. The social ripple/ping of
an event stays inside Facebook.

> You want to be in their social graph, but not have a Facebook account.

In the ideal form this would be a totally open protocol (with backing of
Facebook, Google, ... and W3C).

In the current form, I do not know enough about Facebook to suggest a good
system. Yes. I want to be in their social graph, but not have a Facebook
account or be under Facebook TOS. If that is meaningless at the moment, maybe
we should make it mean something.

------
supermatt
Or 1 person uses 1M facebook accounts over Tor...

~~~
asimuvPR
Which would not surprise me a bit.

------
akavel
I've recently tried using FB via TOR (Browser) for the first time, but was
unable. After entering the onion address and my FB credentials, I was informed
that the account is temporarily blocked (presumably because of first access
via TOR). I was presented with an option of unblocking it by recognizing a few
photos of friends and matching them to names - but unfortunately, all those
photos showed as blank, white squares!

So, I wasn't able to login via TOR via the purposefully created .onion
address. Also, sent an issue report via non-TOR login about this, but never
got any response.

Note also that this seems to mean to me, that there may be people who are cut
off from FB via TOR same as me, but who don't even have a way to notify FB
about the fact. And thus not having any chance of having the bug fixed.

~~~
blacksmith_tb
That's a standard challenge if you try to log into your FB account from a new
machine / IP address that geolocates somewhere you don't typically seem to be.
Of course, that's pretty ironic since your Tor exit could be anywhere, but
it's not specific to Tor anyhow. I have seen the same behavior using VPN, too.

~~~
akavel
The problem is not the existence of the challenge. The problem is it is broken
in a fresh, unmodified install of the TOR Browser. Sorry, but I can't
recognize a pure white square properly as a person.

~~~
Raphmedia
That test is a Captcha. You failed it. Are you sure you are not a robot? Sorry
to announce it to you like that...

~~~
xur17
> but unfortunately, all those photos showed as blank, white squares!

It sounds like the test was just broken.

~~~
admax88q
Or he's a robot and is just claiming to have seen blank white squares.

------
HalcyonicStorm
Please explain it to me if I'm wrong, but doesn't logging into Facebook on Tor
defeat the purpose of Tor?

~~~
Titanous
No, you retain all of the properties of Tor hidden services: censorship
resistance, authenticated end-to-end encryption, onion routing that hides your
source IP.

Obviously if you log into a Facebook account with your real-world identity
then all actions performed on the site will be linked with it, but that is
expected.

~~~
boomlinde
I think his point is that if you are using Facebook, you are still limited by
the level of trust you have with them. That should be quite low for any
privacy conscious internet user. That you are using a different IP and a
pseudonym might be a hoop for them to jump through through to figure your
identity out should be considered in the context that they are likely already
collecting data about you without your consent from many different sources.
When it comes to jumping through these kinds of hoops, Facebook is a circus
lion.

------
NelsonMinar
It's funny that they say people use Tor "for a variety of reasons related to
privacy, security and safety". They left out "firewall circumvention", which I
have to believe is the #1 reason, at least in China.

~~~
HeavenFox
Unfortunately, it's been a very, very long time since Tor was last usable in
China.

~~~
alexchantavy
Can you elaborate? Someone above commented that Tor was the only way they were
able to get out of the GFW.

~~~
chrisfosterelli
China uses fairly complex artificial intelligence to detect TOR connections.
Anything that "behaves like" TOR or a VPN is quickly caught on to and blocked.

There are a few attempts designed to make TOR look more like standard web
traffic, which are really interesting.

It's definitely a cat-and-mouse-style game. Some have more success than
others.

------
mike-cardwell
I use "Tinfoil for Facebook" on my Android phone. It's a wrapper around the
mobile site with some extra features, and you can tell it to use "Orbot" (Tor
client for Android), and you can tell it to use the onion address as well if
you want (which I do). Which means I can use Facebook over Tor without using
the official app which steals god knows what data from your phone.

You don't get mobile notifications this way, so I just get my notifications
via email instead. And I uploaded my public PGP key to Facebook, so the emails
they send me are encrypted. Getting notifications via email also means that
Facebook doesn't even know if or when I've read a particular notification.

To read those encrypted emails on my phone I use K-9 Mail with OpenKeyChain.
My Yubikey Neo acts like a smart card reader to my phone over NFC so I don't
need to give my phone direct access to my secret PGP key.

This setup works for me because I try to limit my Facebook usage, keep my
number of "friends" on there to a minimum, and lie to Facebook whenever they
want me to explicitly supply information.

------
logicallee
Given Facebook's real-name policy, and the fact that it's literally a social
network of your best friends, then since all Facebook pages are HTTPS anyway,
the idea of using it over tor is... Uh... a bizarre

in theory the only thing you're leaking over a plain https is, "Hey this guy
has friends." (this connection is visiting facebook).

meanwhile in theory I'd expect facebook to leak everything else on their end,
because come on. I have next to zero expectation of privacy on facebook.

by that I mean you think people are planning terrorist plots over facebook?
come on.

so I find the mashup of tor with facebook to be kind of bizarre.

~~~
c22
If you expect facebook to leak everything they know about you then connecting
through tor allows them to know one less thing about you (the location you
used to visit facebook).

~~~
putasidemobile
Actually you share one more, important, datum: This user uses Tor. Likely uses
Tor for other, possible nefarious, purposes too. Likely has a high X_keyscore.

Your real profile and location can be inferred from your browsing habbits and
friend's data.

Unfortunately, with the current size of Facebook, even "not having an active
Facebook account" shares data, especially when you are in an age category
where all your peers do have profiles. It's a negative signal to recruiters
and employers ("must have something to hide...").

~~~
nisa
> It's a negative signal to recruiters and employers ("must have something to
> hide...").

Fuck them. Is this the line of thinking you want to align your live to?

We need to work together to stop that from happening. In the end the best fake
profile win's and it's a competition in hiding your sins. Medieval ages called
and complained that you used them to compare to this mess.

Every second/third? totally fine, everything perfect guy has some unhealthy
addiction but the guy who uses Tor for playing around or ordering drugs is
suspicious? It's laughable. You only get some collections of narcissists and
psychopaths as employees that still do occasionally harm to your company and
use drugs like everyone else.

What the fuck is going on. It's 2016 and I'm feeling like 1516.

------
JumpCrisscross
I wish Google and Apple would roll out .onion Gmail and iCloud services,
respectively.

------
rhokstar
Maybe bot networks are included in that number?

~~~
lossolo
For sure there is a huge amount of bots in this number.

------
sidcool
Does Google allow searches from Tor network? Last I heard it didn't.

~~~
realkitkat
URL: [https://ahmia.fi/](https://ahmia.fi/)

There are search engine(s) specialized for TOR. As per Wikipedia[1]: 'Ahmia is
a clearnet search engine for Tor's hidden services'. It was part of Google
summer of code in 2014[2].

[1] [https://en.wikipedia.org/wiki/Ahmia](https://en.wikipedia.org/wiki/Ahmia)
[2]
[https://blog.torproject.org/category/tags/gsoc-2014](https://blog.torproject.org/category/tags/gsoc-2014)

~~~
yxlx
Cool, been looking for something like this. However, it should be noted that
this is not what parent asked about. Parent was wondering if Google was usable
for regular web searches using a client that came from a Tor exit node via the
Tor network.

------
mvidal01
I wonder how many of these accounts are sock puppets?

~~~
tomswartz07
Probably not a lot. I use it to bypass firewalls sometimes.

------
agildehaus
I thought .onion addresses were for anonymous hidden services, which Facebook
is not. What's the advantage of accessing a .onion versus using Tor to visit
the normal facebook.com?

~~~
dublinben
Try reading the introductory blog post[0] before asking redundant questions.

[0] [https://www.facebook.com/notes/protect-the-graph/making-
conn...](https://www.facebook.com/notes/protect-the-graph/making-connections-
to-facebook-more-secure/1526085754298237/)

------
cookiemonsta
and how many of those are for spam...?

------
hfourm
Terrible title. I was wondering in what use case Facebook makes sense as an
alternative to Tor

~~~
etiam
Seems clear enough to me. But the misreading is hilarious. Thanks for sharing.

~~~
hfourm
I just think when we are talking about two technologies like this, something
like "via" or "through" is a bit clearer.

