
Making Connections to Facebook More Secure - jboynyc
https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
======
mike-cardwell
It concerns me that they were able to brute force a key for
facebookcorewwwi.onion. If they can do that, what's to stop somebody else
coming along and brute forcing a key for the same hostname.

Looks like Tor hidden services are now broken to me...

[edit] What's to stop Facebook from brute forcing a key for any of the
existing hidden services?

[edit2] If Facebook can brute force keys like this, so can the NSA and GCHQ.
Tor hidden services are officially broken.

[edit3] A colleague of mine suggested that this might be simply Facebooks way
of making it public knowledge that Tor hidden services can no longer be relied
upon.

[edit4] Facebook are saying (on the Tor Talk list) that they generated a load
of keys starting "facebook" and then just picked the one which looked most
memorable, and were extremely lucky to get such a good one:

[http://archives.seul.org/tor/talk/Oct-2014/msg00433.html](http://archives.seul.org/tor/talk/Oct-2014/msg00433.html)

~~~
mike_hearn
Nothing, and it's interesting that they have enough computational power to do
that for a relatively trivial project.

Meanwhile, whilst I applaud Facebook going above and beyond here, this doesn't
set a good precedent.

Firstly, Onion service are very slow. There is no need to pay this cost for a
service whose ownership is not actually hidden. If the Tor project made it
easier to reliably identify traffic from Tor exit nodes, Facebook could apply
whatever rules they wanted to Tor traffic without needing to slow things down
for everyone.

Secondly, by doing this, there's now a risk that other firms who want to be on
the cutting edge of privacy will try to copycat this approach, even though it
makes no sense and is very complex and expensive to set up. Worse, users might
think it's some kind of "gold standard".

Thirdly, it doesn't actually solve any of the reasons why Tor traffic is
routinely discriminated against and harassed: Tor is effectively a
"bulletproof ISP" that shields a lot of abuse and hacking. Merely making a Tor
hidden service specifically for Facebook doesn't solve that, at all.

~~~
bostik
> _Worse, users might think it 's some kind of "gold standard"._

That may be the worst unexpected consequence. Once onion services become more
mainstream, I fear FB's example - no matter how well intentioned - will turn
into an engineering nightmare. After all, after one of the best known online
brands does something clever, you can expect copycats to follow.

First, we'll get clueless PHB types demanding long vanity names.

Second, some services will happen upon neat onion addresses and ride the wave.
Their very existence will act as a goal post for the others.

Third, a vocal segment of users becomes accustomed to seeing "perfect" vanity
names. After all, such name means that the entity behind the name has enough
resources to actually get a proper vanity name.

Amidst all that, somewhere between stages #2 and #3, we will see (horribly
misguided) vanity onion service name markets. A bit like domain name squatting
from the late 90's, but with far worse consequences: at least with domain
names the only thing transferred was the control over the DNS entry. Because
onion service names are directly mapped to the private keys, selling a
$VANITY.onion address is the same as selling _a copy of the private key._

Caveat emptor, indeed.

~~~
maxerickson
Are naive users and Tor worth worrying about?

The list of "you have to" involved in making its use meaningful is pretty
long, and "normal" users aren't good at caring about details like that.

Please nobody construe that as a dismissal of the needs of those users, that
isn't what I'm getting at.

~~~
bostik
> _Are naive users and Tor worth worrying about?_

Right now? No. But in a near future? Possibly yes, if Firefox decides to
include a built-in Tor client. [0]

Even if the article (and the slashdot thread I lifted it from) were vapourware
right now, the idea clearly has been floated enough to make it an attractive
option.

[0]: [http://www.dailydot.com/politics/tor-mozilla-
firefox/](http://www.dailydot.com/politics/tor-mozilla-firefox/)

------
jgrahamc
The most interesting part of this (to me) is that they brute-forced the .onion
address (which is normally the SHA-1 hash of a public key).

Good thread on StackExchange about how to do that:
[http://security.stackexchange.com/questions/29772/how-do-
you...](http://security.stackexchange.com/questions/29772/how-do-you-get-a-
specific-onion-address-for-your-hidden-service)

~~~
higherpurpose
Tor still uses SHA1? I understand clueless download sites (such as FossHub)
and projects still using MD5 and SHA1, but I would hope projects that are
supposed to be about security would've stopped using SHA1 a long time ago. If
they dread moving to SHA2 because of its much slower performance, they should
at least use BLAKE2 [1].

Even NSA-influenced NIST recommended against using SHA1 after Dec. 2013. And
when NIST recommends a deadline for change, you know you should be doing that
at least 3-5 years earlier to be safe against state sponsored/NSA attacks.

[1] - [https://blake2.net/](https://blake2.net/)

~~~
haakon
Agree. I never understood why onion names are so short; they're not even the
full SHA-1 hash:

> The .onion name is computed as follows: first the ​SHA1 hash of the ​DER-
> encoded ​ASN.1 public key is calculated. Afterwards the first half of the
> hash is encoded to ​Base32 and the suffix ".onion" is added. Therefore
> .onion names can only contain the digits 2-7 and the letters a-z and are
> exactly 16 characters long.

(Source:
[https://trac.torproject.org/projects/tor/wiki/doc/HiddenServ...](https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames))

~~~
wowaname
Then move to I2P where there are inanely long .b32.i2p hashes. I believe Tor
stuck to sixteen to balance ease of use with security. I2P decided not to
truncate their hashes since they already have memorable short.i2p entries in
downloadable hosts files.

~~~
haakon
.onion addresses aren't particularly memorable anyway (Facebook's
nonwithstanding). They wouldn't have to go to insane lengths like I2P does,
but it seems like not cutting the SHA-1 in half would make it much stronger. I
just feel like in striking a balance, they should err on the side of huge
security margins. On the other hand, I don't really have an intuition for the
strength of the current addresses, so it's not meant as criticism as much as a
quest for understanding.

~~~
wowaname
Although I agree it isn't cakewalk to memorise an onion URL, it is possible
and many people do it usually by grouping or mnemonics. I'm not against any
change/improvement to the current address generation system in Tor; there are
certainly other better possibilities for both security and scalability.

------
justcommenting
Although this will be useful, I hope users will keep in mind that identifying
themselves while using Tor could make their other traffic less than anonymous.
In the Tor Browser Bundle, compartmentalizing your traffic via frequent use of
the 'New Identity' feature is usually a good idea.

Using this would also add to the data that one of the world's most aggressive
advertisers and an NSA PRISM partner will have about you as a Facebook user.

One plus: at least the login page appears to load correctly without javascript
enabled.

Edit to add: someone whose only interest is in not sharing their IP
address/location with Facebook could access this URL via
facebookcorewwwi.tor2web.org but the usual browser fingerprinting and
potential tracking caveats apply

~~~
driverdan
> identifying themselves while using Tor could make their other traffic less
> than anonymous

Why? With data encrypted end to end the only people who know you've identified
yourself are you and the end service.

~~~
justcommenting
suppose you see an article in your news feed while using the hidden service
and click on it; facebook still has a good chance of learning about your
browsing habits that way, even if you start from a hidden service. facebook
might then learn which exit your non-hidden-service traffic exits to, and from
there, it might have information to offer to advertisers about the identities
of tor users using a given exit around the same time.

even just having a strong authenticator of your real identity active on tor at
a given time may be concerning, depending on your threat model.

~~~
neltnerb
Where "advertisers" can be replaced by "NSA" for a more lucrative business
model... :-/

------
steakejjs
If you want more information on the specifics behind how FB did this, here is
a really really informative mailing list conversation about it. Instead of
coming up with facebookcorewwwi and then searching for it, they found a bunch
of "facebook" first, and then picked the best one.

[https://lists.torproject.org/pipermail/tor-
talk/2014-October...](https://lists.torproject.org/pipermail/tor-
talk/2014-October/035412.html)

------
xnull
From Tor:

"So I'm totally anonymous if I use Tor?

No.

First, Tor protects the network communications. It separates where you are
from where you are going on the Internet. What content and data you transmit
over Tor is controlled by you. If you login to Google or Facebook via Tor, the
local ISP or network provider doesn't know you are visiting Google or
Facebook. Google and Facebook don't know where you are in the world. However,
since you have logged into their sites, they know who you are. If you don't
want to share information, you are in control."

------
aestetix
While Facebook gets props for their astonishingly clever .onion address, it
seems rather odd to promote unlinkability while continuing to enforce their
legal names policy. I'd probably respect this a lot more if it was accompanied
by setting up Tor exit nodes, which invites actual risk and things like FBI
visits.

~~~
sp332
You can at least browse public Facebook posts without logging in. But I think
the main point is to avoid local censorship, reducing Tor to a simple proxy.

~~~
diggan
There is no difference from accessing Facebook from .com and .onion in that
case. If the main point would be to avoid local censorship, they would have a
bigger effect if they instead of focusing power on running a hidden service,
spent the effort on running an exit node.

------
DanBlake
I think its much more likely that facebook is utilizing this to better track
abuse. Its not always easy to tell if a user is using tor, and a statistically
higher percentage of tor users are doing things facebook doesnt like.

By creating a entry point, they can more easily track and label users that
even use that entry point, to better handle abuse.

------
junto
Can the NSA 'tag' a specific user using Tor? If so, wouldn't using Facebook
over Tor then provide them with a direct link between your FB identity and
your other Tor activity?

~~~
kreneskyp
Yes. If someone captures identifiable information then a user can be
identified. This can be minimized by using SSL to connect to services. A
service may share data so you should also use only a single service within a
Tor session. That includes closing tabs to prevent ajax requests.

A new session can be created by restarting Tor or from the tor indicator if
within TAILS.

~~~
lucb1e
Note that, although you are right that you should _usually_ use https on tor,
it does NOT APPLY to hidden services. Hidden Services are end-to-end
encrypted, regardless of whether you use http or https. That is also why a
site like Silk Road simply used http: it was a hidden service.

The reason for this is that it never leaves the Tor network. Traffic from a
tor client to a hidden service goes (encrypted) through relays, but never
exits. Basically you are entering a validation of the public key when you type
in the .onion address, so nobody can tamper with the connection.

------
dataminded
Can someone help me understand the intended user experience?

As I currently understand it, you connect anonymously to Facebook, login and
link your activities to your real life identity and Facebook turns over the
information that you provide to whatever powerful government entity you are
hiding from.

Why would anyone do this?

~~~
evgen
Probably because the latter half of your assertion, that "Facebook turns over
the information you provide to whatever government entity you are hiding from"
is a lie. This protects people who feel they need to hide the fact that they
are connecting to Facebook from an observer/ISP.

~~~
dataminded
Maybe my phrasing was overly strong. As I understand it, there are no
guarantees that the information that we put into a service like Facebook can
be kept out of the government's hands. Whether or not Facebook is doing it
willingly, is not relevant to my question.

What is the value in using tor to connect anonymously to a system that ties
back to your real life identity?

[http://venturebeat.com/2014/05/15/how-the-nsa-fbi-made-
faceb...](http://venturebeat.com/2014/05/15/how-the-nsa-fbi-made-facebook-the-
perfect-mass-surveillance-tool/)

~~~
scott_karana
The tie is only temporal, and it's still anonymized.

The only concession is that now the government you're avoiding _might_ know
you use Tor, if Facebook tells them.

\----

Here's the usage case: you're a foreign national visiting a country with a
restrictive firewall, like China's. Now you can continue to communicate with
people back home.

Facebook already had your information, in this scenario, so nothing has
changed except that they know people from China are desperate for their
services. That's only good, in my book.

------
spacefight
Which CA signed the .ontion cert in that case? Self signed?

~~~
spindritf
No. It's a fully valid ceritifcate issued by DigiCert to

    
    
        CN = *.facebook.com
        O = "Facebook, Inc."
        L = Menlo Park
        ST = CA
        C = US
    

with a bunch of altnames

    
    
        DNS Name: *.facebook.com
        DNS Name: facebook.com
        DNS Name: *.fb.com
        DNS Name: *.fbsbx.com
        DNS Name: *.fbcdn.net
        DNS Name: *.xx.fbcdn.net
        DNS Name: *.xy.fbcdn.net
        DNS Name: fb.com
        DNS Name: facebookcorewwwi.onion
        DNS Name: fbcdn23dssr3jqnq.onion
        DNS Name: fbsbx2q4mvcl63pw.onion

~~~
spacefight
Thanks - learned something that you can put anything in the alt names list. So
digicert is not checking those to be valid domains and controlled by the cert
requester?

~~~
iancarroll
You can't put _anything_ in the SubjectAltName field, you can put anything
that _isn 't_ a valid TLD (and not have to validate it).

~~~
im2w1l
So Eve could also get a cert for facebookcorewwwi.onion?

~~~
iancarroll
Yes. I submitted a request for one just now, actually. Hopefully the CA
doesn't flag it for containing Facebook.

~~~
iancarroll
Just had it issued. Probably going to write a blog post now.

~~~
AmustheGreat
Did you get it from DigiCert? Or from another CA?

~~~
iancarroll
GlobalSign.

edit: They've revoked the cert. :(

~~~
mike_hearn
But does TBB check for revocations? I bet the answer is no because otherwise
it'd be sending the sites you visit to CA's via OCSP and Tor would never want
that. So I think you still win.

~~~
e12e
You could still get a full revocation list (via Tor or not). In fact using
OCSP over Tor should be safe? FB sees some-exit-node, sends you a cert, CA
sees some-other-or-same-but-not-provably-you requesting status of FBs cert.
Unless FB sent you a specially craftet, session-spesific cert, CA would only
see that "someone" checked the status of FBs cert. And with no immediate link
between "you" and "someone"? Much as DNS over Tor is safe (but DNS over udp
isn't)?

------
lorddoig
I dread to think how much electricity it cost them to brute that vanity URL.

------
justcommenting
adding a link to roger's super-thoughtful and basically authoritative blog
post on the subject: [https://blog.torproject.org/blog/facebook-hidden-
services-an...](https://blog.torproject.org/blog/facebook-hidden-services-and-
https-certs)

------
wtbob
Heh, my first reaction was, 'shoot, they brute-forced an address!' and I see
that a lot of others had the exact same idea. I wonder how tough that was to
do—I'm guessing that they didn't use Shallot!

Looks like some sort of CA structure is going to be pretty vital to Tor…

~~~
tyho
CA structure is not vital to tor at all. All connections to hidden services
are encrypted and authenticated end to end. the URL serves as the public key.

~~~
wtbob
The public key which is obviously brute-forceable…

------
cordite
Huh.. I wonder if something like Cloudflare would offer something like this
next? (Whether or not they might brute force vanity URLs is another matter)

~~~
justcommenting
not sure if you're trolling, but i wish cloudflare weren't so overtly hostile
to tor users! i've already stopped using all but a few cloudflare sites for
this reason.

~~~
jonknee
On the other hand, tor users are very hostile to Cloudfare. The percentage of
traffic from tor that is malicious is not small.

~~~
justcommenting
just about everywhere else, service providers have figured out ways to allow
access while managing abuse.

cloudflare ends up being a HUGE pain and practical barrier for the vast
majority of people who use tor to exercise their right to read.

~~~
jonknee
Sure, but Cloudfare is where you go when you have already had malicious users
causing trouble. It doesn't seem crazy that it would be a huge problem for
Cloudfare hosted sites (and as such, the block).

Sites that want Tor users should do well and avoid services like Cloudfare,
but for sites that don't care it's a very effective way to cut out malicious
actors.

It's not nice in a freedom sort of way, but for ad supported sites Tor traffic
is worthless and there is little incentive to try and cater towards it.

------
revelation
Last I checked, Facebook doesn't work at all unless you are logged in.

So I can now tell Facebook my personal information and a list of associates
_securely_ , which it will then promptly share with any government interested.

I guess its the best way yet to illustrate the basic problem with Tor (no
technology in the world can protect you from giving the bad guys your home
address), but can't shake the feeling that this makes an utter mockery of the
idea behind Tor.

~~~
justcommenting
two words for you: censored users

------
bhartzer
I'm sorry, but even the thought of a more secure Facebook site won't get me to
post on there.

------
rbcgerard
awesome! I can now securely hand over my personal data to a company that will
turn around and sell it...what a relief...

