If you are in a country or organization that would prefer you not visit Facebook, this can be useful.
If you would prefer that Facebook not know your location and IP address, this can be useful.
Obviously if you log into a Facebook account with your real-world identity then all actions performed on the site will be linked with it, but that is expected.
It doesn't make sense to not allow the user to access certain sites, but allow Tor that can easily bypass that protection.
talk from the 23c3 about tor and china:
The ingenuiety of the hidden service is that FB basically inverted Tor's idea. Tor is really good at bypassing restrictive net filters, while at the same time it hides your browsing destination. So in effect FB turned a Tor address into their own highly resilient web proxy. Where a proxy normally provides a guarded way out of a network, the hidden service provides an otherwise untraceable way in.
Now, technically it is ~possible to identify FB-Tor traffic from regular Tor traffic. At least in some sense. Because the address is inside the .onion network, there are only half as many routing hops between the client and the server. So if you, as a well funded governmental adversary, first identify nearly all Tor traffic, you can then see which clients receive their responses notably faster than the rest.
These faster roundtrips are very likely using hidden services. If you then drill down even further, I am sure you should be able to identify a reasonably large fraction of your own subjects who are clearly accessing FB and thus stepping around the nationally imposed censure.
For the record, Alec didn't consider the above traffic analysis attack particularly feasible. And we both agreed that the straightforward solution is to get a lot more traffic for hidden services in general. Once FB is not the sole huge site with a hidden service, their traffic cannot stand out.
This came up in a discussion we had. FB is proposing (and funding) development that would make hidden services faster. One of the measures would be to make [some?] hidden services reachable over 3 hops only.
A quick search does not bring anything on the topic up, but it can easily be that I try to search for wrong key words.
But anyway, why would a hidden service with 3 hops look different than a clearnet site visited over tor and 3 hops?
So under the faster onion routing, when accessing FB.onion your roundtrip is total of 6 hops. Hops 3 and 4 will be made to an edge node network, so the "last hop in" and "first hop out" will be, on average, faster. Even if the circuit was reconfigured midway through the session, the fast innermost hop would still exist.[~]
It's just another timing attack, with passive traffic analysis. I wonder how much one could do with active attacks.
~: I have no knowledge how FB has configured their Tor network connectivity, but I do know that the private key is not held on a single termination point. (The traffic volume is too much for a standalone node.) Hence I am making an educated guess that their onion address is advertised from multiple edge systems.
(I suppose that different protocols are being used that have different times, but that seems negligible; wouldn't bet on that though.)
When using a public site over Tor, the connection looks like this:
1. User connects to a relatively nearby entry node (guard) [hop #1]
2. Guard node routes the packet via a relay [hop #2]
3. Relay routes the packet to an exit node [hop #3]
4. Exit node routes the packet out of the Tor network, and has responsibility for finding the actual destination. Even for a globally available high-traffic site the route from exit node to the nearest edge node has to travel across a couple of networks.
Now, under the proposed 3-hop hidden service protocol - when user accesses a hidden service, I had understood that the "exit node" is replaced by the hidden service itself. So the connection would look like this:
1. User connects to a nearby guard node [hop #1]
2. Guard node routes the packet to a relay [hop #2]
3. Relay node routes the packet to the hidden service [hop #3]
4. There is no step four. The packet has been delivered to its destination network.
For a random hidden service this probably wouldn't matter much, but if/when the third hop is provided by a globally accessible edge network, the latency between relay and final destination should be quite good.
With the elimination of post-Tor routing steps, and with the constantly better latency from relay to the hidden service, I expect the overall latency for this particular Tor circuit to be measurably lower. After all, there are no public hops beyond the circuit termination nodes. So from traffic analysis point of view, Tor/FB traffic should stand out from other Tor traffic.
And I think I found some references, at last. Search for "Direct Onion Services: Fast-but-not-hidden services" draft discussion on tor-dev archives.
Anyway, skipping the third hop would decrease user anonymity, because you'd only need two relays to cooperate to identify the user and who they're connecting to. Regular tor requires all three to cooperate.
The proposal uses a rendezvous point instead of an exit node, but that shouldn't affect speed as far as I see.
Start enforcing it heavily and the people that DO use those services may start protesting or moving into activist roles.
Cracking down on college students seems like a really dumb idea.
Now, for some of the reasons why you'd want to use Facebook via Tor, it might not matter much - using Facebook might be bad enough (eg: it could be considered subverting state censorship) -- so if Facebook is already colluding with your adversary, just having a Facebook account might be enough to give you problems.
It might be enough for a legal veneer of plausible deny-ability, although I doubt it: Eg, perhaps you're a drone pilot and you login to Facebook via Tor, and paste in a gpg-encrypted, ascii-armored text-message to a journalist on Facebook. You could claim someone must've hacked your account. Or you could collude with someone else, and "borrow" their account. I don't think it'd keep you out prison though.
They make money from knowing who people are, and selling that. This cleaves the driving tor concept by deanonymizing users.
For anybody as large as Facebook, if enough people go for it, the remaining slice of the pie will be really small (because not all have tor, but many of those that have, have Fb).
Derive conclusions accordingly.
The process is described in "Part three" here: https://blog.torproject.org/blog/facebook-hidden-services-an...
"The short answer is that for the first half of it ('facebook'), which is only 40 bits, they generated keys over and over until they got some keys whose first 40 bits of the hash matched the string they wanted."
"Then they had some keys whose name started with 'facebook', and they looked at the second half of each of them to pick out the ones with pronouncable and thus memorable syllables. The 'corewwwi' one looked best to them — meaning they could come up with a story about why that's a reasonable name for Facebook to use — so they went with it."
(Corrected: Hash of public key not private key per itsbenweeks below)
..."a base32 encoding of a
10-octet hash of Bob's service's public key"
1. race condition?
2. waste of key space?
To make this more clear, most tor hidden service sites that don't have loads of computing power to bruteforce a vanity domain have uris that look like http://3g2upl4pq6kufc4m.onion
2. You can't "register" key. If some person manage to generate key with same vanity he can use same address as facebook, but practically this is nearly impossible. And if that happen this can be easily detected by facebook so they can just change official key.