nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Facebook lifts Tor ban, touts encrypted onion access point

Paris Hilton

custom .onion address?

I thought the domain name system on tor used a "16 character name derived from the service's public key"

So have facebook brute-forced a custom domain of their chosing? If true, then thats the whole trust infrastructure of the hidden services is buggered. Unless something else is going on here?

Please can someone enlighten me?

Paris because that is how i feel.

3
0

Re: custom .onion address?

It is possible to brute force the first characters, the amount of processing time needed goes up exponentially with each character. Remember that they have truly massive amounts of CPU power.

1
0
Thumb Up

Re: custom .onion address?

It's a little scary actually. But yeah they brute forced the whole thing. I doubt they were specifically aiming for the corewwwi part though. More likely what they did was generate tons of these, and filter for facebook<words>.onion and then have a human look over the results to pick one that kinda made sense.

Still, it's an impressive achievement, and it probably means the 16 character addresses won't be good enough all that much longer.

4
0
Silver badge
Facepalm

Facebook? Anonymous?

Irony meter just overloaded.

13
0
Anonymous Coward

Serious question

What would be some use cases for accessing Facebook through an anonymising network?

5
0
Silver badge

Re: Serious question

To make anonymous posts, using a 'real name'. They could do that if the FB account was initially set up via Tor and then only ever accessed via Tor. The article talks about accessing an account but I'm wondering if you can set up an account via Tor. I suppose you, or a trusted friend anywhere in the world, could initially set it up from a public library computer or similar computers.

2
0

Re: Serious question

It does seem strangely at odds with the real name policy (although they claim they've relaxed that as well). But I guess one use case is that you post under your real name, but need to protect your location. Alternatively, Tor can also be used to bypass censorship, so people in countries where Facebook is banned might possibly find it useful.

1
0
Silver badge

Re: Serious question

Accessing facebook from any of the numerous countries there it is banned either continually or intermittently during periods of unrest.

This is handy from a free-speech perspective, as facebook does have uses in organising protests and posting news the government would rather people not hear. From Facebook's perspective it's a way to get a little market share in those countries. Probably not a great deal, but better than none.

1
1
Silver badge

Colour me cynical

but doesn't this actually mean - we have sorted out with the Feds and the NSA a way in which we can monitor and track the "anonymous" users.

7
0

This post has been deleted by its author

101
Mushroom

Re: Colour me cynical

Exactly!

FB participating in TOR must be a very bad sign indeed. Humpty Dumpty-ville I would venture.

2
0

Re: Colour me cynical

The perfect 'Dumb-Ass' Dragnet. Fucking idiots get what the get. Using an anon service to perform non-anon functions. It's called an NSA reach-around.

Let 'em .... It's just the NSA culling the herd.

1
1
Anonymous Coward

What's the point of using TOR

if you got a page on Facebook?

1
0

Could reveal Tor user

Beside the obvious real name anonymity conflict and other Facebook page info, this could bridge Tor and non-Tor web for a user. Same site content available both on www and Tor node seems like a bad idea.

Also, wouldn't friend association and their locations break your attempted anonymity?

2
0
Anonymous Coward

It occurs to me..

That this is a great way to catch dumb criminals...given Prism.

Crim: *zips up pants* that was highly immoral yet refreshing. Ooh an invite on my phone for a party *forgets to disconnect Tor opens Facebook*

With a bit of social engineering I can see how this could be a useful tool for authorities.

1
0
Silver badge
Unhappy

Just No!

Seeing as I won't touch FB with yours, let alone mine, I think... hope I'm safe

0
0
Anonymous Coward

Insecure solution

No body will care about using their douche services ...

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing