Facebook officially supports users from Tor Borwser


Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud.

The idea is that the Facebook onion address connects you to Facebook’s Core WWW Infrastructure - check the URL again, you’ll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre.


Facebook innovated user tracking in Tor too?


Just read this comment on that post

You’ve just proven that Tor hidden services are broken. If you can brute force a key for facebookcorewwwi.onion, then you can brute force a key for any other existing hidden service and intercept their traffic. If Facebook has the resources to brute force their own full key, then you better believe the NSA and GCHQ do too. Which means that you will no longer know if the hidden service you’re connecting to is the real one or the NSA/GCHQ version. Tor hidden services are now dead.


Actually Facebook just wanted to have the name “facebook” (which is about 40 bits out of 80 bits in the onion address) to be present in the SHA-1 hash generated from the public RSA key. The guy Roger (one of the Tor developer) from the below mailing list says it wouldn’t be possible to generate all of the hidden services available in TOR (i.e., all the hashes). So, eventually they didn’t brute force the whole thing that could take ages to do and if its easy then SHA-1 should be cast out off the league :slight_smile: :slight_smile: . Nevertheless, that gives people a shock. :smiley: :smiley:

And this guy in the forum says the time taken to generate the specific character in the onion url which was tested in a 1.5ghz processor.

Source: https://lists.torproject.org/pipermail/tor-talk/2014-October/035412.html