[liberationtech] Facebook available as a Tor hidden service

[carlo von lynX]

On Fri, Oct 31, 2014 at 10:12:35AM -0600, Robert W. Gehl wrote:
> Let's say people take this seriously -- to do so, they will have to use
> Javascript, which is a bad move when using Tor.

Actually no problem with Tor at all.. after all Tor creates properly
authenticated links which is a lot safer than https, let alone http.
The risks of Tor are entirely about Tor possibly being targeted more
than regular Internet routing users, which both exit nodes and hidden
services could possibly do. In the case of these Facebook hidden
services we seem to know who is running the other side, so if an
attack is coming from Facebook it can pretty much only be by being
a TAO customer.

In other words, if you are a regular Facebook user, you are not more
at risk by switching to the more secure .onion. If you are a target,
then you are not better off by switching to .onion - you can still not
trust Facebook for Javascript execution. Facebook would only have a 
harder time denying having allowed TAO on you. 

Facebook DOES allow most of its function to be used without Javascript
via https://m.facebook.com, so to enable a truly safe usage of FB it
would have to also provide an .onion for that address.

Facebook has been quite cooperative allowing users to come from Tor 
exit nodes straight into https://m.facebook.com. They even recently 
fixed the ability to post to Facebook "Pages" (with Twitter gateway 
or not) without requiring Javascript.

So for everyone who needs to do activism over FB, as questionable as
that may be, but cannot risk getting her machine TAO'd, she should
stick to https://m.facebook.com until a suitable .onion is provided.

And keep that Javascript folly switched off.


-- 
	    http://youbroketheinternet.org
 ircs://psyced.org/youbroketheinternet