[liberationtech] Facebook available as a Tor hidden service

Robert W. Gehl lists at robertwgehl.org
Fri Oct 31 10:46:41 PDT 2014 

Hi, Jonathan --

I do know the default, and I did change them to allow for first-party
scripts. I agree that TBB's NoScript defaults are really hard to figure
out (in comparison to NoScript in vanilla Firefox -- which admittedly is
still a complicated setup). However, I assumed that if Facebook wanted
to have a hidden service, they'd account for the fact that at the very
least third-party JS is a no-no (and many Tor users also don't want to
allow any scripts).

>From what I could tell, the verification system I went to to confirm my
ID relied on third party scripts (it looked like Google scripts). It was
a system in which I had to identify pictures of "friends". No pictures
loaded.

Moreover, the .onion Facebook will probably always say that the account
is locked due to logging in from a "strange" location, so there will be
that issue.

In the end, I don't get why FB is doing this, other than to look hip.

- Rob



On 10/31/2014 11:40 AM, Jonathan Wilkes wrote:
> Hi Rob,
> You do know TBB's defaults regarding scripts, right?  If it's a
> conundrum with no easy answer for Tor devs, it's a conundrum for
> Facebook as well.  So please do get on Tor Talk list and criticise TBB
> for having an "(advised)" yet non-default setting for blocking all
> scripts.
>
> I understand the conundrum, and I agree that there isn't an easy
> answer, but that default setting in TBB is batshit insane.  It is
> _the_ source of the conundrum.  If script-blocking were turned on by
> default Facebook wouldn't even waste time trying to design a hidden
> service like this.
>
> -Jonathan
>
>
> On Friday, October 31, 2014 12:13 PM, Robert W. Gehl
> <lists at robertwgehl.org> wrote:
>
>
> I tried to login (with a fake account I maintain for just such a
> purpose). "Your account is temporarily locked," it says. I get that;
> it appears I'm trying to login from a strange location.
>
> To proceed, I have to ID pictures of friends. Ok, I say. But the page
> with friends' photos doesn't load, probably because I have Javascript
> off (common practice with the Tor Browser). Fail.
>
> Let's say people take this seriously -- to do so, they will have to
> use Javascript, which is a bad move when using Tor.
>
> It seems to me that this would just inculcate bad security habits for
> any would-be Dark Web users.
>
> - Rob
>
> On 10/31/2014 08:14 AM, Steve Weis wrote:
>> Facebook is now available as a Tor hidden service at this .onion address:
>> https://facebookcorewwwi.onion/
>>
>> Blog post is here:
>> https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
>>
>>
>>
>
>
> -- 
> Liberationtech is public & archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing
> moderator at companys at stanford.edu.
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141031/d25426de/attachment.html>

More information about the liberationtech mailing list