[tor-talk] Does Facebook Onion Work?
blobby at openmailbox.org
blobby at openmailbox.org
Thu Feb 18 14:39:19 UTC 2016
On 2016-02-17 23:17, Alec Muffett wrote:
> Hi All!
>
> I just wanted to confirm that facebookcorewwwi is working and is under
> active development; we are currently working on scaling bandwidth so
> that we can support more people who want to use Facebook over Tor.
>
> The facebookcorewwwi URLs use (and need) subdomains which are
> respected by web browsers, albeit that they are invisible to the Tor
> protocol.
>
> The URLs are as follows:
>
> https://www.facebookcorewwwi.onion/
>
> https://m.facebookcorewwwi.onion/
>
> ...the latter URL ("M-site") is a web-version of Facebook designed for
> mobile devices, which uses Javascript and yet can *also* be used
> without Javascript being available at all.
>
> When an issue (potential bug?) is raised with us, we generally attempt
> to reproduce it. Our rule-of-thumb is to try reproducing the issue on
> a recent (ideally latest) version of TorBrowser, without extra
> extensions, and with the TBB "Security Level" set between
> Low/Medium-High (for www) or between Low/High (for m-site).
>
> So far I have only managed to reproduce the "looping" issue once, and
> then only by exceeding the bounds of our "rule of thumb"; I currently
> suspect that this behaviour is related to manual configuration of
> Javascript controls in such a way that JS is only partially-enabled
> for the site, leading to anomalous script behaviour.
>
> Where Javascript is considered a risk it seems wisest to disable it
> entirely (Security Level: High) and then use M-site; restarting Tor
> Browser should clear any active state that would trigger the issue.
>
I have tried this for the mobile onion link both on Low and High
security settings. Both work fine but Facebook does ask for SMS
validation (as expected).
I think Alec Muffett is referenced in Kevin Mitnick's autobiography if I
recall correctly!
More information about the tor-talk
mailing list