[tor-talk] Does Facebook Onion Work?

Thu Feb 18 14:39:19 UTC 2016

On 2016-02-17 23:17, Alec Muffett wrote:
> Hi All!
> 
> I just wanted to confirm that facebookcorewwwi is working and is under
> active development; we are currently working on scaling bandwidth so
> that we can support more people who want to use Facebook over Tor.
> 
> The facebookcorewwwi URLs use (and need) subdomains which are
> respected by web browsers, albeit that they are invisible to the Tor
> protocol.
> 
> The URLs are as follows:
> 
>   https://www.facebookcorewwwi.onion/
> 
>   https://m.facebookcorewwwi.onion/
> 
> ...the latter URL ("M-site") is a web-version of Facebook designed for
> mobile devices, which uses Javascript and yet can *also* be used
> without Javascript being available at all.
> 
> When an issue (potential bug?) is raised with us, we generally attempt
> to reproduce it. Our rule-of-thumb is to try reproducing the issue on
> a recent (ideally latest) version of TorBrowser, without extra
> extensions, and with the TBB "Security Level" set between
> Low/Medium-High (for www) or between Low/High (for m-site).
> 
> So far I have only managed to reproduce the "looping" issue once, and
> then only by exceeding the bounds of our "rule of thumb"; I currently
> suspect that this behaviour is related to manual configuration of
> Javascript controls in such a way that JS is only partially-enabled
> for the site, leading to anomalous script behaviour.
> 
> Where Javascript is considered a risk it seems wisest to disable it
> entirely (Security Level: High) and then use M-site; restarting Tor
> Browser should clear any active state that would trigger the issue.
> 

I have tried this for the mobile onion link both on Low and High 
security settings. Both work fine but Facebook does ask for SMS 
validation (as expected).

I think Alec Muffett is referenced in Kevin Mitnick's autobiography if I 
recall correctly!