Search Mailing List Archives
[liberationtech] Facebook available as a Tor hidden service
jancsika at yahoo.com
Fri Oct 31 13:00:50 PDT 2014
I made a scathing criticism of a poor UI decision in the TBB, and it came out the other end of your euphemism carwash as "really hard to figure out".
I have a very hard time believing you'd be as gracious in describing some aspect of Facebook's UI that "(advises)" to check some configuration box for enhanced security which isn't default behavior. Furthermore, if users of Facebook ended up getting pwned time and again, I also doubt you'd blame the set of all users who fail to check that optional box.
On Friday, October 31, 2014 1:47 PM, Robert W. Gehl <lists at robertwgehl.org> wrote:
Hi, Jonathan --
I do know the default, and I did change them to allow for
first-party scripts. I agree that TBB's NoScript defaults are
really hard to figure out (in comparison to NoScript in vanilla
Firefox -- which admittedly is still a complicated setup).
However, I assumed that if Facebook wanted to have a hidden
service, they'd account for the fact that at the very least
third-party JS is a no-no (and many Tor users also don't want to
allow any scripts).
>From what I could tell, the verification system I went to to
confirm my ID relied on third party scripts (it looked like Google
scripts). It was a system in which I had to identify pictures of
"friends". No pictures loaded.
Moreover, the .onion Facebook will probably always say that the
account is locked due to logging in from a "strange" location, so
there will be that issue.
In the end, I don't get why FB is doing this, other than to look
On 10/31/2014 11:40 AM, Jonathan Wilkes wrote:
You do know TBB's defaults regarding scripts, right? If it's a conundrum with no easy answer for Tor devs, it's a conundrum for Facebook as well. So please do get on Tor Talk list and criticise TBB for having an "(advised)" yet non-default setting for blocking all scripts.
>I understand the conundrum, and I agree that there isn't an easy
answer, but that default setting in TBB is batshit insane. It
is _the_ source of the conundrum. If script-blocking were
turned on by default Facebook wouldn't even waste time trying to
design a hidden service like this.
>On Friday, October 31, 2014 12:13 PM, Robert W. Gehl <lists at robertwgehl.org> wrote:
>I tried to login (with a fake account I maintain for just such a purpose). "Your account is temporarily locked," it says. I get that; it appears I'm trying to login from a strange location.
>To proceed, I have to ID pictures of friends. Ok,
I say. But the page with friends' photos doesn't
(common practice with the Tor Browser). Fail.
>Let's say people take this seriously -- to do so,
move when using Tor.
>It seems to me that this would just inculcate bad
security habits for any would-be Dark Web users.
>On 10/31/2014 08:14 AM, Steve Weis wrote:
>Facebook is now available as a Tor hidden service at this .onion address:
>>Blog post is here:
>Liberationtech is public & archives are searchable
on Google. Violations of list guidelines will get you
moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech