Facebook via Tor May Not Be All That Private

Nov 04, 2014 at 4:16 PM ET

Facebook announced last Friday that it had launched a version of its website that can be accessed through the Tor browser, allowing users’ log-in locations to be masked from their Internet service provider. The new version of the site will allow users to connect to Facebook in countries plagued by Internet censorship without local ISPs knowing.

However, several issues have been raised in response over how privacy and security could be compromised in the long run. Comments posted on Facebook’s official post, Tor’s blog and Tor communities on Reddit (r/TOR  and r/onions) raised major red flags for anyone who might want to use the two platforms in combination.

First, in order to access Facebook through Tor, JavaScript (a scripting language) must be enabled. This allows Facebook to make connections with the browser and can potentially result in information leakage, compromising privacy. A general rule of thumb for privacy-minded Tor users is disabling features like JavaScript. The fact that Facebook needs to have JavaScript enabled means that’s not possible, and one commenter on the Facebook note even asked whether thousands of new Tor users with JavaScript enabled could be a security risk for other Tor users.

Second comes the issue of Facebook’s data collection. Facebook collects vast quantities of metadata on its users and their behaviors. By allowing connection via Tor, Facebook will have access to the browsing behavior of Tor users on their platform. How Facebook will use this data remains a huge question, as is whether or not the mere collection of it will put people off using the Tor-Facebook combo altogether.

Lastly, we get to Facebook’s use of third-party service providers who buy access to your data. When on Facebook, various third-party services use trackers (cookies) to gather information about your behavior and provide services and advertisements tailored to your browsing activity and habits. However, using Tor blocks access to active third-party trackers. Thus, using Facebook through Tor gives full monopolistic control of your data to Facebook itself.

In a nutshell, privacy concerns remain. Only a tiny core of users will pair falsified Facebook profiles and Tor, and even that won’t guarantee anonymity from both your ISP and Facebook. While use cases for Facebook and Tor do exist, for anyone who cares about 360-degree anonymity, or for whom secure communications are a matter of life or death, Facebook and Tor is most likely a no-go zone.