Wow – Facebook comes onside?

We weren’t expecting this Mr Zuckerberg. Looks like there is a whole new reason for the public to want a Tor router like Cloak. Expect a lot of fallout over this one.

http://www.theguardian.com/technology/2014/oct/31/facebook-anonymous-tor-users-onion

http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-direct-access-to-its-service-over-the-tor-network/

http://thenextweb.com/facebook/2014/10/31/facebook-now-available-tor-network/

http://www.theverge.com/2014/10/31/7137323/facebook-adds-direct-support-for-tor-anonymous-users

http://www.pcworld.com/article/2842132/facebook-sets-up-shop-on-the-tor-anonymity-network.html

Posted in Cloak, News, Tor
2 comments on “Wow – Facebook comes onside?
  1. Fake girl who is actually a dog but likes giraffes and only exists on the internet says:

    Someone @facebook is either a genius or a huge idiot. This will just serve to decloak TOR traffic by foolish people logging in to their real identity, thus correlation as facebook has widgets all over the web, good by anonymity. This is a genius move considering most of the angel investors for facebook were government agencies, or employees of government agencies. It’s and idiot move because it may also spur tons of accounts not connected to a real identity spamming or posting illegally on facebook.

    In theory you post on facebook and unless facebook works without javascript or flash etc,. which they currently don’t from what I can tell. They instantly can de-anonymize you. Now they also use cookies and settings, you login to facebook you are now sacrificing your anonymity, all thats left to hide is your location. Which facebook typically knows, by your own entry or the majority of your friends and family sharing the same location. In theory you want your browsing to be private, you look up a news article or browse a site and you get cookies, some of which already communicate when you are on facebook, you also get facebooks own widget on those sites. It’s all a tangled web of woven deceit. Now anyone with an exit node CAN and most likely WILL be scanning your traffic, cleartext passwords still happen, and SSLStrip, and 100s of tools like it can accept paypals SSL cert on your behalf and reserve it and steal your passwords and usernames quite easily. Unless you have dual authentication and even then session cookies can be hijacked as well. I’d highly advise against any use of personal identity in any form on any site, especially if they require logins. This whole idea is a either insanely idiotic or a genius plan to convince people its OKAY to do. It’s like facebook hired August Germar to ruin peoples privacy, since he couldn’t do it with the Anonabox, which he said it was ok to login to all your sites through, and it was ‘encryption’. Anonymity and encryption are vastly different and the difference is important. I hope Cloak makes sure to specify this and pays attention that anyone connecting to your wifi TOR AP or TOR LAN, can and will leak your location or correlate your identity if they aren;t setup to block javascript, flash etc,. This is why TOR is best kept to the TORBrowser, the best way to remedy this would be a Radius server on the router that forces the user to its own homepage and it does a system settings checkup, and tells them they NEED to disable such things upon reading the dos and donts before hitting accept and being allowed direct TOR access. You might even want to go as far as to have DNSMasq&Squid or similar installed and use it to redirect all traffic to a local proxy that will reserve websites with javascripts & flash files removed completely. You may want to look into DNSMasq its opensource can do DHCP for the eth0 or wlan0, it can also host its own DNS and be used with block lists to filter known malware or tracking sites.

    Also how come your kickstarter has 0 mention of Specs?
    no mention of what type of ethernet, or wifi, no chipset info, no mention of onboard memory or ram, or the CPU speed.

    Also when you get a gag order and the N.S.eh forces you to put backdoors in how great will openhardware and opensource be, I hope you guys can deliver on this product idea, and do it right as of now, no one has been able to yet.

    • I’ll leave the facebook part of the discussion to Adrian who will probably comment later. As far as I am concerned Cloak is not about anonymity. It is all about privacy meaning leaving it for you to decide who to share your data with. It is not unlike a good old fashioned letter. If I send a letter to someone I made a decision to share whatever is in that letter with that person. If that person decide to share that information with someone else it is a breach of trust it is not a breach of privacy. However, I would NOT expect someone to read that letter between me and the intended recipient. Same with Facebook – if you choose to share information on Facebook that is your choice – up to you if you trust Facebook or not. What you would NOT expect is someone – say my service provider – to know anything about what I am doing before it reaches its intended target. Same analogy goes for mistakes. Say I send a postcard rather than a letter – well – then it would be fair to assume that someone before the intended recipient read my information. A product such as Cloak can and will even if abused make certain your internet service provider is unable to track your usage and it will – which is important in some locations – make it next to impossible for your government to track that same information.

      Home that clarifies my position a bit 🙂

Leave a Reply