Posted by: Benjamin Vitáris
November 3, 2015
Facebook officially announced that they are working with the Tor Project in order to get official recognition for .onion sites. Facebook and Tor (receiving help from other companies as well) has successfully petitioned the IETF (Internet Engineering Task Force) for them to designate website addresses that end with ”.onion” as special use domain names. The Internet Engineering Task Force is the main organization on the internet that sets the standards for almost everything.
The outcome of the whole petition is that it will make setting up and running a .onion site much easier. Firstly, the ICANN (Internet Corporation For Assigned Names and Numbers) can’t make .onion a regular top-level domain. That means the domain extension, .onion, won’t be sold off during a round of domain name expansion. Secondly, the petition will make obtaining an HTTPS (SSL/TSL) certificates easier for hidden .onion websites, which will make browsing those domains more secure and encrypted. It seems that the second reason is why Facebook was supporting Tor’s .onion websites all the time. Last October, Facebook has announced the social media platform’s official .onion website (facebookcorewwwi.onion), which even had a working SSL certificate.
Facebook has created its own .onion domain for valid reasons. One of these would be that Facebook sees the whole ”social media on a .onion website project” as a possibility for people to connect from an anonymous network to their Facebook accounts and go public while remaining safe. Many users of the world’s first social media website would be able to profit from this. For example, where people are living under oppressive regimes or authorities, those people could use the website anonymously while doing it completely legally, so they won’t have to face local authorities.
The official recognition of .onion sites means that websites on the dark and deep web can use official hosting companies for registering their domains. This will make the dark net safer and will, most probably, make that part of the internet more popular. This whole act will help to legitimize hidden sites and clarify their importance.
As it was mentioned before, in last October, Facebook has managed to host its own .onion website with a valid certificate. However, the whole process was not that easy as it sounds. Alex Muffet, one of the engineers at Facebook, has described the situation. The company got the certificate using an ”arcane loophole” in the certificate system. After the social media website acquired its certificate on the dark web this loophole was meant to be closed on November 1, 2015. That means, if the loophole is closed, all websites or domains that had SSL certificates in it will become all invalid. The SSL certificate was a must-have for Facebook on the .onion site since it is on a part of the web, which is not secure and a certificate is needed in order for Facebook users to feel safe. So, if Facebook could not maintain the SSL, the .onion domain has to be closed. That’s why Facebook began its work with the Tor Project. They wanted to make the .onion websites recognized as special use domains, which they have succeeded in.