Facebook users access the site through a number of means, making them vulnerable to various security threats.

To this end, the social network has put in place different security measures, including HTTPS, Perfect Forward Secrecy and HSTS, to provide more security when users log in and connect to Facebook. But even these aren’t enough.

Facebook is once again beefing up its security. This time, it’s considering ways to secure users logging in via Tor.

On the company’s blog, Facebook software engineer for security infrastructure Alec Muffett explained:

“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a “botnet”, but for Tor this is normal.”

Muffett says such considerations have not been accounted for in Facebook’s current security infrastructure, which has caused “unnecessary hurdles” for people using Tor to access Facebook.

In order to maintain a consistent experience with accessibility and security for all users, Facebook is making the site available directly over Tor network through this URL: https://facebookcorewwwi.onion/.

This onion address works exclusively for Tor-enabled browsers, allowing users to access Facebook “without losing the cryptographic protections provided by the Tor cloud.” It connects the user to Facebook’s Core WWW Infrastructure (notice the “wwwi” in the given URL), providing end-to-end communication from the browser directly into Facebook’s data centre.

Facebook says their medium-term goal is to support the social network’s mobile-friendly website via an onion address. For now, they expect the project to be “of an evolutionary and slightly flaky nature.”