https://facebookcorewwwi.onion/

rysiek rysiek@hackerspace.pl
Fri Oct 31 07:58:18 PDT 2014


Hi all,

so, you've probably seen this:
http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-direct-access-to-its-service-over-the-tor-network/

Apart from being torn about the move (good on Facebook to support TOR, but I 
don't really feel like praising Facebook for anything I guess), there are two 
WTFs here:
https://facebookcorewwwi.onion/

1. HTTPS to TOR Hidden Service? Why?
/that's the smaller one/

2. How did they get to control 15 characters (I assume the "i" was random) in 
the .onion address? That's a *LOT* of number crunching. If they are able to do 
this, it means they are able (or are very close to) bascially spoof *any* 
.onion address.

Am I missing something?

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20141031/4a0087ea/attachment.sig>


More information about the cypherpunks mailing list