Presented by Will

Million+ monthly facebook users over tor.

100k-200k daily.

1 Gbps of traffic from exit nodes to Facebook. AKA about 1% of Tor traffic. Using FB over Tor is about 2x faster. Will suggests this is because the non-onion FB opens like 15 circuits, but pastly says that isn't how TB is supposed to work.

# How to move that traffic to onions?

  • Tell people about the onion

Doesn't work too well. and FB has worked hard to teach people that "" is trustworthy and other names are not.

  • Alt-Svc headers

As of 3hrs ago FB serves an Alt-Svc header that points to onion services. (It's different than their facebookcorewwwi.onion) This onion traffic has ALREADY surpassed the main fb.onion traffic.

# Problems

## Can we tell users, or the browser, to go to the .onion instead of using Tor exit nodes?

## What onion to put in the header?

fb.onion? already has a bunch of traffic.

Created a set of v3 onions. every time a user visits, give them one of these v3 onions deterministically based on their session. Note that session is established before login.

## Other websites don't have a way to partition users

AKA sites that don't use cookies or sessions.

Giving users the same alt-svc header for an entire session keeps them on the same circuit.

## FB has lots of subdomains

Each one is a new entry in the alt-svc cache. Meaning a new alt-svc discovery, negotiation, etc.

## CDN doesn't have access to the same partitioning info that, so the same deterministic v3 onion idea doesn't work here.

# Why do this

  • Remove traffic from exit nodes, thus being friendly
  • Don't have to trust exits
  • FB loads about twice as fast (over Tor...?) when you use the onion
  • Using onions avoids some attacks, e.g. cookie stealing using a stolen cert

# Downsides

  • User never knows they are using an onion. This is against the ideas Tor has been pushing along the lines of onions being nice and normal and good for

normal life.

# Misc points

  • CA Browser forum requires EV certs if you want a .onion in your cert. With alt-svc, since the onion service serves content to you, it uses the same cert

as the original non-.onion domain. So you can get a free DV cert from let's encrypt.

  • Tor could improve onion service scalability so that FB doesn't have to run 15 onion services and could just run one.
  • Onionbalance not suitable for FB right now

# Should other large websites do this too?

  • Cloudflare does. In fact, they do by default (but one person said they didn't see it working when they checked)
  • If you don't have a huge site and one onion is good enough for you, it should be very very easy to deploy this for you. Hardest thing is keeping an

up-to-date list of exits.

Last modified 2 years ago Last modified on Oct 1, 2018, 9:20:54 PM