Type of site
biltxjqhye3mhbshg7kx5tfyd.onion (Accessing link help)
|Users||>1,000,000/month (as of April 2016[update])|
The Facebook onion address located at facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion (formerly facebookcorewwwi.onion) is a site that allows access to Facebook through the Tor protocol, using its .onion top-level domain.
Prior to the release of an official .onion domain, accessing Facebook through Tor would sometimes lead to error messages and inability to access the website. ProPublica explicitly referenced the existence of Facebook's .onion site when they started their own onion service.
The site also makes it easier for Facebook to differentiate between accounts that have been caught up in a botnet and those that legitimately access Facebook through Tor. As of its 2014 release, the site was still in early stages, with much work remaining to polish the code for Tor access. It has been speculated that other companies will follow suit and release their own Tor-accessible sites.
In October 2014, Facebook announced that users could connect to the website through a Tor onion service using the privacy-protecting Tor browser and encrypted using HTTPS. Announcing the feature, Alec Muffett said "Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud. ... it provides end-to-end communication, from your browser directly into a Facebook datacentre." The network address it used at the time – facebookcorewwwi.onion – is a backronym that stands for Facebook's Core WWW Infrastructure.
In April 2016, it had been used by over 1 million people monthly, up from 525,000 in 2015. Google does not operate sites through Tor, and Facebook has been applauded for allowing such access, which makes it available in countries that actively try to block Facebook.
In May 2021 it updated to an onion version 3 address at facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion. This was due to the Tor Project's planned July 2021 deprecation of v2 addresses due to their inherent crackability using brute-force attacks by modern hardware that did not exist at the time of their introduction (many private keys are known to equal the same v2 address due to a hash collision).