Two stories in the last few weeks piqued my attention for very different reasons. The first was Facebook’s laudable announcement on November 3 that it was launching a version of its site for users of the Tor anonymity service. The URL, https://facebookcorewwwi.onion/, is accessible only to ToR users.

ToR – which stands for The Onion Router – is software that powers a global, peer-to-peer network that uses successive layers of encryption to mask both the content, origin and destination of Internet traffic.

ToR users are among the billion plus Facebook customers in the world. But using Facebook over ToR has been, until now, an exercise in frustration. Facebook’s own anti-fraud systems would often block attempts to access an account over ToR. With the new Facebook .onion address, ToR users can access Facebook’s site without leaving the security of the ToR network.

And, while using super secure anonymizing software to empower your oversharing on Facebook might seem like the irony to end all ironies, Facebook points out that there are plenty of citizens of repressive regimes globally who desire to use its social network, let alone the political activists, dissidents, and others who see Facebook as a valuable platform to reach the world.

In that light, Facebook’s move into what’s often called the “Dark Web” is huge. It helps to legitimize the Dark Web as a space for legitimate online activity and decouple the notion of wanting to be “private” from the desire for content that is “illicit.” In setting up its ToR presence, Facebook becomes the most prominent software company yet to do so, and a model for others to follow. Among other things: the company partnered with DigiCert, a well regarded SSL certificate issuer to authenticate its .onion domain – providing both transparency and privacy.

Alas, the good vibes were short lived. Even as Facebook was planting its flag on ToR, the FBI was announcing a series of arrests and raids on prominent Dark Web sites, among them Silk Road 2.0, a successor to Silk Road, an online marketplace for illicit goods.

In addition to Silk Road, authorities seized 400 sites using the .onion pseudo top level domain (TLD). “These sites were all operating online criminal marketplaces, openly advertising on their home pages and offering to sell a variety of illicit goods and services to customers in the United States and elsewhere,” the FBI said in a statement.

The message for open and democratic societies such as ours is that online anonymity is a double-edged sword. Courts in the U.S. and elsewhere have long supported the rights of citizens to expect privacy in their homes, their written- and spoken conversations. Tools and technologies that allow Internet users to hide their identity and activities from the prying eyes of neighbors, employers or even the government simply preserve that right in a modern era that makes wholesale snooping easy. But it goes without saying that many of those looking to hide their communications and activity have some reason to want to hide it – and that reason isn’t always political reform or altruism. In short: there are bad people out there on the Internet looking to do bad things and to leverage privacy technologies to shield their activities from their victims and the law.

For companies that wish to protect their sensitive data and intellectual property, the question is how to balance employees' rightful desire to protect their online activities from snooping with the company’s desire to protect their intellectual property and the integrity of their networks.

On the one hand: Facebook’s move to ToR is evidence of the gentrification of the Dark Web. In the months and years to come, it is likely that more legitimate sites (starting with Facebook’s competitors) may do the same.

On the other hand: the FBI’s Dark Markets sting is a reminder that there’s still plenty of shady business being transacted via ToR. Among other things, we know that certain families of malicious software readily use ToR to hide and protect command and control communications to and from infected hosts.

Good intentions aside, this unfortunate reality is probably enough to keep the red flags raised over non-sanctioned use of ToR and anonymity tools in the corporate sphere for some time to come.

About Paul Roberts

Paul Roberts is the founder and editor in chief of The Security Ledger. Paul has spent the last decade covering hacking, cyber threats and information technology security, including senior positions as a writer, editor and industry analyst. Most recently, he served as editor of Threatpost.com and a Security Evangelist for Threatpost’€™s corporate parent, Kaspersky Lab. Prior to that, Paul spent three years covering the enterprise IT security space as a Senior Analyst in The 451 Group’€™s Enterprise Security Practice, where he covered trends and technology developments in the security market, with a concentration in endpoint security.