Twitter it made the “onions” expire. No, it’s not a problem with the pantry or Elon Musk’s cooking skills – the problem is more serious and has to do with privacy. Twitter has allowed its site’s onion Tor certificate expired. In doing so, you effectively discontinued a service that protected privacy and freedom of expression that you introduced last year. But perhaps the most worrying thing is that, at the moment, it is not clear whether it is a conscious choice – or just an oversight.
Twitter expires its onion Tor site’s certificate
Just a year ago Twitter had launched its own Tor site, which allowed users to log in with the confidence to protect their browsing data. Now, visiting the onion Tor site address with a browser that supports the Tor protocol only shows a warning that the certificate verifying the site’s authenticity has expired. Trying to continue beyond that point (which is highly discouraged) results in a Twitter error page. The certification expired on March 6, just two days before the one-year anniversary of the site launch.
Twitter no longer has a communications department to ask about the change, but the Tor Project has confirmed the expiration of the service to the American site The Verge. “The onion site is no longer available and there appear to be no plans for renewal. The The Tor Project has reached out to Twitter to try to bring the onion version of the social media platform back onlinea,” said the director of communications Pavel Zoneff in a statement.
Even visiting Twitter.com through a browser that uses TorHowever, privacy-conscious users won’t get the added benefits that a Tor-specific onion site provides.
How Tor sites work – and why Twitter gave up on them
Onion sites, sometimes called hidden services or “dark web” sites, must be accessible via a browser that uses the anonymous and encrypted Tor network. Doing so keeps the user’s web traffic and its point of origin secret. This also allows users to bypass government censorship efforts such as those of Russia and China.
It’s no coincidence that Twitter launched the Tor service after the Russian invasion of Ukraine – the idea was to allow Russian users to still access news not controlled by the Kremlin.
The benefits of the services include an extra layer of security and help for distinguish bona fide crypto users from malicious botnets. Although users of onion sites are small (and almost all computer literate), there are Tor versions of Facebook, Reddit, and several major news organizations.
The company forgoes the extra privacy – or just forgot about the deadline
The strangest thing about the story, however, is that the lack of a central communications department in the US makes it difficult to understand what happened. Twitter has given up on Tor sites because it doesn’t think it’s important to invest in this extra level of privacy – Or did you forget to renew your certification?
Alec Muffett, who helped launch the service last year, explained to The Verge via Twitter direct message: “The people who built it, at least everyone I interacted with, are all gone.”. He continues: “I’m pretty sure it’s going to stop working altogether at some point, unless Elon takes an interest.”
After several wave after wave of layoffs, including staff from core operations teams, it’s hard to think Twitter has the resources to keep up with its onion site. So it doesn’t really matter what the cause is – what we know for sure is chand Twitter has expired its own onions. And maybe it won’t be the last service he’ll let expire in the pantry.