One interesting effect of Twitter’s onion address: your 2FA options are limited. Any WebAuthn/FIDO/U2F keys you have registered with your Twitter account won’t work, because the key registration is tied to the domain name. I have the same problem on Facebook. I can only use these onion sites if I log in with TOTP.
One would think you could re‐register the keys while logged in to the onion site, but I’ve never succeeded with this on Facebook or Twitter. I don’t know if there is a technical limitation preventing WebAuthn from being used over onion sites, or just a problem with these particular sites’ implementations. Tor itself is not the problem—you can use a registered WebAuthn key over Tor if the domains you’re visiting are facebook.com or twitter.com.
As you say, it's because WebAuthn is by design tied to the origin and onion sites are a different domain. There's been attempts to standardise a way to indicate that site XYZ.onion is actually the same as ABC.com through the Alt-Svc header but it seems unlikely that this would be used by something as security critical as WebAuthn.
I suspect the reason you can't enroll the same key again is that Twitter doesn't know that you're accessing it from an onion address? Or it doesn't know how to register the same key twice with different domains? I agree it should be possible.
Ok but I assume the user-hostile dark patterns are still present? So I can't scroll past more than a few tweets without a full page popover driving me to sign up?
I have no interest in ever "tweeting". I do not need an account to read tweets from a link sent to me. At this point I refuse to log in or comply with the wishes of Twitter PMs just on principle.
If the onion site does not feature these dark patterns then this will actually drive me to use Twitter more, and will actually take some of my usage off the web and onto tor.
Even if you logged in, click 'read more' now only show you 3~10 more reply and yet another 'read more' button. This really drive me insane. I often encounter tweets with 200+ reply and you ask me to click 'read more' 20 times in order to read all reply? What's wrong with you?
So I ended wrote a script that click the 'Read more' automatically as soon as it showed up.
Instead of the terrible Twitter website, have you considered Nitter[0] with an extension like Privacy Redirect[1] (or on mobile, an app like UntrackMe[3])? No login prompt, no dark patterns, no JavaScript
I don’t use Twitter. Someone texts me a link and I tap it, then we discuss. Is there some way to make mobile Safari automatically parse Twitter links and redirect?
Twitter is extremely low-value to me. Any additional effort and I will just do something else with my time.
And IIRC you need a cell phone to get an account. At least it made me when I signed up for one to read the news. Maybe it was so dark I missed how to skip.
Yes even if you skip they’ll just flag your account for bot like activity and require a phone number to unlock. Happened to me first time I replied to Elon Musk, have to hand it to them, definitely something a bot would do.
Can we invent something like zero-knowledge proof-of-unique-living-person-and-not a-bot, without giving out personal details like phone number? Would be very valuable.
Not only for viewing, but also for commenting. You know, people are sent to prison in Russia for liking FB posts. Or people are canceled for the same in other parts of the world.
To all the people who complain that Twitter over Tor is pointless because you have to login: it's not.
A lot of people might have no concerns with identifying themselves with twitter but might be blocked by their ISPs or worried about some governments tracking them down.
In those cases twitter over Tor makes a lot of sense.
(and no, I'm not a fan of twitter myself and I don't use it)
why would it be pointless? everything should be anonymous by default. that's how the internet always worked before corpo scum shat all over it.
now the next question is whether you can actually _do_ anything over Tor on there. do they block you from half the functionality, such as searching, scrolling, etc? do they still pointlessly force a phone number as opposed to it being optional (why did this trend start right after snowden anyway)? can you even write a post? is this article just some PR generated crap and tor is still actually fully blocked? are they able to implement their trivial web application without javascript yet (so tor browser can be run in safe mode)? i made some accounts on tor 10 years ago there and they silently got deleted / shadowbanned (it seems the ones i used to DM a pre existing account got deleted)
The post you reply to implies that you have to login in order to access it.
That's a good first step IMO, as this should balance out some fears of abuse from them. But I wouldn't be surprised if you can't create an account from Tor.
Oh they don't - you can sign-up without one, and iirc, Twitter doesn't indicate anywhere that one is needed. But all new accounts just happen to exhibit suspicious activity and are blocked until submitting a phone number. This is all mere coincidence, and certainly not an effort by Twitter to conceal how much personal information they want for an account.
Right, I remember you used to be able to sign up for Twitter solely with a phone number (and post tweets via SMS, a feature which I used every so often). You can see that if you look at an old archive of the site: https://web.archive.org/web/20061203201128/http://twitter.co... (heh, also gotta love that the site was so small they can just show some random recent tweets and users right on the homepage)
This was in the days before legit smartphones so running an actual "twitter client" was out of the question. Of course that all quickly changed with the advent of smartphones like the iPhone.
Twitter’s financials are public. They aren’t making any obvious money from having your phone. It’s more likely there to let them stop people from harvesting/selling accounts.
Understanding that "Free" is the only way to grow a platform, once there, I'd happily pay $X/month for Facebook, Twitter, etc that's customizable to the format and amount of tracking that I want.
That is completely unrealistic, of course, but that wasn't your question, so I can happily and honestly answer "Yes" :)
Do you know what's the best thing about that? It's okay if only a part of the population pays for each service.
If enough people have Twitter Blue to make Twitter profitable, and are enjoying the comments and type of content the tons of non-paying users are making, it's win-win.
One person hast Twitter Blue, another one has Facebook Deluxe, and some others don't pay for online services at all. But these who don't pay are creating content people are willing to pay for.
That's how free to play games work, so it's not unrealistic.
there used to be such a service, App.net[0], which was basically "paid twitter". It was pretty awesome. Not only was there the App.net client which was an analogue to Twitter, devs could make other services which you could log into with your App.net identity, for example there was an excellent Instagram-like app "Favd"[1] that could post to Twitter, FB and App.net.
Reddit has the same bullshit problem. The website works perfectly fine on mobile, except it keeps trying to force you to use the app for absolutely no reason, and the app often works poorly.
In order to begin being an actual useful resource on the internet they have to, among other things, get rid of the feature where you have to click "load more" 10 times to read the small fraction of replies to a Tweet that Twitter does not censor completely.
If a tweet has 100 replies, it generally only shows the most pro-neocon/PC response, and you have to click "Load More", then it will show 1 more response, you keep clicking "Load More", and eventually there's no more "Load More" button, and you've only seen 5 responses. Where are the other 95 responses that Twitter deemed to be wrongthink?
Why would anyone use a website like that when you're only getting curated propaganda? It's like sitting in front of the TV and only watching ads with no actual content.
That "load more" is extremely annoying. I believe it's an a/b test because I only see it with one of my accounts. It seems to get triggered when the http referer is from another social site. I found you can get rid of it by re-opening the link in another tab by control-clicking on the tweet timestamp.
This is not a real problem as tweets and their replies are all publicly available. Likely brought on yourself by using ad-blocker or something triggering it (which Twitter has every right to try to encourage you to log in or use the site more regularly)
If they want to be a walled garden, they can be a walled garden. But no embeds, no free traffic from all the news sites and blogs. No free traffic from google. You can't have the cake and eat it too. All of this scumbaggery with serving X to google and serving Z to the humans has to go. It's internet cancer. And I don't use that word ligthly. It's not just Twitter that does this, instagram, facebook, etc. all do this. It should have been regulated away a long time ago and harshly fined because THAT is what makes the current internet not open. Internet is about free(ish) access to information, and like it or not, Twitter is the current "breaking news" creator and aggeregator #1 (by orders of magnitude). If an adult voluntarily posts content to twitter, content that is intended to be public, an twitter tries to prevent public access to that information, a reaction to that should be disgust, not saying "what's in in for twitter". What's in it for ME. Me. Me. Me. I. My family. Maybe my friends. My company. Everyone else can go fuck themselves, right?
The situation with Ukraine and a lot of news and media breaking on twitter are a current, glaring representation of how twitter makes money on people's suffering... but it isn't the first and sadly won't be the last, because of people like you.
I saw a diagram of traffic to an .onion domain, I think in a Tor Project browser, and it showed the traffic going through ~3 Tor relays, then ~3 'regular' Internet relays, then perhaps something else, then the .onion host.
Why the 'regular' Internet relays? It wasn't a hijack of some sort, this diagram was from the Tor Project. It wasn't an exception AFAICT, I saw it for multiple .onion hosts.
I assume the traffic is encrypted over the Internet relays, but it seems to add a bunch of potential vectors of attack, not to mention potential performance issues.
Tor hidden servers have changed recently so this may be a bit out of date, but the client (at the Twitter user end) has to choose all the relays between itself and the endpoint. The server (Twitter) is also hidden here, so the client cannot make a path all the way to it, the way it could for a normal website. So Twitter publishes the address of a trusted relay instead. The client makes a path to the relay, and the relay forwards the request on to the hidden server.
Thank you. Why do some relays need to be public Internet hosts (if I understood correctly what I saw) instead of using all Tor hosts as relays? Sorry if the answer is somehow implicit in what you already posted.
Thanks for all your help and I understand if I've exhausted the efforts of free HN technical help!
I read the link and while I learned more about Tor, the article seems to describe how to secure Tor traffic that is forwarded to regular Internet hosts, for example if someone using a Tor client visited ycombinator.com. My question is, if you use a Tor client to visit twitterhpgjerufcvrmzerg2novpipy42rk3anvb5b7np4zggm4rwaqd.onion, why is part of the route through regular Internet hosts (afaict) and what are the implications of that? The article shows what I am describing in this screenshot; the blacked out parts next to "Portugal", "Germany", and "United States" are IP addresses:
Only the trusted relay in the middle knows that half of the path. Sorry if that wasn't clear. And again, this was a hack on the original protocol that had some security issues. The implementation of hidden servers was recently updated and I don't know exactly what changed.
That is what I believed but what I saw seemed to conflict: Install the Tor Project browser, connect to an .onion host, then click on the icon that shows the route. It appears to show the route goes through non-Tor hosts (I don't call them 'clearnet' because I expect the data and some metadata is encrypted).
EDIT: See this screenshot from an article elsewhere in this discussion. The blacked out bits next to "Portugal", "Germany", and "United States" are publicly routable IP addresses (IIRC):
This is normal: your computer picks the set of 3 relays you want to use, hence it knows their IP addresses. The 3 relays from there to the hidden service are not known to your computer though, so those are just listed as "relay"
This screenshot, from an article linked below, shows what I'm talking about. The blacked out parts next to "Portugal", "Germany", and "United States" cover publicly routable IP addresses (afaik):
I think I may be able to help sort out the confusing bits. I know a lot about Tor so if you have any further questions feel free to ask. Sp332's comment is a good explanation so I will simply expand upon it. Also, if I misunderstood your question let me know.
Tor works by ensuring that there is three Tor relays between the Tor client (the software that connects to the Tor network) and the destination the Tor client is connecting to.
However, what happens when you want to establish a connection between two hosts who are both using Tor through the Tor network? Well, in that case both Tor programs establish a path through three Tor relays and link the last Tor relays in each of their separate chains together (if you are interested in learning about how each Tor program knows the others end point look up "Tor hidden service directory"). Now with both ends of their Tor relay chains linked, both hosts can communicate with each other securely and anonymously over the Tor network. (For example: you are using Tor browser to connect to a hidden service. Both Tor browser and the hidden service make a chain of three Tor relays each and connect the chains together through the last node of each chain. The Tor browser only knows the relays that it uses for its chain + the end of the hidden services chain. The hidden service only knows the relays in its chain + the last relay in your chain. Thus keeping you both anonymous.)
Yes, thank you; that explains it. I somehow got the impression that the last three relays were routed on, effectively, a different layer of the Tor network than public Internet IP routing, one that didn't rely on the public IP addresses.
The screenshot shows the traffic going through 3 Tor relays (which your browser knows the public IP addresses of, since it created that circuit in the first place) followed by three more Tor relays (which it doesn't know the public IP addresses of, since that circuit was created by the hidden service), followed by a final hop to the hidden service.
Could someone elaborate on what potential threat is addressed here for the users? As far as I understand, a hidden service’s main purpose is to protect the privacy of the domain operator (in this case, Twitter).
For a user, however, just the act of connecting through Tor will protect their privacy (to a debatable degree). At the very least, it will circumvent any blocks put in place by their ISP and/or upstream.
Alec Muffet, who helped Twitter on this, replied to your question on his blog: Why offer an Onion Address rather than just encourage browsing-over-Tor? [0]
That reduces your anonymity almost to the point of being useless. It means that any middle node connecting to a "Twitter" exit node would know you're almost certainly connecting to Twitter (effectively making the three-hop Tor circuit a two-hop circuit). In addition, Tor uses long-term guard nodes (the first hop) in order to defend against certain attacks. This means that the middle node could make a guess about what bucket a user is in based on the guard node. It's not as bad as not using Tor at all, but it gives middle relay nodes far more information than they normally would have -- and middle relay nodes are the easiest kind of node to set up.
The main reason why Tor has strong privacy guarantees is because every piece of traffic looks like every other piece of traffic. Changing what paths you pick based on where you're going undermines that in a fundamental way.
A major practical advantage is that Tor exit nodes regularly have their IP addresses marked as abusive and then you have to do a million captchas to sign in, and the onion service doesn't do that.
Another reason I can think of is that as more and more "legitimate" traffic moves onto Tor internal (no exit nodes) it becomes increasingly non-viable for nation states to execute a blanket ban on Tor traffic as it would be too disruptive to people and the economy.
Traffic to hidden services stays within the tor network so you don't need exit nodes. However it isn't necessarily faster. As I understand it, with a typical hidden service, the hidden service nominates certain nodes for clients to use to make contact with it and the client and the service build tor circuits to those nodes thereby preserving the privacy of both clients and servers but you end up with longer circuits than those to exit nodes, and you are limited by the slowest node in that chain.
There is a mode for hidden services where you don't care about staying hidden (say you are twitter or the NYT running a service and everyone already knows who owns the site and where the datacenters are) where, as I understand it, you allow clients to build circuits directly to you which preserves client privacy but not server. This is more performant than a normal hidden service but I wouldn't call it fast.
Another benefit is that exit nodes tend to be saturated with traffic from folks using them to transit traffic onto the clearnet. As such, latency and throughput through these exit nodes is going to be pretty bad. Using Tor to directly view Twitter means that you aren't bottlenecked around an exit node to reach Twitter.
Have you tried making any accounts online these days without a phone number? Good luck — there are extremely few services left that allow it due to “abuse” and other nonsense.
My favorite case of this is that you used to be able to create a google account through android without a phone number. Assuming this is still possible, if you do this your account will be immediately suspended for “suspicious activity” and require a phone to unlock.
I use one service that requires a phone number: Signal. I'm doing alright on the internet. If your service requires a phone number to sign up, I will not use it, period. If more people thought like me this would be a problem, but the majority seems hell bent on spreading their cheeks for peanuts these days.
Originally Twitter was over SMS. That's why Tweets were limited to 140 characters; it's all you could fit. So they did have a reason to ask for phone numbers from the beginning.
Ok but now, what feels like a 100 years later, they don't anymore. It's just another data point to identify users and sell that information eventually.
"Hate" / "Dislike" / Critical Post / Negative comment, is just as valid as "Love" / "Like" / Positive Comment. Either may be productive (constructive feedback or earned support) or unproductive (pointless criticism as much as baseless love).
In fact, as owner of any service/product/store, constructive negative feedback is valuable. My wife is a store manager and subscribes to "Feedback is a gift" philosophy - is a customer is going to leave, she'd appreciate knowing, in constructive way, why they are leaving.
There's a general tone of commentary here that it's good that Twitter is accepting Tor connections. I think that's a good thing. There's also a lot of side-commentary about how Twitter shouldn't be overly-praised for this because they follow plenty of other dark patterns, most notably requiring a login and collecting phone numbers and other personal information. The main reason I hate Twitter is because of their dark patterns (and shitty UI). If they stopped collecting phone numbers, I'd hate them less.
It's possible to create a twitter account without a phone number. You'll initially get suspended and get an email stating why. Just reply to that email (open a ticket) and they will approve the account without a phone number.
They're typically required. Even if you manage to create an account without a phone number, you'll soon start get notifications from Twitter saying that your account is at risk and you have to add your phone for verification (at least that's what happened to a friend of mine who set up an account some time last year)
You can just use a service like SMSPVA, phone verification doesn't break anonymity. It's a reasonable anti-spam measure, you have to burn a tiny amount of cryptocurrency in order to register.
Many of these services use a limited pool of phone numbers that have already been used to register accounts on Twitter, and Twitter won't let you use them for fresh signups.
Glad to hear they thought of that - I haven't used this particular service before. However, I just looked at it and there are zero United States numbers available to rent for Twitter signups right now.
I could use one of the European numbers but given my experience with how sensitive Twitter is to sketchiness I'm guessing I'd get more random phone number verification requests.
What do you mean? Monero is definitely anonymous. Obviously all cryptocurrencies aren't anonymous, but anyone with half a brain can understand that I'm referring to anonymous cryptocurrencies.
Sometimes you can't even view tweets if you're not logged in (there are workarounds though). Viewing media and threads also has extremely limited functionality in embedded contexts.
This move is actually hilarious considering Twitter's policies.
I wish this page elaborated on what "Additional domains used to enable parts of site functionality" means. What additional functionality is available when I use the different links?
Just poking at the two home pages (tor and not) twitterhbmit57bzbcjnujedrn7uk73geo4ackio4lxdj6t7w6f4zsid.onion is the equivalent of the abs.twimg.com CDN, so assets, javascript files, fonts, etc
I don't immediately see what twitterhpgjerufcvrmzerg2novpipy42rk3anvb5b7np4zggm4rwaqd.onion is being use for though.
I can't imagine many of the people accessing twitter over Tor are going to be okay with running random executable code to be able to read text. But maybe in this context they're assuming people will be using Tor that don't care about privacy and only care about access.
Shallot (at least that version) is for v2 onions only which are truncated sha1 hashes of RSA keys. v3 onions are base32-encoded ed25519 so 7 characters translates to needing to force 35 bits of ed25519, which according to [2] should be in the same ballpark but does not get specific as far as I read.
twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion does not work due to CORS. (For me, it doesn't matter much since Twitter depends on JavaScript and Nitter does not.)
Big fan of Nitter. Switched to it when Twitter killed off non-javascript last year, and I rewrite all Twitter links in it when resharing with others. Works great in w3m, or in NoScript without need to whitelist a social media tracker.
Would it be possible for one of you experienced NoScript'ers to write a set of tips and tricks? I have been using NoScript for about a month since someone mentioned it here, and it has been wonderful. I never imagined I could opt out of just the trackers and APM bloat so easily, and my phone battery life is improved dramatically too. But I bet there are more things like Nitter that I haven't yet discovered.
I'm not sure what to focus on. On the desktop, I combine uMatrix+NoScript for better coverage of CSS, cookies and images across domains, while still having convenient one click whitelisting in NoScript. That's just a personal preference.
Expand/collapse sections that default to collapsed. Particularly annoying if no one bothered to put fallback CSS in a noscript block. Using custom CSS style rules can help with this. Unfortunately Mozilla killed the vast majority of their extension ecosystem on the phone. One silly hack workaround I found was that their darkmode extension they did whitelist allows custom CSS rules that can be used to fix things like this. It isn't nearly as elegant as using Stylus on the desktop for this.
Reader mode can help with broken sites. Disabling all CSS also a quick fix if you just want to read stuff. Almost like browsing with w3m. (View→Page Style→No Style)
Dynamic image loading - regrettably despite HTML support for it, many sites use JS hacks and are probably pretty disinclined to support NoScript users. I've made custom fixes in violentmonkey for sites I care about on the desktop - mostly out of sheer cussedness. No solution on mobile that I know of apart from whitelisting.
old.reddit.com ♥ - shame Mozilla killed the addon to autorewrite the urls.
That is interesting but we run into something that is now prevalent-
I don't use it, but Twitter requires a phone number at singup, right?
This is the same issue that is going on really heavily right now with Microsoft Accounts(and they are about to force the entire playerbase of Minecraft to give a phone number by pushing them to Microsoft accounts starting a day or two from now)
(Note:This occurs without trying to use TOR during MS account creation, the system will lock you out afterwards- I assume TOR would be even more difficult)
To my understanding, even Protonmail has a odd requirement where you have to verify by making a donation, if you try to initially sign up with TOR- and sure, they might only keep a hash , but this is a risk as someone could generate a hash of all potential phone numbers and them compare.
Logging in via TOR afterwards to protonmail is good and all, but you aren't fully private then and can be compromised with out recourse it appears. [VPN would probably be the way to get around this][Protonmail is still probably the strongest option, especially since they won that court case they sued the Swiss gov in after being made to help the french government in that one case- now they are not able to be coerced at all - nontheless this signup TOR quirk is the only major thorn.]
I get the feeling no one realizes that you have these additional hoops to creating an account on any service- and that data they force you provide, could be subject to a subpoena in a jurisdiction where they don't like something you did, etc ,etc.
And no, VOIP numbers and burner numbers are now auto-detected by these services and pre-blocked en masse.
I agree with another poster, Signal is probably okay in needing one, and they are working on removing that and providing unique identifiers at least, along with stripping as much metadata as they can. Other services seem to be going towards a point where you're at the mercy of whoever can compel or read the data they required of you to use services that did not require this.
I wish services would instead turn towards TOTP and other authentication, to avoid spam. The fact that that sort of substitute doesn't allow one to bypass giving up details like Phone numbers- suggests it's about the data, not authentication or anti-spam, since they offer no alternate.
Another one is Telegram, a service which requires you to install an app on a mobile device and provide a phone number. It markets itself as a privacy app...
If the idea is to stop some sort of massed emailing or posting or whatnot, using TOTP as a requirement to take those actions would slow that down to once every 30 seconds-
if it's a matter of access and authentic access(as Microsoft's 'message' when they lock you out notes<suspicious activity>)) TOTP on actions a user may do, should cut down on the idea that an account is hacked.
An initial idea -
If they are worried about account creation being too fast, I suppose one idea then would be a TOTP client-side program that generates a unique account-generation code, one would need to create an account on a service to begin with- and time limit that from both sides, if the worry is a lot of accounts being generated in too short a time.
This way, one can always kill the client code generator, and reinstall it, but overall that doesn't get around the fact you need that to make a full account on the service, and this would slow down creation from someone while not using phone numbers or other meta-data that would be usable against them from a privacy perspective.
I would also look at how the teams from Signal, etc- are tackling that while reducing meta-data
if the idea is indeed about having some method to track the user in a way you can discover other info about them through subsequent means directly, then that's ...what we'd want to avoid.
> If the idea is to stop some sort of massed emailing or posting or whatnot, using TOTP as a requirement to take those actions would slow that down to once every 30 seconds-
No, it wouldn't.
If the service required a TOTP code every time an account wanted to make a post (which would be absurd), that would prevent each account from posting more than once every 30 seconds. But, even if that were desirable, it could be accomplished much more easily with a server-side rate limit.
A spammer has access to many accounts, and would easily be able to generate a TOTP code for each one of them every 30 seconds. TOTP is not a rate-limiting feature, and provides absolutely no benefits here.
> they are about to force the entire playerbase of Minecraft to give a phone number by pushing them to Microsoft accounts starting a day or two from now
Insisting on phone numbers would be a breach of the GDPR. Having entered into a contract a business cannot then demand additional personal information as a condition of fulfilling the contract.
...Does their current method get around this? They let you make the account, then a week or two later at most when you log in, it flags you and tells you due to 'suspicious activity', you now have to enter a phone number to get in specifically- as the account is now locked out otherwise. And VOIP numbers and burner numbers are autodetected and the system says to find a different number...
Since they allow you to initially make the account, i wonder if that lets them 'attempt to' bypass this -
Also, if that became a pain point eventually, they could make it so accounts made with European IP addresses from certain regions avoid this. (I think i've read on Reddit that european players get affected, but after contacting microsoft and citing GDPR with a form, they unlocked it- alas, the US and the rest of the world is forced to give a number then (not counting south korea which is a special case i've read)
meh. without the mandatory mobile verification, twitter is simply pointless to use via tor. maybe you are registered via mobile in a different country and you are currently in a hostile nation. if you are registered in the same country you are in, speaking against the government is pointless.
maybe there is a usecase, i dont know. i stopped twitter back in 2013 i think. the signal to noise ratio was difficult back then, i cant imagine what it is now. sorry.
i would disagree. ISPs "generally" do not willy nilly restrict access to websites out of pleasure. it is either those anti-piracy shenanigans or other than that almost always government mandated. if a government DOES NOT want you to use twitter, your using it signifies to them you are a person of interest and they can put more efforts into finding you. i know because i have been a subject to those enquiries. They are not fun
It's not well phrased; I think OP is trying to say that if/since you cannot pass Twitter's mandatory mobile verification, you can't do anything on Twitter anyway, so Tor is pointless.
I could be mis-interpreting.
I agree that supporting Tor, but mandating phone, are completely contradictory stances for a platform to take. None of the posts here so far about "circumventing ISP blocks" feel persuasive or even realistic - if ISP is blocking platform such as twitter, they are doing it for a reason, and 9 times out of 10, that reason extends to you not wanting to give up your phone.
Is this done to avoid Russian censorship? If so, interesting that Twitter's move is to go out of their way so they can still do business with Russians, while most other companies have decided that the correct choice is to sever all ties.
I think it is important that normal Russian people have access to outside sources of information to erode popular support of the war; their politicians seem to have no difficulty using Twitter to spread propaganda to the English-speaking world. I doubt the company is making any money from this or accepting Russian advertising, although I admit I don't have evidence to cite.
I'm not affiliated with Twitter, nor do I use it, by the way.
>I think it is important that normal Russian people have access to outside sources of information
I think this is true regardless of what they do with the information. Malice aside, I don't think freedom of information needs to necessarily serve another group's interest to be a worthy cause.
For many companies, the current situation makes it very difficult to continue business operations from a logistical perspective, and because of that they are pulling out of Russia -- they are just using the narrative of boycotting Russia because of atrocities as a PR move which they also are benefiting from.
Why would you jump to a bad faith conclusion? Why would wanting to keep Twitter accessible to Russian nationals be bad? Twitter doesn’t work in many countries such as China. There’s just not a whole lot of money in Russia to advertise to either, entire economy is smaller than New York State’s.
This is much more aligned with Twitter’s push for decentralization.
I wondered why they do it back then, and wondering about Twitter now: when trying to access those from Russia, if you use Tor, it's easy to access the website on its regular address via an exit node. Of course an .onion wouldn't harm, but it doesn't make much difference. On the other hand, the government tries to block Tor in Russia since the last year, the bridges that used to work don't work anymore, and even if you obtain new ones to which you manage to connect, somehow Tor still fails to complete a connection to the network (I didn't investigate further yet). So a regular mirror is likely to be more useful than an .onion one (even though it's also likely to be blacklisted soon).
And the BBC is broadcasting their program on shortwave again — I don't think the classical way of thinking about sanctions directly applies to media type organisations.
Of course one could argue russian trolls could use this to influence opinions on twitter as well, but wouldn't the most scary thing for Putin be his Russians getting non-state approved information on the war and the situation in Russia?
If the goal of sanctions is to drive a wedge between the political leadership and it's population, and we assume it works in principle, excluding certain platforms where people can get outside informations might actually be a good thing.
Im not sure if this has changed since my source was published but according to this article[0], the Tor Blocks in russia are not nation wide and originate from individual ISPs:
>"According to OONI, it wasn't all of Russia blocking Tor; it was 15 out of 65 subnets. Moreover, each censorship instance used a different blocking method"
>"If the censorship was government-sponsored, as the Tor Project suggested, then I would expect it to be much more widespread and consistent. This looks like individual blocking efforts. As OONI noted, the blocks followed a "recent spike in the use of Tor bridges (used for circumventing Tor blocking) in Russia."
Though the situation might be totally different now considering the recent events.
Twitter is almost useless now unless you login with an account (that requires a phone number). I'm not sure who the subset of Tor users are who are comfortable logging into a service such as Twitter?
Use nitter.net to view twitter. Just http://nitter.net/username. It barely uses javascript (except if you want to watch video), no ads, no popups, no login, no "trending" section. Just the content of the person you're trying to read content from. All twitter links are replaced with nitter links, so navigation isn't an issue. Even if I had a Twitter account I'd use Nitter to browse. It's a lighter experience with no extra crap.
Oooh this is great, thank you. I've been wanting to set up something like this for quite a while and haven't really spent the time to figure out how I'd do it. Glad to have an option just land on my screen like this! Cheers :)
Also just realized there are one or two other services they could redirect (e.g. Medium -> scribe.rip). Will see if it's feasible for them to easily add...
thanks, i really like this. i've been using the ublock zapper to get around twitters obnoxious sign up wall.
i feel like websites like this, and archive.ph are a sign of the future web. very little or now javascript, very light and fast - it inspires me to want to build something again.
it's not a good solution tbh, it's like blocking html elements but on reload they come back. the zapper is integrated into ublock, if you click on the icon its there.
i think a better solution is blocking cookies as another comment mentioned, but for me that seems to cause an infinite reload loop.
It's a little relevant. Twitter limits what you can see when you're logged out now, and if Twitter were breached your personally identifying information could leak out and put you in a dangerous situation.
it's a little relevant if you're the person sharing sensitive information that the government is trying to suppress. And if you're doing that, then yeah, take steps to keep yourself safe.
if you're just trying to read information, like 99% of the people on twitter, then it's not really relevant. it's an unlikely hypothetical in the first place that twitter leaks those phone numbers, but no government is using phone numbers to hunt down consumers of information.
A surprising amount of timely information from public institutions (everything from road conditions to "it's not a real nuclear attack[0]") is often much more accessible via Twitter than anywhere else.
Which have terrible discovery compared to social media. Make a website about a hobby and you're unlikely to get many views. Post it on social media and you'll get way more
> We need to be in an international military crisis in order that basic values of privacy prevail at home? ... That does not speak well of our quiescent "western values"
It also doesn't speak ill of those values, it says nothing about the values. You're conflating two separate matters: the values, and the effort required to hold/protect them.
Liberty requires a persistent effort to maintain against politicians, malevolent actors generally, that lust after increased power (for themselves and frequently the state as well).
It makes sense that that would be a process of erosion and (hopefully) rejuvination across years, decades, generations, centuries - as the counter forces battle. If you're really fortunate you live in a system that makes it a lot more difficult for the power-seeking politicians to trample on your rights.
Just because something of value requires effort to keep or maintain, that doesn't debase its value or otherwise speak to how great or how little the value is. Very valuable things often require an enormous investment to acquire and keep over time. At all times entropy is trying to destroy well ordered systems (eg democratic, constitutional, rights-protecting governments), it takes a huge amount of resources just to forestall that and you can never stop investing into it for long.
It also takes an enormous investment of resources to maintain authoritarian, anti-rights systems. They can never stop using force to oppress the population, they have to constantly crush the spirit of the population. They have to divert human potential on a persistent basis toward destruction, oppression, violent actions against the citizenship, actions inspiring fear/terror/dread. They can never stop spewing propaganda meant to keep the population in check, docile, in fear, etc.
That systems require active effort and mental attention to maintain, tells you very little about whether they're good or bad, the same goes for values a person holds (which also require effort to maintain), or the values a culture of people broadly holds.
> Liberty requires a persistent effort to maintain against politicians, malevolent actors generally
Politicians do not in general work to abolish democracy. The vast majority, in democratic countries, accepts and supports it. To just label them "malevolent actors" without even feeling the need to explain it is nihilistic cynicism: if all you ever do is scream at the top of your lung that someone is a corrupt scumbag, they will either adapt and become someone like that or quit.
Thanks for a thoughtful reply adventured. As I said, it gives me an
uneasy/weird feeling, which is to say I haven't quite unpacked it
myself yet. Your response is helping me.
> It also doesn't speak ill of those values
Well actually it does, at least in that it highlights them as
inconsistent. Clearly my issue is that values prone to change
according to circumstance are weaker, as generally one holds
consistent values higher than fickle ones. However, your further
points are interesting and deserve thought.
> You're conflating two separate matters, the values, and the effort
required to hold/protect them.
Perhaps in a short, pithy comment I'm not taking time to distinguish
the values (which I love and live by, and believe most of my
countrymen uphold) and the laziness by which some fail to consistently
and robustly stand up for them.
> Liberty requires a persistent effort to maintain against politicians,
malevolent actors generally
Absolutely, and would you agree that we've slipped dreadfully in that
duty in recent years?
> Just because something of value requires effort to keep or maintain,
that doesn't debase its value or otherwise speak or how great or how
little the value is.
I am glad you think that, and we agree. I am not sure if you thought I
said otherwise?
> Very valuable things often require an enormous investment to acquire
and keep over time.
Like previous wars in which my family have fought at great cost.
> At all times entropy is trying to destroy well ordered systems
No. Sorry. That's too simplistic a take. I'm not talking about the
constant gardening required to maintain structures of value, I am
alluding to the malevolent domestic forces who would sell our hard won
freedom, democracy and liberal values down the swanny for their own
aggrandisement and profit when it suits them, and sing a different
song when virtue signalling calls.
Let me try to be clearer what I am attacking here. It is sloppy and
selective values. It is a laziness that lies somewhere between "sworn
enemies unite against a common foe", and a prejudiced framing effect.
We're all very happy to cheer on Tor, VPNs or other instruments that
circumvent tyranny, so long as it's not _our_ tyranny. All of us have
benefited hugely from the freedoms immanent therein. We built these
tools (US Navy), and the internet itself (DARPA), in pursuit of
spreading the same values that we no longer have the stomach to
robustly defend here.
Yet when a tyrant goes crazy in Overthereistan we're all sweetness
and light and our digital "doors are always open for freedom". Those
double standards are not a good look.
I need more time to think about it, but maybe what irks me here is
simple hypocrisy.
If most Tor traffic to your service is abuse where it may be worthwhile to block it completely, then a catastrophic event that gets more honest people using Tor may make it worthwhile to unblock it.
My site blocks tor nodes not because I hate privacy, but because the overwhelming majority of spammy / abusive content was posted over the tor network, and blocking tor improved the signal:noise ratio better than the best anti-spam tools :/
> We need to be in an international military crisis in order that basic values of privacy prevail at home?
Pretty much, yes. The US benefitted hugely from defining itself in opposition to the Soviet bloc during the Cold War. It's a major countervailing force to growing to resemble your opponent.
Arguably, the US hasn't really figured out how to effectively define itself in opposition to China, given how liberally China has been copying parts of the US economic playbook (ie. "Capitalism with Chinese characteristics"), which itself is a trick the Soviets never managed.
Tried it two times in last six months. Once via the Android app and the second time on the website on my laptop. Both accounts were blocked after less than 15 minutes without even doing anything (except following a few accounts which Twitter suggested based on my interests... [0]). Both times they wanted a phone number to unlock.
I tried to contact the support, but they never responded.
[0] different accounts, based on different interests
It's getting even better. I just logged into one of the suspended accounts. Pretty much everything is locked, but without any information about the suspension. It's pretty much "Oops, something went wrong. Please try again later." on everything.
Ok, let's try it with the "Twitter privacy policy inquiries" form (while logged in). Nope, can't submit anything, because of the suspension. So why not have some fun? Just sent a GDPR request via the "suspension appeal" form. Why? For the lulz and to have some legal leverage.
Not even five minutes passed and I got a email. My account is not suspended anymore... WTF twitter?
Whom do you trust your identity with more? Twitter or the regime you're under?
As much as I despise Twitter, I'd much rather that they exclusively know my identity than both they and the regime. This isn't to say that I agree with Twitter requiring phone numbers.
Twitter is not a "leftist organization". Contrary to the belief of the somewhat unhinged, there's no conservative-hating conspiracy of tech giants, which are on the whole not particularly left-leaning where it counts. There are absolutely conservatives on Twitter; there have always been and it remains that way now.
Twitter literally banned the sitting President of the United States, a Republican. Other Republicans like Marjorie Taylor Greene have had their accounts banned, while this has never happened to a Democrat. People were banned for questioning COVID (e.g. the lab leak hypothesis), banned for questioning the 2020 Presidential election's integrity (yet nobody was banned for speculating on Russian interference and calling Trump illegitimate in 2016), banned for misgendering or deadnaming transgenders. Conveniently all the wrongthink that fall squarely in opposition to progressive ideology.
I don't think anyone believes there's a secret conspiracy, it's more that the type of people who work in programming, and particularly for a Bay Area company like Twitter, tend to be very progressive. It's the same miasma that clouds the mainstream media, academia, and now most corporate PR.
The entire Internet is available via Tor but only via exit nodes, saying that it "doesn't make it any more available" to offer it directly within Tor shows a fundamental lack of understanding of how Tor works.
If you can access a service, any service, completely within Tor without having to exit to the Internet, this significantly improves your anonymity[1] since you no longer have to go through an exit node, and as such the amount of nodes you can "exit" from increases substantially.
[1]: That is, the anonymity that Tor already provides. Obviously signing up for Twitter under your real name with your phone number will compromise your anonymity regardless, but that is not the problem that Tor solves.
I'm pretty sure I'm right, and that I understand how Tor works.
The existence of the Twitter onion service does not help a single person access Twitter that couldn't already access it anonymously without the onion service just by using Tor normally.
Right, I didn't mention it explicitly, but that was part of the anonymity guarantees.
A middle node has no way of knowing what your final destination will be. An exit node can see you're contacting twitter. Luckily, traffic is mostly encrypted these days, but not always, and there are ways to attack https (looking at packet length and traffic patterns can tell you what kind of activity is being done, researchers even showed that they could tell what movie someone was watching on Netflix).
I get the arguments he's listed. But to be honest, and this may just be me being pessimistic, I suspect the real reason is that it's just a cool thing for an interested dev to want to set up, and the list of reasons at that URL is really just a list of excuses.
Actually I think Twitter has been at its best, at least since the start of the invasion. I’ve been able to access expertise, military and political; see eye-witness video from Russia and Ukraine; follow the news minute by minute. Bullshit has been called out. People have worked to geolocate war crimes. Russian trolls have completely failed to control the narrative. Ukraine’s indomitable tractor drivers have nicked tanks. And the best evidence for this is the Russians shutting it down.
Research and, IMHO, reason show that unless you have real domain expertise or direct experience of the event, you can't distinguish well-crafted bullshit from truth.
> I’ve been able to access expertise, military and political
Those are accessible outside Twitter. Better, the expertise is less diluted by noise, and you get expertise + focused work (papers and articles, with editors, etc.) not hot takes. Just read foreign policy publications like Foriegn Policy or Foreign Affairs.
> Russian trolls have completely failed to control the narrative. ... And the best evidence for this is the Russians shutting it down.
That may be true in this case (I am not so ready to conclude it), but we know well that it hasn't been true in many others and won't be true in yet more, and people can't distinguish. Also, that does't mean others don't control the narrative - people who using the crisis for their own ends or even people you coincidentally support.
It’s true that expertise is available outside Twitter, but Twitter has been great at letting me find it. The mechanism is retweets from people I trust. Note, trust also helps distinguish bullshit from truth. I don’t know what a Javelin is, or how the war in the south is progressing, but the right journalist can find the right expert who does.
I don’t say these problems have been solved perfectly, just that they’re better than I expected.
This is exactly my experience as well. Extremely high quality information with bullshit directly being called out (even in the case of pro Unrainian fake news like the „ghost of kiev“ thing). I was waiting for the russian propaganda bots all the time but they never showed up (except for one youtube video where the whole comment section was full of whataboutism).
Compared to what you get from curating a hand full of twitter accounts with a good track record / reputation traditional media and government outlets are pure noise in my experience.
I believe Twitter is trying to be better though and it appears they do chip away at this. They have also been in a difficult situation between cancel culture and free speech absolutism. Determining the reasonable solution is hard when the extreme edges and vocal minorities are yelling at you.
My personal hope is that Twitter will further crack down on the very low hanging bots / trolls / alt accounts - there are many especially young accounts with handles like @Name359345809 which don't contribute to the platform in any way.
True, but a conversation about that can't exclude the fact that state sponsored information streams have been weaponized ever since the first states started providing official information.
Everybody should browse the internet on Tor from time to time to get an understanding about how the web works on a second class IP address and a slow connection. On some exit nodes reCAPTCHA actually enters an endless selection where it's impossible to pass.
> reCAPTCHA actually enters an endless selection where it's impossible to pass
I believe this is because from the same IP address there are other users who are failing the recaptcha. So in between you starting, and clicking 'submit', there are a bunch of other wrong-answer recaptchas, so, when combined with your correct answer, it looks like you got it correct just by chance, not by being a human.
Any specific suggestions for experiencing the difference? I've used Tor a bit, and can't say I noticed a huge amount of difference between that and browsing on a new mobile device.
If you're adventurous you could log into Google, PayPal and social media sites. Once you get past captcha challenges and manage to access your account, they may helpfully lock your account and never let you use it again, regardless of how much proof you provide for the ownership of the account to their support staff.
This Ukraine crisis is a goldmine for fans of hypocrisy and cant.
I thought Shell's [0] trying to grab the moral high ground by withdrawing from Russia would take some beating. But "cancel culture central" Twatter spluttering about censorship gives it a run for its money.
This seems like troll bait. The ELI5 version is that rich people and police are scary, so big companies have to please them.
I'm not sure if you live in a communist nation, because people who really don't want to be censored are welcome to host their own Mastodon server or similar
IMO this is not very useful because any speech for which you’d want anonymity will likely be banned on Twitter anyway.
You can jump through the hoops of procuring anonymous email address and phone numbers but in the end Twitter will ban any real political dissent. Cf. Last two years.
There are certainly examples of political dissent that are not regularly banned by Twitter but that doesn’t negate the fact that there are also examples of political dissent that are regularly banned by Twitter, which is the point of the OP.
> He was banned for misinformation regarding the Covid-19 vaccine...
Your summary of his work is grossly overstating the connection to mRNA vaccines — it's about as accurate as saying someone who contributed to ViolaWWW was the inventory of React — but he's definitely a great example of how politics can cloud even an accomplished scientist's judgment. Fortunately for the rest of us, however, the scientific process doesn't take past accomplishments into account and his later non-rigorous claims were quickly found wanting.
> The first mRNA vaccine experiments were carried out by P. Felgner, J. Wolff, G. Rhodes, R.W. Malone and D. Carson. P. They completed a number of mRNA vaccination studies that resulted in nine patents on mRNA vaccination with a shared priority date of March 21, 1989. One experiment documented that NEF (an HIV protein) mRNA vaccination in mice, followed by HIV challenge reduced positively stained cells by 2-fold and p24 expression was reduced by 50% at eight weeks
Is this inaccurate to you? Because there are 9 US patents that say otherwise.
> Your summary of his work is grossly overstating the connection to mRNA vaccines
Yeah, he only ran the first mRNA vaccine experiments and designed the first mRNA platforms is all.
> it's about as accurate as saying someone who contributed to ViolaWWW was the inventory of React
Terrible analogy, Malone worked directly on the first mRNA vaccine experiments.
> but he's definitely a great example of how politics can cloud even an accomplished scientist's judgment.
Or it's a great example of how politics can cloud your judgement of scientists going against the status quo. It's not new.
> Fortunately for the rest of us, however, the scientific process doesn't take past accomplishments into account and his later non-rigorous claims were quickly found wanting.
Truth is being arbitrated by tech monopolies and politicians, not mRNA scientists like Dr. Malone. The scientific process is not being followed by Twitter.
The scientific method needs criticism, it's strange to ban dissent in the name of science.
Nobody is being banned for dissent, they're having incorrect claims challenged and removed from sources like Wikipedia which are supposed to be conveying accurate information. His work which met the standards of science is accurately described in his Wikipedia page; his later claims which did not meet scientific standards are also accurately described.
> The first mRNA vaccine experiments were carried out by P. Felgner, J. Wolff, G. Rhodes, R.W. Malone and D. Carson. P. They completed a number of mRNA vaccination studies that resulted in nine patents on mRNA vaccination with a shared priority date of March 21, 1989. One experiment documented that NEF (an HIV protein) mRNA vaccination in mice, followed by HIV challenge reduced positively stained cells by 2-fold and p24 expression was reduced by 50% at eight weeks
Is that accurate or not?
> Nobody is being banned for dissent, they're having incorrect claims challenged and removed from sources
Dr. Robert Malone was banned from Twitter (and LinkedIn, and Youtube) for his views on the Covid-19 mRNA vaccines.
Again, nobody is saying that he wasn’t one of the people involved in the early days but as your own quote shows he wasn’t “the inventor” but one of a group and his work was only a small part of the work by hundreds of other scientists which lead to the vaccines in use 4 decades later. Since the question wasn’t how the vaccines work conceptually but rather whether they were safe, the people who actually did that work and got specific vaccines through rigorous safety testing have more relevant expertise and, of course, actual data.
The bigger point you’re missing, however, is that it’s science, not religion, and is about testable claims rather than someone’s past reputation. The fact that he was involved in an advance doesn’t mean he’s authoritative about the entire field for all time or remove the need for any new claims he makes to be critically tested. His Twitter account was banned for lying, not asking questions. He would have been fine if he’d been participating in the scientific process — asking questions, submitting meta-analysis papers, running experiments, etc. are all easily available options to someone with his background should he be willing to hold himself to scientific standards again. He hasn’t done that because he knows these claims won’t hold up to scrutiny.
> Nobody is being banned for dissent, they're having incorrect claims challenged and removed from sources like Wikipedia
Dissent is disagreement. People are in fact and explicitly being banned for disagreeing with the official information on COVID vaccines. Science is always changing and dissent is necessary to advancing our understanding of the world, whether it ends up being correct or not. When you ban people for “misinformation” you are impeding the scientific process.
It is still the case that nobody is getting banned for simple dissent. Malone knowingly lied about safety, making claims he knew were untrue at the time he made them and continued to do so. Had he simply said “I don’t agree with this” his account would still be active like all of the other people who do this.
Twitter is also not the scientific process. If he wanted to go back to holding himself up to the standards of a scientist, that would involve doing actual research or participating in the community processes - for example, I’m sure his reputation is enough that he’d have no trouble submitting a letter or meta-analysis to any journal and having it be read. He’s chosen not to do that because he knows that these claims won’t pass muster.
> Malone knowingly lied about safety, making claims he knew were untrue at the time he made them and continued to do so.
What is your source for this? Aren’t you assuming bad faith?
Regardless I think you are missing the point. Dissent by definition will not have to conform to your worldview or notions of what is true or who is considered a scientist. If you only allow things which your worldview considers true, that is not real dissent. Twitter does not permit real dissent on their platform.
There was a time when the claims Galileo was making about the sun were not considered true nor were they acknowledged by scientists. Really consider that.
> Had he simply said “I don’t agree with this” his account would still be active like all of the other people who do this.
No, if I tweeted “I do not agree that the vaccines are safe enough.” I would get banned. How do I know this? Because I tweeted this and I was banned from Twitter. You’re not being honest.
https://help.twitter.com/en/using-twitter/twitter-supported-... lists the Tor network as a supported browser
Implemented using https://github.com/alecmuffett/eotk/
Edit: made URLs clickable as well.