Advertisement

Twitter's privacy-preserving Tor service goes dark

Twitter’s Tor service, a version of the site that could be accessed even in countries where the social network is banned, has gone dark after the company failed to renew its certificate.

The certificate for Twitter’s onion site expired on March 6, just days before the site was set to mark its one-year anniversary. Pavel Zoneff, director of strategic communications at the Tor Project, the nonprofit organization behind the anonymous global network, told TechCrunch that the site “is no longer available seemingly with no plans to renew."

Twitter's Tor site now shows visitors a warning that its certificate has expired and proceeding past that point, which is not recommended, displays a Twitter error page.

"The Tor Project has reached out to Twitter to look into bringing the onion version of the social media platform back online,” Zoneff added. “People who rely on onion services for an extra layer of protection and guarantee that they are accessing the content they are looking for now have one fewer way of doing so safely. Let’s be clear, the need for onion services, use of privacy-focused browsers that protect people's anonymity, and other forms of encryption still persist.”

Twitter launched its now-defunct Tor service days after the social network was blocked in Russia following its invasion of Ukraine. Tor is also known as “The Onion Router,” as it encrypts internet traffic through many layers and routes it through thousands of servers around the world, allowing its users anonymity and the ability to skirt censorship systems.

While Twitter would not say if the launch of its Tor service was directly related to the block in Russia, a spokesperson for the company told TechCrunch at the time that making its service more accessible was an "ongoing priority" for the company.

Twitter has since dismantled its communications department, and as such the company was unreachable for comment for this story.

The company's decision to let its Tor service expire raises more concerns about Twitter's commitment to user privacy and security under Elon Musk’s leadership. The company's security, privacy and compliance leaders all left the company less than two weeks after its turbulent acquisition by Musk. Twitter, which is already falling short on security, according to a whistleblower complaint filed by former head of security Peiter "Mudge" Zatko, is also facing increased scrutiny from the FCC, which has a longstanding agreement with Twitter to ensure privacy protections.

While Twitter has let its Tor service go offline, several other popular websites, including the BBC, Facebook and TechCrunch, have onion addresses. Alec Muffett, a cybersecurity researcher who helped Twitter launch its Tor site last year, has an extensive list available on his GitHub repository.