from Hacker News

Twitter's onion service is serving an invalid TLS certificate since 3/6/2023

by NOWHERE_ on 11/11/23, 5:49 PM with 46 comments

  • by gaganyaan on 11/11/23, 6:08 PM

    Not surprising. That seems like something he wouldn't care about up until it could somehow be used to own the libs or whatever. There's probably nobody left that even knows about the onion service.

  • by ocdtrekkie on 11/11/23, 6:08 PM

    This is the sort of thing that if it even exists at a large company is a pet project of one enthusiast, and obviously that enthusiast was laid off. I doubt a single person at Twitter today cares if their onion service works.

  • by silas on 11/11/23, 7:04 PM

    Also noticed that the Status page linked from the logged out https://twitter.com page has been expired since Aug 29.

    Not especially interesting, but probably an indication that some of the non-core stuff is getting overlooked.

  • by mattsan on 11/11/23, 6:07 PM

    I can hear the people in charge on the onion service that were fired laughing

  • by ThePowerOfFuet on 11/11/23, 6:20 PM

    Why are they even using TLS? Onion services bring their own security.

  • by jimrandomh on 11/11/23, 8:56 PM

    Given that Twitter is the target of a lot of manipulation attempts, some of which come from intelligence agencies, having a .onion service seems like an actively bad thing. This seems like the sort of thing that a spy who snuck through the hiring process would build. Leaving it unmaintained seems worse than taking it down (especially since that implies a lack of monitoring that would invite abuse), but it definitely ought to go down.

  • by devilkin on 11/11/23, 7:06 PM

    I guess they'd care if they could monetize it.

  • by stathibus on 11/11/23, 6:34 PM

    Twitter should not care about having an onion service.

    Great example of a distraction that the Musk downsizing properly removed.

  • by WallyFunk on 11/11/23, 6:01 PM

    I don't understand the premise of Twitter having an .onion hidden service. They're anti-anonymity, at least from my experience, where they extorted my phone number from me so I could continue to use their service. Mixing PII with Tor defeats the purpose of anonymity. You're immediately outed by providing a phone number or even en e-mail.