Twitter Post Musk Takeover Technical Details

Although I haven't posted about it here, I've not be shy to share my thoughts on Elon Musk's acquisition of Twitter on social media. In short: he's ruined Twitter. I've been using Twitter since before July 2011 (my first account was deleted). Twitter was one of my favorite social networks, but late last year I started using Mastodon more (and this year I created my own Mastodon server). Just recently, I blocked all Twitter domains on my home network using my DNS server.

Recently, I found two extremely interesting things I wanted to discuss.

Site Note: throughout this post I'll be posting ^ with links to evidence of what I'm seeing. Obviously with how fast Elon Musk is ruining Twitter, there is a chance this stuff won't remain online for long. Domain

Twitter's network infrastructure is sophisticated. Their name server (host of their DNS records) points to subdomains of ^. While I can't confirm that Twitter owns, my guess is they do. Regardless of that, they have their own autonomous system number: AS13414 ^. Which for simple terms, means they are basically running their own internet service provider. They are dealing with levels far more advanced and complicated than just standard DNS records.

So when Elon Musk announced Twitter was going to be re-branded to X, you expected at least the user facing stuff to be rebranded to, right? After all, Musk said: "it's not just a name change". would likely have it's name server records moved to would redirect to would change registrars to Twitter's CSC CORPORATE DOMAINS, INC. registrar to be aligned.

Except no. None of that happened. redirects to (seemingly using a Cloudflare ^ redirect ^). is still registered with GoDaddy (you know it's bad when you have an entire Wikipedia article discussing your controversies) ^.

So the question becomes why? Why is Elon Musk redirecting X to Twitter instead of the other way around? Why hasn't he consolidated his infrastructure systems?

My guess is that because he fired everyone he has no one left with experience with how to do this stuff. Which is extremely dangerous for a company that runs it's own network infrastructure at the level Twitter does. This isn't your simple AWS EC2 instances that Twitter is running.

If you wanna delve a bit more into crazy theories, one could assume that Elon Musk knows Twitter won't last, and he doesn't want to lose his seemingly precious domain that he seemingly cherishes a LOT. If that was the case, keeping separate from Twitter's network infrastructure makes a lot of sense. One more seemingly interesting note that (kinda, not really) backs this up: the redirect to Twitter uses a 302 temporary redirect HTTP status code ^, as opposed to a 301 permanent redirect code. This doesn't really prove very much, and a logical explanation could be that there are long term plans to have redirect to As I said, crazy theories.

Tor Onion Service

In March 2022 (1 month before Elon Musk initiated the acquisition), Twitter launched a Tor onion service. This was a huge step forward to provide enhanced privacy and anonymity on the social network.

However, a year later it stopped working, due to it's certificate expiring. There are many arguments for and against Tor onion services needing HTTPS certificates or not, which I won't get into here. All I'll say is that HTTPS certificates for Tor onion services are not needed in the same way they are for the standard web.

However, if you navigate to Twitter's onion service at https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/ and bypass the certificate warning, it responds properly, no timeouts or anything, but doesn't actually function properly ^. This seems to indicate that either they either intentionally stopped supporting it, or they broke something and didn't bother to fix it (or maybe didn't even realize).

The fascinating thing about this tho, is that Twitter is still advertising their onion service on the standard website. I assumed at first this was because Twitter no longer had any backend engineers working that knew how to modify the header responses required to fix this (which is bad enough). But after looking through the header responses, the Onion-Location header didn't show up at all ^.

This puzzled me for a bit, and made me wonder if Tor Browser had it's own list of onion services for common websites. On the surface this seems plausible, but also seems to go against some of Tor's objectives. As a open source non profit, it doesn't seem in their interest to cherry pick some onion services to be embedded right in the application.

So at this point after digging for a while, I decided to ask ChatGPT.

I went a website and Tor Browser says ".onion available". The domain I entered was not a .onion domain. How does it know there is a .onion version of the site that is available?

Tor Browser can find out whether a site can be accessed via a .onion (Tor Network) URL in two ways:
1. HTTP headers: Websites can include an Alt-Svc HTTP header in their responses that specify an alternative service, such as a .onion service. Tor Browser checks for this header whenever you load a web page.
2. DNS TXT records: Websites can also publish a DNS TXT record, onion-location, specifying their .onion address. Tor-enabled browsers like Tor Browser can perform a DNS lookup for this TXT record when you try to access the website.
If a .onion version is available, Tor Browser can notify users providing an additional option for secure and private browsing.

After doing some digging on the DNS TXT records (Twitter doesn't even respond with an Alt-Svc header ^), it turned out to be a dead end. Turns out neither of those statements are accurate or true. (Thanks ChatGPT).

So I decided to do some searching on some Tor forums and consider asking some more involved members of the Tor project what is going on here. But that's when I came across this Tor Stack Exchange comment. Turns out Tor Browser also looks for the meta http-equiv="onion-location". On the surface I doubted this very much. They clearly know how to modify front end code. How difficult would it be to take out 1 meta tag for an onion location equivalent header that doesn't even work anymore? I get that it's probably not at the top of their priority list, but this is partly about taking pride in your product you're offering and focusing on the small details. I guess this is Elon Musk we're talking about tho, so maybe my expectations are too high.

I eagerly copied the HTML response into VS Code, and sure enough ^:

<meta http-equiv="onion-location" content="https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/" />

🤯. Just wow. It would have made more sense to me if it was some back end configuration HTTP header they couldn't find. But this is right on your front end HTML page. Advertising to devices that you run a Tor onion service that doesn't work at all. Talk about false advertising.

When computers add headers or meta tags like this, they are communicating just like humans do. This is the spread of disinformation just like has plagued Twitter since Musk's takeover.

I also want to point out that for users using the Tor Browser there is an option in settings called: Prioritize .onion sites when known with the options of Always or Ask every time. For those users with that setting set to Always (sadly I forget what the default is), you're automatically redirected to this non functional onion service whenever you go to Creating an absolutely awful user experience.

Now. If we wanna quickly dive into crazy theories once again. We could ask if this is intentional behavior by Elon Musk? Does he want to intentionally create an awful user experience for users who care about privacy and anonymity? Well, he's continuously discussing how much of a problem bots are on Twitter. It wouldn't be a stretch for him to conflate anyone seeking privacy as a bot since he can't identify them for advertising selling purposes. The question would then become why doesn't he just block all Tor exit nodes then and completely cut off Twitter from Tor? Personally, I'm very skeptical that anyone left at the company even knows how to do that in their firewall or block rules. Again, kinda crazy theory, but at this point, with all the craziness that has gone on since he acquired Twitter, these crazy theories are becoming more and more plausible.


Twitter is in a downward cycle. I don't see this trend reversing anytime soon. I'd highly encourage everyone to take a look at decentralized alternatives such as Mastodon, Bluesky, and others. Owning your own data and connections is critical, and although I'm sad to see the downfall of Twitter (a platform I truly loved), part of me hopes the downward cycle continues as it pushes more people towards decentralized options.

If you ever have any questions or want to chat about decentralized social media feel free to reach out and contact me.