Tanzania blocked Twitter/X

On 30th August 2024, OONI data suggests that some ISPs in Tanzania blocked access to X (formerly known as Twitter).

The following chart aggregates OONI measurement coverage from the testing of Twitter/X in Tanzania between 3rd August 2024 to 2nd September 2024.

From the above chart, we can see that Twitter/X was previously mostly accessible in Tanzania, presenting a low volume of anomalies throughout the testing period. These anomalies were mainly present on Simply Computers Tanzania (AS327900), where most measurements from the testing of twitter.com have presented anomalies (with an “ssl_unknown_authority” error) since 10th June 2024. We quickly analyzed these measurements and found that access to twitter.com is blocked on this network through the use of a Sophos filtering device which implements TLS man-in-the-middle (MITM) attacks. However, as we found signs of TLS MITMs in the measurements of many other websites (beyond Twitter/X), we believe that this is likely the result of some corporate filtering policy (as opposed to censorship implemented for all users on this network).

On 30th August 2024, we observed a spike in anomalies on multiple networks in Tanzania, suggesting that access to Twitter/X was blocked for many users in the country. The strongest signals of Twitter/X blocking are observed on the following networks: Vodacom Tanzania (AS36908), Habari (AS36909), Tigo (AS37035), and Airtel (AS37133). On these networks, access to Twitter/X appears to be blocked by means of TLS interference. Specifically, OONI data shows the timing out of the session after the Client Hello message during the TLS handshake (which is similar to how we have found other blocks implemented in Tanzania).

Before the TLS connection is secure and encrypted, the user sends an initial message called the "Client Hello" that is unencrypted. This (unencrypted) message includes (amongst other things) the Server Name Indication (SNI) which specifies the domain name of the service that the user wants to access. This means that a censor can read this unencrypted message and terminate the connection before it's even encrypted. If that service is part of some "censorship list", they can selectively terminate connections towards it. Being able to do this type of network-level monitoring and selective filtering usually requires the use of some Deep Packet Inspection (DPI) technology.

In this specific case, OONI measurements show that even though the connection to the Twitter IP is successful, as soon as the user requests the Twitter domain (twitter.com) during the unencrypted “Client Hello” message of the TLS handshake, the TLS connection immediately fails (resulting in a timeout error). As we observe the same pattern in multiple Twitter/X measurements on several different networks on the same day (30th August 2024), OONI data suggests that ISPs in Tanzania blocked access to Twitter/X by means of TLS interference.

Most subsequent Twitter/X measurements in Tanzania (from 31st August 2024 onwards) were found accessible, suggesting that the Twitter/X block may have been lifted.

If you are in Tanzania, you can test Twitter/X and contribute more measurements by running OONI Probe.