Report back from Twitter filter fuzzing.
What Twitter is blocking- Twitter is filtering links to known Mastodon instances, but still allows direct links to joinmastodon.org. The filtering seems to happen whenever Twitter's WYSIWYG editor recognizes a valid domain name and that domain happens to be a known Mastodon instance.
- Twitter also allows linking to shortened URLs of mastodon profiles, but only once. Posting the shortened URL a second time doesn't work, implying there's some backend queue service that's checking the
Location header of links and flagging the ones redirecting to Mastodon instances.
How to evade the filters- Email address spam evasion techniques work. Replacing '
.' with ' . ' or [.] or [dot] all work. - URI encoding the hostname. Replace at least one of the characters in the hostname with it's URI encoded version (ex:
. -> %2E, https://infosec.exchange -> https://infosec%2Eexchange). Browsers are smart enough to URI decode anything you copy/paste into the address bar. data: URIs. Twitter does not seem to check base64 encoded data: URIs. It is possible to create a data:text/html;base64,... base64 encoded HTML URI which can be copied into the address bar and will render as HTML. While Twitter will not render data: URIs (for obvious reasons), you can still copy/paste them (at your own risk, of course).- Base64. This seems silly, but we could communicate freely on Twitter by simply Base64 encoding our tweets.
Twitter's anti-Mastodon filtering is clown shoes amateur hour.?
#twitter #birbsite #censorship #filtering #evasion #elmo #muskrat
