nitter.net certificate expired on 15:08:30 GMT

[IdfbAn]

No description provided.

[TheHCJ]

Luckily, this doesn't impact usability due to the removal of guest accounts #1154

[serhiisp]

Luckily, this doesn't impact usability due to the removal of guest accounts #1154

"You cannot visit nitter.net right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."

[TheHCJ]

Luckily, this doesn't impact usability due to the removal of guest accounts #1154

"You cannot visit nitter.net right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."

I mean't that the website doesn't even work 😅

[zacanger]

Not the first time: #714 (comment) is there any reason not not have certbot renew in crontab on the reference instance?

[zedeus]

Nitter is dead.

[cmj]

yes. thank you for all your work.

[zacanger]

Nitter is dead.

Just skimmed the other issues. This sucks, but wasn't really unexpected given the way X has been going. Thanks for all your work over the last 5 years.

[BarbzYHOOL]

Nitter is dead.

noooooooooooooooooooooooooooooooooooooooooooo

[lolcatw]

@zedeus
Thank you for the service and the time you spent making this. Maintaining a project like this is very time consuming.

It's clear to me that the only path forward is gated communities, selfhosted on private networks. You did what you could and I commend you for that. Thanks again.

[kurisufriend]

there goes all my interaction with twitter as a website :D

[Sqaaakoi]

Nitter is dead.

Thank you for your service. I like opening everything sent to me in incognito/private mode, and Nitter made the modern "Twitter" work for me properly. It had to happen eventually, and I'm sad it has, but forgetting about Twitter entirely is probably the best thing to do. I understand not wanting to fight against a lost cause of a website. Again, thank you.

[Mr-Andersen]

Thank you for making twitter bearable. Nitter will be missed

[IdfbAn]

Nitter is dead.

Other instances (at least https://nitter.unixfox.eu) seem to still work, at least for me, so I don't think it's time to declare Nitter dead just yet.

[TheHCJ]

Thank you for everything ❤️

[SnowzNZ]

apolgy for bad english it is my first languagen’t

where were you when nitter die

i was at house eating dorito when phone ring

“nitter is kil”

“no”

[leafstrat]

The project can always transition into being a faster front-end utilizing user-credentials which would be easier to maintain compared to always trying these guest token gimmicks and utilizing "secret tokens" from old embedded systems and what not.

The main appeal for me was how speedy it was, rather than it allowing anonymous twitter usage.
I think this is a more productive way to go anyway, requiring user authentication, otherwise you have all sorts of people using these generously hosted projects to lazily scrape.

[lnoss]

The main appeal for me was how speedy it was, rather than it allowing anonymous twitter usage.

Meanwhile, the README:

A free and open source alternative Twitter front-end focused on privacy and performance.

[leafstrat]

@lnoss I understand. 👍🏻

But personally I'd rather the project continues in a vein that's actually realistic for the circumstances, rather than discontinuing altogether or requiring all these cat and mouse games for zedeus and co trying to fight Twitter.

[9Morello]

Thanks for supporting it for this long. Nitter was a fantastic piece of software that allowed me to see links from Twitter other people sent me, without loading their terrible web app.

I agree with @lolcatw , there's no point in playing this cat and mouse game with Twitter. The winning move is to not play it at all. If you want a vaguely similar experience, use distributed services that don't fight against their own users.

[Chiroyce1]

Is it not viable at all to keep a public instance? I might use nitter once or twice a week, but I guess with several thousand users that does add up in requests.

[cristeigabriel]

But personally I'd rather the project continues in a vein that's actually realistic for the circumstances, rather than discontinuing altogether or requiring all these cat and mouse games for zedeus and co trying to fight Twitter.

It seems like you want something very different then, so why don't you do it?

you have all sorts of people using these generously hosted projects to lazily scrape

Excuse me for seeing some irony with the aforementioned in mind.

[Pawlicker]

Thanks for supporting it for this long. Nitter was a fantastic piece of software that allowed me to see links from Twitter other people sent me, without loading their terrible web app.

I agree with @lolcatw , there's no point in playing this cat and mouse game with Twitter. The winning move is to not play it at all. If you want a vaguely similar experience, use distributed services that don't fight against their own users.

"that don't fight against their own users" is the funniest thing given that invite-only Bluesky is basically very much centralized and Mastodon instances can feel like they're run by forum moderators. Or to quote one internet artist, "why should I use Bluesky if I'll get 2 retweets while on Twitter I'll get 100"?

The reason Nitter was used so much has to do with the fact that Twitter is still the center of cultural discussions online, at least in the mainstream sense. Elon Musk knows this, which is why he can get away with forcing logins, just like how there are stories of people turning off the adblockers because of the YouTube nag screens. The only people who end up using fedi religiously are banned from Twitter or are too abrasive for it, and this is the inconvenient truth (look how many Mastodon users have inactive accounts, you'll be surprised).

There needs to be a culture shift somehow to move the zeitgeist away from Twitter, but as of now it's going to stay there.

[amogusussy]

Nitter is dead.

Long live nitter.

[TheBSODAndWSODFan]

btw, if you type thisisunsafe in "your connection is not private", it will bypass the hsts or certificate error. so, nitter still works in my side

[TheBSODAndWSODFan]

if you using a phone to access nitter, try using otg keyboard, and type thisisunsafe

Screen_Recording_20240128_233533.mp4

[Chiroyce1]

btw, if you type thisisunsafe in "your connection is not private", it will bypass the hsts or certificate error. so, nitter still works in my side

Sure it works but I don't think its a great idea to use it over http

[Silur]

We need more heroes like you, thanks for the years of selfless effort to save the internet

[cassepipe]

You'll be missed

[Rudicron]

The output result goes into guest_accounts.jsonl

@cmj thanks! Unfortunately your gist didn't work for me, but #983 (comment) works.

I ran the python script python twitter_login.py and copied the output values into the guest_accounts.json file as recommended here #983 (comment):

# twitter_login.py
import requests
import base64

username = ""
password = ""
TW_CONSUMER_KEY = "3nVuSoBZnx6U4vzUxf5w"
TW_CONSUMER_SECRET = "Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys"
TW_ANDROID_BASIC_TOKEN = "Basic {token}".format(
    token=base64.b64encode(
        (TW_CONSUMER_KEY + ":" + TW_CONSUMER_SECRET).encode()
    ).decode()
)
# print(TW_ANDROID_BASIC_TOKEN)


authentication = None
bearer_token_req = requests.post(
    "https://api.twitter.com/oauth2/token",
    headers={
        "Authorization": TW_ANDROID_BASIC_TOKEN,
        "Content-Type": "application/x-www-form-urlencoded",
    },
    data="grant_type=client_credentials",
).json()
bearer_token = " ".join(str(x) for x in bearer_token_req.values())
print(bearer_token)

# The bearer token is immutable
# Bearer AAAAAAAAAAAAAAAAAAAAAFXzAwAAAAAAMHCxpeSDG1gLNLghVe8d74hl6k4%3DRUMF4xAQLsbeBhTSRrCiQpJtxoGWeyHrDb5te2jpGskWDFW82F
guest_token = requests.post(
    "https://api.twitter.com/1.1/guest/activate.json",
    headers={
        "Authorization": bearer_token,
    },
).json()["guest_token"]
print(guest_token)

twitter_header = {
    "Authorization": bearer_token,
    "Content-Type": "application/json",
    "User-Agent": "TwitterAndroid/9.95.0-release.0 (29950000-r-0) ONEPLUS+A3010/9 (OnePlus;ONEPLUS+A3010;OnePlus;OnePlus3;0;;1;2016)",
    "X-Twitter-API-Version": "5",
    "X-Twitter-Client": "TwitterAndroid",
    "X-Twitter-Client-Version": "9.95.0-release.0",
    "OS-Version": "28",
    "System-User-Agent": "Dalvik/2.1.0 (Linux; U; Android 9; ONEPLUS A3010 Build/PKQ1.181203.001)",
    "X-Twitter-Active-User": "yes",
    "X-Guest-Token": guest_token,
}

session = requests.Session()


task1 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    params={
        "flow_name": "login",
        "api_version": "1",
        "known_device_token": "",
        "sim_country_code": "us",
    },
    json={
        "flow_token": None,
        "input_flow_data": {
            "country_code": None,
            "flow_context": {
                "referrer_context": {
                    "referral_details": "utm_source=google-play&utm_medium=organic",
                    "referrer_url": "",
                },
                "start_location": {"location": "deeplink"},
            },
            "requested_variant": None,
            "target_user_id": 0,
        },
    },
    headers=twitter_header,
)

session.headers["att"] = task1.headers.get("att")
task2 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    json={
        "flow_token": task1.json().get("flow_token"),
        "subtask_inputs": [
            {
                "enter_text": {
                    "suggestion_id": None,
                    "text": username,
                    "link": "next_link",
                },
                "subtask_id": "LoginEnterUserIdentifier",
            }
        ],
    },
    headers=twitter_header,
)

task3 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    json={
        "flow_token": task2.json().get("flow_token"),
        "subtask_inputs": [
            {
                "enter_password": {"password": password, "link": "next_link"},
                "subtask_id": "LoginEnterPassword",
            }
        ],
    },
    headers=twitter_header,
)

task4 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    json={
        "flow_token": task3.json().get("flow_token"),
        "subtask_inputs": [
            {
                "check_logged_in_account": {"link": "AccountDuplicationCheck_false"},
                "subtask_id": "AccountDuplicationCheck",
            }
        ],
    },
    headers=twitter_header,
).json()

for t4_subtask in task4.get("subtasks", []):
    if "open_account" in t4_subtask:
        authentication = t4_subtask["open_account"]
        break
    elif "enter_text" in t4_subtask:
        response_text = t4_subtask["enter_text"]["hint_text"]
        code = input(f"Requesting {response_text}: ")
        task5 = session.post(
            "https://api.twitter.com/1.1/onboarding/task.json",
            json={
                "flow_token": task4.get("flow_token"),
                "subtask_inputs": [
                    {
                        "enter_text": {
                            "suggestion_id": None,
                            "text": code,
                            "link": "next_link",
                        },
                        "subtask_id": "LoginAcid",
                    }
                ],
            },
            headers=twitter_header,
        ).json()
        print(task5)
        for t5_subtask in task5.get("subtasks", []):
            print(t5_subtask)
            if "open_account" in t5_subtask:
                authentication = t5_subtask["open_account"]


print(authentication)

# {
# 	'attribution_event': 'login',
# 	'known_device_token': 'XXXXXXXXXXXXXXXXXXXXXX',
# 	'next_link': {
# 		'link_id': 'next_link',
# 		'link_type': 'subtask',
# 		'subtask_id': 'SuccessExit'
# 	},
# 	'oauth_token': 'XXXXXXXXXXXXXXXXXXXXXX',
# 	'oauth_token_secret': 'XXXXXXXXXXXXXXXXXXXXXX',
# 	'user': {
# 		'id': 'XXXXXXXXXXXXXXXXXXXXXX',
# 		'id_str': 'XXXXXXXXXXXXXXXXXXXXXX',
# 		'name': 'XXXXXXXXXXXXXXXXXXXXXX',
# 		'screen_name': 'XXXXXXXXXXXXXXXXXXXXXX'
# 	}
# }

If you replace the
"subtask_id": "LoginAcid",
in task 4 with
"subtask_id": "LoginTwoFactorAuthChallenge",
this script will work for accounts that have 2FA setup; the script will ask for the 2FA code, and then it should give you a valid token.

(assuming that you haven't already tried a bunch of times in the last ~30 minutes or so.)

[beansofhell]

The output result goes into guest_accounts.jsonl

@cmj thanks! Unfortunately your gist didn't work for me, but #983 (comment) works.
I ran the python script python twitter_login.py and copied the output values into the guest_accounts.json file as recommended here #983 (comment):

# twitter_login.py
import requests
import base64

username = ""
password = ""
TW_CONSUMER_KEY = "3nVuSoBZnx6U4vzUxf5w"
TW_CONSUMER_SECRET = "Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys"
TW_ANDROID_BASIC_TOKEN = "Basic {token}".format(
    token=base64.b64encode(
        (TW_CONSUMER_KEY + ":" + TW_CONSUMER_SECRET).encode()
    ).decode()
)
# print(TW_ANDROID_BASIC_TOKEN)


authentication = None
bearer_token_req = requests.post(
    "https://api.twitter.com/oauth2/token",
    headers={
        "Authorization": TW_ANDROID_BASIC_TOKEN,
        "Content-Type": "application/x-www-form-urlencoded",
    },
    data="grant_type=client_credentials",
).json()
bearer_token = " ".join(str(x) for x in bearer_token_req.values())
print(bearer_token)

# The bearer token is immutable
# Bearer AAAAAAAAAAAAAAAAAAAAAFXzAwAAAAAAMHCxpeSDG1gLNLghVe8d74hl6k4%3DRUMF4xAQLsbeBhTSRrCiQpJtxoGWeyHrDb5te2jpGskWDFW82F
guest_token = requests.post(
    "https://api.twitter.com/1.1/guest/activate.json",
    headers={
        "Authorization": bearer_token,
    },
).json()["guest_token"]
print(guest_token)

twitter_header = {
    "Authorization": bearer_token,
    "Content-Type": "application/json",
    "User-Agent": "TwitterAndroid/9.95.0-release.0 (29950000-r-0) ONEPLUS+A3010/9 (OnePlus;ONEPLUS+A3010;OnePlus;OnePlus3;0;;1;2016)",
    "X-Twitter-API-Version": "5",
    "X-Twitter-Client": "TwitterAndroid",
    "X-Twitter-Client-Version": "9.95.0-release.0",
    "OS-Version": "28",
    "System-User-Agent": "Dalvik/2.1.0 (Linux; U; Android 9; ONEPLUS A3010 Build/PKQ1.181203.001)",
    "X-Twitter-Active-User": "yes",
    "X-Guest-Token": guest_token,
}

session = requests.Session()


task1 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    params={
        "flow_name": "login",
        "api_version": "1",
        "known_device_token": "",
        "sim_country_code": "us",
    },
    json={
        "flow_token": None,
        "input_flow_data": {
            "country_code": None,
            "flow_context": {
                "referrer_context": {
                    "referral_details": "utm_source=google-play&utm_medium=organic",
                    "referrer_url": "",
                },
                "start_location": {"location": "deeplink"},
            },
            "requested_variant": None,
            "target_user_id": 0,
        },
    },
    headers=twitter_header,
)

session.headers["att"] = task1.headers.get("att")
task2 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    json={
        "flow_token": task1.json().get("flow_token"),
        "subtask_inputs": [
            {
                "enter_text": {
                    "suggestion_id": None,
                    "text": username,
                    "link": "next_link",
                },
                "subtask_id": "LoginEnterUserIdentifier",
            }
        ],
    },
    headers=twitter_header,
)

task3 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    json={
        "flow_token": task2.json().get("flow_token"),
        "subtask_inputs": [
            {
                "enter_password": {"password": password, "link": "next_link"},
                "subtask_id": "LoginEnterPassword",
            }
        ],
    },
    headers=twitter_header,
)

task4 = session.post(
    "https://api.twitter.com/1.1/onboarding/task.json",
    json={
        "flow_token": task3.json().get("flow_token"),
        "subtask_inputs": [
            {
                "check_logged_in_account": {"link": "AccountDuplicationCheck_false"},
                "subtask_id": "AccountDuplicationCheck",
            }
        ],
    },
    headers=twitter_header,
).json()

for t4_subtask in task4.get("subtasks", []):
    if "open_account" in t4_subtask:
        authentication = t4_subtask["open_account"]
        break
    elif "enter_text" in t4_subtask:
        response_text = t4_subtask["enter_text"]["hint_text"]
        code = input(f"Requesting {response_text}: ")
        task5 = session.post(
            "https://api.twitter.com/1.1/onboarding/task.json",
            json={
                "flow_token": task4.get("flow_token"),
                "subtask_inputs": [
                    {
                        "enter_text": {
                            "suggestion_id": None,
                            "text": code,
                            "link": "next_link",
                        },
                        "subtask_id": "LoginAcid",
                    }
                ],
            },
            headers=twitter_header,
        ).json()
        print(task5)
        for t5_subtask in task5.get("subtasks", []):
            print(t5_subtask)
            if "open_account" in t5_subtask:
                authentication = t5_subtask["open_account"]


print(authentication)

# {
# 	'attribution_event': 'login',
# 	'known_device_token': 'XXXXXXXXXXXXXXXXXXXXXX',
# 	'next_link': {
# 		'link_id': 'next_link',
# 		'link_type': 'subtask',
# 		'subtask_id': 'SuccessExit'
# 	},
# 	'oauth_token': 'XXXXXXXXXXXXXXXXXXXXXX',
# 	'oauth_token_secret': 'XXXXXXXXXXXXXXXXXXXXXX',
# 	'user': {
# 		'id': 'XXXXXXXXXXXXXXXXXXXXXX',
# 		'id_str': 'XXXXXXXXXXXXXXXXXXXXXX',
# 		'name': 'XXXXXXXXXXXXXXXXXXXXXX',
# 		'screen_name': 'XXXXXXXXXXXXXXXXXXXXXX'
# 	}
# }

If you replace the "subtask_id": "LoginAcid", in task 4 with "subtask_id": "LoginTwoFactorAuthChallenge", this script will work for accounts that have 2FA setup; the script will ask for the 2FA code, and then it should give you a valid token.

(assuming that you haven't already tried a bunch of times in the last ~30 minutes or so.)

they likely have a blacklist of ips. and somehow detect if a user is using a VPS
make sure its a docker on your own machine
use
https://github.com/sekai-soft/freebird

it works for me... but not on my VPS, alltho likely because I am using ARM so IDK

im able to use it... and you can use tailscale on it too !!!!!!!

[ProGamerGov]

How it feels watching all the Nitter instances die out, like the timelines from Loki:

Source video with somber music: https://www.youtube.com/watch?v=UKAuH-fEXPE

[iiTzRichie]

Looks like most instances have started failing with the exception of a select few, but their time is short. Thank you @zedeus (and other devs) for your work 🫡.

Anyone got any suggestions for Twitter RSS alternatives? I do have a Twitter account, but I'm not experienced enough with coding and all that to set up a private Nitter instance. I guess if all else fails then I really will have to go back to that shithole.

(Wasn't there something about Jack, and other ex people from Twitter, starting anew and making another Twitter-like platform?)

(There is also Threads, which is on the Fediverse, meaning that it actually fully supports third-party instances, but honestly I see Threads eventually shutting down)

[lukefromdc]

I have warned people that once all nitter instances stop working, I will no longer be able to see anything they post to Twitter without a direct link to that exact tweet. For me the reason for using Nitter has been to be able to see chronological timelines without an account.

[uberspringer]

How come sotwe.com still works? I have no clue about the technicalities but there I can view at least recent tweets without an account. You just need to refresh the page (using the browser not the built in refresh button) if it does not turn up results.

[abdulisik]

I think the above comment is spam / advertisement, feel free to ignore. Made from a new account for a random website.

[nukeop]

I don't think so, looks like a genuine post. Don't make stuff up

[uberspringer]

I think the above comment is spam / advertisement, feel free to ignore. Made from a new account for a random website.

Not spamming or shilling. The site works and doesn't seem to try to sell me something, although I wouldn't know since I use uBlock.

Genuinely curious how they can accomplish this and if it's possible for Nitter to do the same. I have no clue who runs it and there is barely any information about it online. I thought to bring it to attention since it was mentioned that there does not seem to be a way to revive nitter this time. So why can't Nitter do what Sotwe does?

[TheHCJ]

I think the above comment is spam / advertisement, feel free to ignore. Made from a new account for a random website.

Not spamming or shilling. The site works and doesn't seem to try to sell me something, although I wouldn't know since I use uBlock.

Genuinely curious how they can accomplish this and if it's possible for Nitter to do the same. I have no clue who runs it and there is barely any information about it online. I thought to bring it to attention since it was mentioned that there does not seem to be a way to revive nitter this time. So why can't Nitter do what Sotwe does?

Without UBO it does seem to try and sell you an membership on the https://www.sotwe.com/pricing page

[nukeop]

And? They provide a service that many here would like to use.

[lukefromdc]

NoScript and Disconnect together also disable the attempt to sell a membership by sotwe.com and it does in fact work, no idea for how long, no idea if it's safe for anyone using a default browser with all the trackers and 3ed party crap turned on. If they ever require a membership I will treat that as a shutdown

[uberspringer]

Sotwe seems to not work for me anymore even after changing IPs. Any ideas why? Is it the same for anyone else?

[lukefromdc]

They seem to have set up Cloudflare either incorrectly so everything gets blocked, or they may be blocking all nondefault browser configurations that could indicate someone who cannot be monetized. I think they must have changed their settings from "challenge" to "block," as I always got the hcaptcha challenge with my browsers.

No way I am going to expose a default browser to Sotwe or to Twitter, I don't do ad-enabled anything. Unless another solution is found, I am back to considering Twitter as DOWN except for following direct links to individual tweets. I normally respond to Cloudflare challenges by closing the tab anyway.

[nukeop]

You can just install uBlock and block ads.

[lukefromdc]

I have very comprehensive ad and tracker blocking on all browsers. Not lifting any of that to pass Cloudflare blocks.