zen icon indicating copy to clipboard operation
zen copied to clipboard

Published 20 hours ago verified publisher icon anfragment

[Mac] Twitter (Currently "X") App Broken

Open MisutaaAsriel opened this issue 9 months ago • 5 comments
trafficstars

Description

When using Zen, the Twitter (currently "X") app does not operate, returning an error for all operations. This does not happen in the browser with x.com — only the app.

Version

v0.7.2

Operating System

macOS 15.3

Steps to Reproduce

  1. Open the app
  2. Start Zen
  3. Open X

Additional Context

The Twitter (currently "X") app is an iPad app on Apple Silicon Macs with Mac enhancements. The app functions with Zen disabled. Whitelisting t.co, twitter.com, and x.com is not enough to remedy issues (still broken).

MisutaaAsriel avatar Jan 29 '25 20:01 MisutaaAsriel

Even when disabling all lists, starting Zen results in Twitter (currently "X") breaking. It would appear something about how Zen itself works breaks network requests made from the app.

My current user rules list:

@@||x.com
@@||*.x.com
@@||twitter.com
@@||*.twitter.com
@@||t.co
@@||*.t.co
@@||twitter.co
@@||*.twitter.co
@@||cdn.cms-twdigitalassets.com
@@||twimg.com
@@||*.twimg.com
@@||twtrdns.net
@@||twttr.com
@@||twitpic.com
@@||tweetdeck.com
@@||twitterinc.com
@@||twitteroauth.com
@@||twitterstat.us

MisutaaAsriel avatar Jan 29 '25 20:01 MisutaaAsriel

Hello @MisutaaAsriel! Thanks for the thorough report.

It looks like the Twitter app uses certificate pinning, which prevents requests from going through. Regarding the rules list, the exclusions in "My rules" prevent certain requests from being filtered but do not disable HTTPS proxying. To disable HTTPS proxying for specific hosts, you can add them to "Ignored Hosts" in Settings. In my local testing, adding x.com and twitter.com to the list resolves the issue.

Image

We actually maintain a permanent list of these hosts, but I’m hesitant to include these by default, as to not degrade ad-blocking and privacy protections for the majority of users who browse Twitter via a browser.

By the way, would you be interested in writing a short paragraph or two to document the bypass?

anfragment avatar Jan 30 '25 15:01 anfragment

Any news regarding this?

Zero3K avatar Apr 01 '25 20:04 Zero3K

@Zero3K None so far. Would you be interested in writing the relevant documentation?

edit: In case you were wondering if the underlying issue is going to get fixed - I don't think so, at least not in the foreseeable future. This past argument still stands:

We actually maintain a permanent list of these hosts, but I’m hesitant to include these by default, as to not degrade ad-blocking and privacy protections for the majority of users who browse Twitter via a browser.

anfragment avatar Apr 03 '25 20:04 anfragment

Speaking of X, search on it is broken when Zen is being used.

Zero3K avatar Apr 03 '25 21:04 Zero3K