Design by Seif El-Din Ahmed/Al Manassa, 2026

Discord chat app is popular among Gen Z users, facing government shutdowns around the world.

Behind the padlock: How Egypt quietly blocked Discord

Al Manassa

Published Sunday, January 18, 2026 - 14:57

On Jan. 11, 2026, hundreds of thousands of Egyptians encountered a sudden and silent wall. The popular chat app Discord had become unusable inside the country. Users reported that the app was stuck in a permanent state of “connecting” or froze while loading—an issue that persisted for nearly two days. But a closer look reveals that this wasn’t a technical glitch. It was a deliberate act.

That same week, a grassroots campaign emerged on a Discord group called GenZ002. Members launched an online poll titled “The People’s Referendum to Impeach El-Sisi,” which quickly gained traction, drawing over 500,000 responses so far. The surge in engagement spilled onto other platforms, fueling viral Arabic hashtags for his impeachment.

While the poll was not technically restricted to Egyptians or youth—and thus lacked legal or demographic precision—its popularity alone seemed to prompt a digital backlash. Discord went dark across major Egyptian networks.

So, what exactly happened?

In this investigation, Al Manassa documented, in collaboration with the digital rights group Masaar, a countrywide outage of Discord on Jan. 11 and 12. The service became accessible again just before midnight on the 12th.

A technical post-mortem

Masaar and Al Manassa carried out technical measurements using two of Egypt’s largest internet providers, WE and Vodafone. We focused on two core service domains that underpin Discord’s functionality: gateway.discord.gg, responsible for real-time communications like voice chats and message exchange, and discord.com, which hosts the main website and account services.

By testing each domain separately, our research could determine whether the disruption was partial or complete. The results were clear. Both domains were impaired, and on both networks.

This was not Egypt’s typical style of blocking, which usually stops a connection outright. Here, the connection started normally, but stalled at the point where it should switch to a secure, encrypted channel. In effect, Discord failed just before it could go live.

That pattern strongly indicates what experts call “targeted interference” at the earliest phase of a secure connection—a telltale sign of Deep Packet Inspection (DPI). This sophisticated method intercepts data in transit, scans it for particular traits (like service names), and disrupts the connection before full encryption takes over.

This technical fingerprint was consistent across both networks and both Discord domains, suggesting the disruption originated from within Egypt’s internet infrastructure, not from users’ devices or settings.

Layered verification: How we proved it

To ensure rigor, the investigation unfolded through a multi-layered approach that would allow each method to corroborate or challenge the others, ensuring a high degree of verifiability. The first step involved using the Open Observatory of Network Interference ( OONI), a widely respected tool in the field of internet censorship research. Through OONI, we broke down each connection attempt into clear phases.

We found that while users in Egypt could successfully resolve Discord’s service domains and initiate a Transport Control Protocol (TCP) handshake, the process consistently failed at the Transport Layer Security (TLS) handshake stage—the point at which the connection is meant to transition into a secure, encrypted session.

In simpler terms, the attempt reached the front door but was denied entry the moment it knocked.

To eliminate the possibility of a global outage or issues on Discord’s end, external control tests were conducted. These confirmed that gateway.discord.gg returned a 404 response code and discord.com gave a full 200 OK response when accessed from outside Egypt—evidence that the services were operational and accessible globally. This contrast made it clear that the disruption was localized, not universal.

The second layer of the investigation focused on manual testing and the reproduction of the connection behavior through diagnostic tools familiar to network engineers. Using netcat, we verified that port 443, which is the standard port for HTTPS traffic, was open and reachable on both Discord domains. This eliminated any suggestion that the port itself was blocked.

Following this, CURL was used to initiate a connection and trace its progression. The tests showed that while the domain was resolved and the TCP layer succeeded, the TLS handshake broke down at the very first secure message—the ClientHello. No reply ever came back from the server, and the session timed out.

For more precise feedback, our researchers turned to OpenSSL s_client, a command-line utility used to diagnose SSL/TLS issues. The pattern held firm: the connection would begin, the ClientHello would go out, but no ServerHello ever came back. The server’s silence forced the client to give up after a long pause, leading to a timeout with an exit code that matched the stalled behavior observed in real-world use.

This alone suggested interference at the point where encryption negotiations begin. But the turning point came when the same tests were run under identical network conditions while varying only one factor: the name of the service being requested. When the Service Name Indication (SNI)—a field inside the TLS handshake that declares which service the user is trying to reach—was set to discord.com or gateway.discord.gg, the connection predictably failed.

But when we substituted a different name, such as cloudflare.com, or removed the SNI altogether, the connection succeeded immediately. This confirmed beyond reasonable doubt that the blocking mechanism was triggered by the SNI string itself—in other words, by the name “Discord.”

The third and most conclusive layer came from packet capture analysis. Using Pcapdroid to record traffic and Wireshark to analyze it, the team observed the behavior of Discord in a live usage session. They saw the application initiate a TCP handshake successfully, then transmit a ClientHello containing the SNI that identified Discord as the intended service. That message was sent, but the expected ServerHello never arrived.

Instead, the connection simply hung until, after nearly a minute of silence, it was forcibly shut down by the server via a RST/ACK packet. This was not a timeout caused by network unreliability or weak signals—it was a hard stop. Crucially, this pattern appeared in both of Discord’s key domains, showing that the issue was not limited to one side of the platform.

Meanwhile, other TLS sessions from the same app—to third-party services like sentry.io, which Discord uses for logging and telemetry—proceeded without interruption. These connections completed their TLS handshakes, exchanged data, and remained stable throughout the session. This ruled out general network instability or device-specific issues.

What the data tells us

The evidence paints a compelling picture. This wasn’t a blanket outage. It wasn’t a problem at Discord’s end. It wasn’t a case of bad user settings. It was a selective, name-based disruption likely executed using Deep Packet Inspection (DPI).

Egypt didn’t block Discord at the domain or IP level as usual. It let the connection begin, sniffed the service name, and then killed it.

This method allows governments to surgically target specific services without tipping off users through more obvious error messages. It also allows for plausible deniability. The app appears to be “trying” to connect, masking what is, in fact, a deliberate and calculated block.

And then, just as quietly, it ended.

Sometime after 11 pm on Jan. 12, the block was lifted. Discord sprang back to life, resuming connections without explanation.

Egyptian authorities have offered no public acknowledgment of the disruption.

Why it matters

This incident marks a new chapter in Egypt’s long history of internet censorship. The use of DPI-style blocking is more covert and more difficult to trace than traditional shutdowns. It reflects an evolution in censorship strategy—one designed to intimidate and confuse rather than overtly restrict.

Other platforms popular with younger users, like Clubhouse and Telegram, have faced unexplained outages in Egypt in the past. The pattern is becoming clear. When online organizing grows bold, the digital noose tightens.

The GenZ002 referendum was not indicative in anyway, yet its visibility was enough to trigger a response. In a state that fears mobilized youth, even a symbolic vote can be perceived as a threat.

The state responded, not with laws—but with an invisible code that made a whole app vanish.

The danger of this technique lies not just in its stealth, but in its replicability. It signals a shift from blocking content to blocking communication itself.

The app froze. The users waited. The line stayed open, but the voice was gone.

(*) A version of this story first appeared in Arabic on Jan. 15, 2026

Offline by order: Iran’s internet blackout

Science & Technology_

Amid rising protests, Iran’s internet collapsed in hours. What does CloudFare Radar data reveal about the scale, timing, and intent behind the blackout?

Mohammad El-Taher_ 14-1-2026

Offline by order: Iran’s internet blackout

Fax machines to AI: Can real journalism survive the algorithm?

Science & Technology_

From a seized fax machine to Google Gemini, Mansour traces how independent journalism in the Arab world is squeezed between state repression, Big Tech power, and AI.

Khaled Mansour_ 8-12-2025

Fax machines to AI: Can real journalism survive the algorithm?

The Banned Gas: Methyl bromide is still flooding Egypt's farmland

Science & Technology_

Despite a ban, Egypt imports thousands of tons of methyl bromide. Farmers use it widely, risking health and the ozone layer.

Ibrahim Atallah_ 11-9-2025

The Banned Gas: Methyl bromide is still flooding Egypt's farmland

Not everybody is ready for the fall of the AI house of cards

Science & Technology_

AI isn’t for everyone. When the free ride ends, access will shrink, and much of the Global South, including Egypt, could be locked out of the next digital revolution.

Abdelrahman Ghareeb_ 26-8-2025

Not everybody is ready for the fall of the AI house of cards

Digital blackout: How the Israeli attack triggered Iranian internet collapse

Science & Technology_

Amid Israel-Iran warfare, Iran’s internet infrastructure collapsed in June 2025—triggering a historic blackout shaped by cyberattacks, state control, and digital warfare.

Mohammad El-Taher_ 25-6-2025

Digital blackout: How the Israeli attack triggered Iranian internet collapse

Alaa Abdel Fattah’s quadrilogy: Blogging, Linux, politics, and prison

Science & Technology_

The multifaceted legacy of Alaa Abd El-Fattah, Egypt’s most prominent political prisoner, whose contributions to digital activism and free expression continue to inspire.

Mohammad El-Taher_ 2-5-2025

Alaa Abdel Fattah’s quadrilogy: Blogging, Linux, politics, and prison