Twitter launches encrypted DMs for paid users

But the feature comes with many limitations.
Loukia Papadopoulos
Twitter headquarters.jpg
Twitter headquarters.

Sundry Photography/iStock 

Twitter has officially launched encrypted DMs for paid users. However, the security feature doesn’t yet live up to Musk’s claim that he will implement end-to-end (E2E) encryption for complete privacy.

This is according to a report by 9to5Mac published on Thursday.

In a new tweet, even Musk himself claimed you shouldn't trust his service yet.

This is because Twitter messages have not been encrypted in any form yet. Musk has made a promise to fix this, stating that “the acid test is that I could not see your DMs even if there was a gun to my head.” This means he will have to install E2E encryption.

Meanwhile, security engineering executive Christopher Stanley said the firm was introducing “phase 1” of encrypted DMs.

“Super excited about launching Phase 1 of our Encrypted DM’s project! Twitter seeks to be the most trusted platform on the internet, and encrypted Direct Messages are an important part of that,” he said.

“As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it. Until then, here is the Encrypted Direct Message we are releasing – a new way of communicating on Twitter that will appear as separate conversations alongside your existing Direct Messages in your inbox.”

Limited protection

Twitter’s support documents clearly state that current messaging features have limited protection.

“Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process–were to compromise an encrypted conversation, neither the sender or receiver would know,” states the document, according to 9to5Mac while revealing it is working on some additional mechanisms that are bound to make these attacks less frequent.

“When signature checks and safety numbers are implemented, man-in-the-middle attacks should be difficult, if not impossible, and both senders and recipients should be alerted in the event of an attack.”

The question on everyone's mind remains when will E2E encryption be implemented?

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board