Secure messaging arrives on Twitter

Blog

2 min read
Secure messaging arrives on Twitter

FILE – The Twitter splash page can be seen on a digital gadget, April 25, 2020, in San Diego. Twitter began offering encrypted messaging to select users on Wednesday, May 10th, 2023. Its new service is more like a baby-step than a giant step forward.

Gregory Bull/AP

SAN FRANCISCO, CA (AP) -- Twitter

launched encrypted messaging

Wednesday, select users will be able to communicate in a more secure manner. Its new service is more like a baby-step than a giant step forward.

It lacks the basic security measures that experts believe are essential to protect messages from hackers. Both senders and recipients must subscribe to Twitter Blue for $11 per month ($8 on desktop only) or be affiliated with a verified organization for $1,000 per month plus $50 for each user.

In its official announcement of the launch, the company promised that additional features would be available soon. Elon Musk, CEO of Tesla Motors, issued a warning via Twitter:

Do not trust the results until you have tried it.

'

What is encrypted messaging again?

Messages sent via email, Twitter, direct messages, or any other method -- whether they are sent by email, Twitter, or another means -- can be intercepted and read by others. This includes the companies that offer message services. These companies may also be ordered to produce messages from users in response to an official subpoena.

Encryption offers protection from spies, and nosy online neighbors. It encrypts messages so only the sender or recipient can decipher it.

SO HOW DOES TWITTER'S NEW ENCRYPTION STACK UP?

Signal and ProtonMail are the gold standard for secure messaging. They use strong encryption (end-to-end) to protect messages, so that nobody else -- including companies themselves -- can see them.

Twitter doesn't do this at the moment. Currently, Twitter's encrypted messages are susceptible to a'man in the middle' attack. This allows an attacker to enter an encrypted conversation and listen in or even modify messages while they're being sent. Twitter is able to do this.

'The acid-test is that even if I had a gun on my head, I would not be able to see your DMs.'

Musk Tweeted on Tuesday

Twitter hasn't quite reached that point yet.

Twitter does not offer a way to report messages that are encrypted for harassment or abuse. However, it is possible to block specific senders.

ARE THERE OTHER DRAWBACKS?

Twitter, for example, only allows encrypted messages to be sent directly to another person. Twitter has announced that it will be'soon expanding encryption' to groups. The company also says that encrypted messages are limited to links and text; images, videos, and other attachments will not be supported for a while.

Twitter encryption does not provide 'forward secrecy', which prevents an attacker from reading messages sent before and after the user obtained their private key.

Twitter's official document states that forward secrecy is not compatible with users' expectations of being able to access their messages in the cloud. The company does not plan to provide forward secrecy.

Final issue: There's no way for users to set encryption as a default. They'll need to choose it each time they begin a new conversation.