After months, or really years of testing, Twitter has released what it’s calling the first stage of its rollout of encrypted DMs, which Twitter itself says are not secure as yet, but will improve over time.
Which kind of defeats the purpose, and seems a little misleading, but this is where we’re at on Twitter 2.0.
As you can see in this example, Twitter’s new encryption process will enable users to switch on encryption within their chats. But your messages won’t really be encrypted, at least in the sense that the term normally implies. The functionality is also fairly limited in who can actually use it, which has prompted much criticism from privacy experts.
First off, as Twitter notes, even with this initial version of encryption enabled, your messages aren’t actually safe from third-party manipulation.
“Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone – for example, a malicious insider, or Twitter itself as a result of a compulsory legal process – were to compromise an encrypted conversation, neither the sender or receiver would know.”
Right. So not really encrypted at all.
Twitter’s initial encryption process also operates at the conversation level, not for each individual message, which adds another vector for interference, as anyone who might be able to gain access would then also be able to view the entire message chain.
So it’s not great, and again, definitely not what ‘encrypted’ implies, with even Twitter chief Elon Musk advising users not to trust it.
Early version of encrypted direct messages just launched.
Try it, but don’t trust it yet.
— Elon Musk (@elonmusk) May 11, 2023
So why release it at all? Why would Twitter launch a new feature that suggests a level of security, when it doesn’t actually live up to the expectation that users would have for encrypted messaging?
It does seem like this is Elon’s mode of operation, pumping out in-progress updates as soon as possible, then refining them on the fly, in order to get things moving faster, and keep the pressure on his dev teams.
Which, for a feature like this, is not so great – though if this is also common across all of Musk’s companies, I’d think the risks would be more significant in pumping out half-assed updates for self-driving cars. Or rockets.
In any event, this is what we’re getting. The first stage of encrypted messaging will also be restricted to one-on-one chats between Twitter Blue subscribers only, who’ve messaged each other in the past, and DMs won’t be able to include attachments.
So again, it’s pretty fractured, pretty restricted, and definitely not what ‘encrypted’ implies.
Elon Musk has long touted DM encryption as a key development in establishing greater trust in the app, by enabling people to feel free in sharing whatever they like within their private chats.
Via his ‘Twitter Files’ reports, Musk has highlighted how past Twitter management had access to user DMs, and had worked with governments on several projects, with the implication being that Twitter could have used this info against users, if it so chose. Which is why encryption is so important. But that also begs the question as to why Twitter has decided to roll out this half-baked version as an initial offering.
Twitter had initially delayed its encryption plans, due to its efforts to weed out child abuse material, with encryption potentially offering a safeguard for users who may be engaging with this content. That underlines the key concern about messaging encryption more broadly, that it can also protect criminals from detection – but now, Twitter is apparently more comfortable with this, because it, I guess, has addressed all the issues on this front? (Note: It hasn’t).
I don’t know, it’s a confusing strategy, which seems more focused on making announcements than getting things right. It seems that if you’re going to tell users that encryption is ready, it better actually be ready, otherwise there’s a big risk in misleading people about such capacity.
Maybe that’s the point, I don’t know – I clearly can’t begin the fathom things on the same level as Musk in his genius.
Either way, encryption, kind of, is now available to some Twitter users.