Twitter’s encrypted direct messages are sorely inferior to Signal and WhatsApp

Elon Musk’s fiancé The launch of encrypted direct messages on Twitter has arrived. Like most attempts to add end-to-end encryption to a massive existing platform, never an easy proposition, there are good, bad and ugly. The Good: Twitter added an optional layer of security for a small subset of its users that has never existed in Twitter’s 16+ years online. As for the bad and the ugly: Well, that list is much longer.

On Wednesday night, Twitter announced the launch of encrypted direct messages, a feature that Musk had assured users of since his early days at the helm of the company. To Twitter’s credit, he accompanied the new feature with a article about your help center breaking down the strengths and weaknesses of the new feature with unusual transparency. And as the article points out, there are many weaknesses.

In fact, the company appears not to have called the feature “end-to-end encrypted,” the term which would mean that only users on both ends of the conversations can read the messages, rather than hackers, government agencies they can eavesdrop. those messages, or even Twitter itself.

“Like Elon Musk sayingWhen it comes to direct messages, the standard should be, if someone puts a gun to our head, we still can’t access their messages,” the help desk page reads.” I’m working in it”.

In fact, the description of Twitter’s encrypted messaging feature that follows that initial warning reads almost like a laundry list of the most serious flaws in every existing end-to-end encrypted messaging app, now all combined into one product. , along with a few more. flaws that are all yours.

The encryption feature is optional, for example, it’s not turned on by default, a decision for which Facebook Messenger has drawn criticism. It does not explicitly prevent man-in-the-middle attacks that would allow Twitter to invisibly spoof user identities and intercept messages, long considered the most serious flaw in Apple’s iMessage encryption. It does not have the “perfect pass secret” feature that makes it difficult to spy on users even after a device is temporarily compromised. It does not allow group messages or even sending photos or videos. And perhaps most seriously, it currently restricts this mediocre encrypted messaging system to only verified users messaging each other, most of whom must pay $8 per month, greatly limiting the network you could use.

“This is clearly no better than Signal or WhatsApp or anything that uses the Signal Protocol, in terms of features, in terms of security,” says Matthew Green, a professor of computer science at Johns Hopkins who focuses on cryptography, referring to Signal. Messaging app that is widely considered the modern standard in end-to-end encrypted calls and text messages. Signal’s encryption protocol is also used in both WhatsApp’s default encrypted communications and Facebook Messenger’s optional encryption feature known as Secret Conversations. (Both Signal and WhatsApp are free, compared to $8 per month for a Twitter Blue subscription that includes verification.) should use those things instead if you really care about safety,” says Green. “And they’ll be easier because you won’t have to pay $8 a month.”


Scroll to Top