in a new supporting documentTwitter has detailed what you can expect from the first version of the platform’s encrypted direct messages. Perhaps most notably, in order to send and receive encrypted messages, you’ll have to pay Twitter to do so. Platforms like WhatsApp, Messenger, Signal, and iMessage already offer encrypted messages for free, so having to pay for the feature on Twitter can be a tough pill to swallow.
According to the document, encrypted DMs are only available if you are a verified user (someone who pay for Twitter Blue), a verified organization (an organization who pays $1,000 per month), or an affiliate of a verified organization (which costs $50 per month per person). Both the sender and recipient must have the latest version of the Twitter app (on mobile and web). And an encrypted DM recipient must either follow the sender, have messaged the sender in the past, or accept a DM request from the sender at some point.
If you’re someone who can send encrypted messages to someone who can receive them, you’ll see a lock switch while composing a message. In an encrypted conversation, you’ll also see a small lock icon next to the avatar of the person you’re chatting with. Encrypted DMs will be separated from non-encrypted ones.
Currently, encrypted DMs have some limitations and one very big flaw. You can only send them in one-on-one conversations; Twitter says it will bring the feature to groups “soon.” You can only send text and links. And Twitter warns that it has no protections against man-in-the-middle attacks. “As a result, if someone, say a malicious insider or Twitter itself as a result of mandatory legal process, compromised an encrypted conversation, neither the sender nor the receiver would know about it,” Twitter says.
The company is planning mechanisms to make man-in-the-middle attacks more difficult and alert users if one occurs. “As Elon Musk said, when it comes to direct messages, the standard should be, if someone puts a gun to our head, we still can’t access their messages,” the company wrote. “We are not there yet, but we are working on it.”
Twitter also notes that while messages and reactions to encrypted DMs are encrypted, “the metadata (recipient, creation time, etc.) is not, and neither is the linked content (just the links themselves, not the links themselves). any content they refer to is encrypted). ”
Encrypted DMs seem to be a priority for Musk; it’s a feature he explained as part of “Twitter 2.0” for employees in November. But blue checkmarks are unpopular enough already, and I doubt forcing him to pay for an important feature that he can easily get for free elsewhere will improve his reputation.