Twitter has officially started rolling out support for Encrypted direct messaging (DM) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature by November 2022.
“Phase 1” of this initiative will appear as a separate conversation alongside the direct messages already in users’ inboxes. Encrypted chats carry a padlock icon badge to visually distinguish them.
However, opt-in features are currently limited to verified users or affiliates to verified organizations. Senders and recipients must also be using the latest version of the Twitter app on Android, iOS and desktop web.
That said, the feature is currently limited to verified users or affiliations to verified organizations. Senders and recipients must also be using the latest version of the Twitter app on Android, iOS and desktop web.
Another criterion for sending and receiving encrypted messages is that the recipient must be following the sender, have sent messages to the sender before, or have received a direct message request from the sender at some point.
While Twitter did not disclose the exact method it uses to secure messages, the company says it uses a “combination of strong cryptographic schemes” to encrypt messages, links and user reactions.
It is further stressed that encrypted chat content remains encrypted while being stored on its infrastructure, which is then decrypted on the receiving end. The implementation is expected to be open source later this year.
That said, the nature of the work-in-progress also means that it doesn’t support encrypted group conversations or the exchange of media and other file attachments. Some other important limitations are as follows –
- Users can only register up to 10 devices to send and receive encrypted messages.
- New devices (on which the Twitter app was reinstalled) cannot participate in existing encrypted conversations
- Logging out of Twitter will prompt all messages including encrypted DMs to be deleted from the current device
It also says the current architecture does not “offer protection against man-in-the-middle attacks” and makes no guarantees forward secrecya critical security measure that ensures that compromise of a single session key will not affect data shared in other sessions.
“If the private key of a registered device is compromised, the attacker will be able to decrypt all encrypted messages sent and received by that device,” Twitter said, adding that it had no plans to restore the restrictions guarding larger users. experience in mind.