Encrypted DMs on Twitter Might Not Be as Safe As You Think

Twitter has been enduring a veritable firestorm of controversy after recent actions that were taken by CEO Elon Musk. When the Turkish government asked Musk to censor certain parts of the site, the CEO was quick to comply. Many criticized this as going against his notion of unrestricted freedom of speech, but in spite of the fact that this is the case the CEO has remained adamant that his decision was in the best interest of Twitter users themselves.

With all of that having been said and now out of the way, it is important to note that this is not the only controversy Twitter has been facing as of late. The messy rollout of its encrypted DMs feature has also been going extremely poorly. The feature was in the development phase since 2018, and Musk finally rolled it out a few days ago after teasing it back in November.

However, it turns out that the so called encryption that these DMs offer misses the mark by a longshot. For one thing, the DMs will not have end to end encryption which will therefore make them far more susceptible to being intercepted than might have been the case otherwise.

The company acknowledged these limitations in a recent blogpost, stating that their messages are certainly susceptible to man in the middle attacks. This would make it extremely easy for someone to obtain messages, and even an individual that is working at Twitter would be able to spy on them fairly easily with all things having been considered and taken into account.

The main issue with this feature is that it requires users to trust Twitter with their privacy and safety. Unlike other services like WhatsApp that offer end to end encryption which prevent anyone, including people working at the company, from reading these messages, Twitter has a complete list of all of the public encryption keys that are generated.

While the private key will still only be on the device, anyone working at Twitter can swap them out and pair them with the publicly available keys to access private and personal messages. This just goes to show that Twitter has a long road ahead of it if it wants its encrypted messages to become as popular as those of WhatsApp, Facebook Messenger or other applications that are in this league.
To make matters worse, Twitter has also lied about auditing this feature. In a now deleted tweet, project head Christopher Stanley claimed that a cybersecurity firm by the name of Trail of Bits will audit the implementation of the feature. The deletion of the tweet indicates that he may not have known what he was talking about, and sources at Twitter confirmed that no such contract had even been signed with Trail of Bits at the time of the tweet’s posting.

Musk himself has also admitted that while users can try out encrypted DMs, they can’t really trust it right now. It will be interesting to see how his successor, Linda Yaccarino, will be handling things from here on out. Musk is leaving behind a huge mess for her to clean up, and encrypted DMs are just one of the many things she might have to fix.

H/T: TheVerge

Read next: Google’s Privacy Sandbox All Set To Replace Third-Party Cookies For A More Privacy-Focused Approach
Previous Post Next Post