720-891-1663

Twitter Attempts to Create Encrypted Messaging

Twitter wants to offer a whole bunch of services under one roof, so expect more of these.

But, there are two strategies – best of breed and one throat to choke.

Twitter is, apparently, going after the one throat to choke model.

In the best of breed model, you pick the best tools you can find or afford, even though it makes managing things more difficult.

In the one throat to choke model, you pick a vendor and use all of their products, even though many of them are not very good, because it makes managing them easier.

Let’s talk about what Twitter has done so far. I am sure it will improve.

  • The strategy is move fast, break things, with the long term goal of “I could not see your DMs even if there was a gun to my head”. THAT IS NOT TRUE TODAY! The bad news is that there are already a dozen or more platforms that can do that today. Yawn.
  • The will also be adding voice and video chat – like Whatsapp, iMessage, Signal and others do today. One interesting feature is that since it is going to based on your Twitter handle and not your phone number, it is going to take a warrant to see who it is. See more about that below.
  • It is turned off by default – why? Is that to make the police happy? Twitter says they have gotten about a thousand requests from the cops to unmask Twitter handles in the last six months, so why off by default. Maybe because they expect it to be buggy.
  • Interesting privacy side note. Before Musk bought Twitter, they complied with about 50 percent of government requests. After Musk, it is 83 percent. So much for the “gun to my head” comment.
  • You can only get these sort of private messages if you are a paying customer. That will likely expand once the paying users debug the code.
  • You can only receive encrypted messages if you pay. So this is a “premium” service only between paying customers on both ends.
  • You have to select encrypted messaging every single time you want to send an encrypted message, unlike the competitors that do it by default. The error rate is probably like 50% on that.
  • Group messages are not encrypted at all
  • Twitter does not protect against woman-in-the-middle attacks, meaning that if a hacker – or Twitter – were to sit in the middle of the conversation, they can read everything.
  • Unlike other encrypted messaging services, you cannot “report” threatening or harassing encrypted messages to Twitter.
  • If you log out of Twitter, all of your encrypted messages will be deleted. That is a security feature, I suspect. When you log back in, it will download all your encrypted messages again. DO NOT use this feature if you are on a pay for bandwidth connection like is common in Europe. If you use encrypted messages frequently, that is a lot of downloading. Unless you stay logged in, which they prefer.
  • There is no perfect forward secrecy, so if your key is ever compromised, every message you have ever sent is compromised.

What this means is that right now this is a toy and you should not use it for anything important. But, Twitter can say that they now have some form of encrypted messaging.

It will get better over time. Just not yet.

Credit: The Register and Twitter

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *