Twitter’s Encrypted DMs Are Deeply Inferior To Signal And WhatsApp
Elon Musk has finally made good on his promise to launch encrypted direct messages on Twitter. However, like most attempts to add end-to-end encryption to an existing platform, it's a mixed bag of good, bad, and ugly. The good news is that Twitter has added an optional layer of security for a small group of users, which has never been available on Twitter's platform in its 16-plus years online. On the other hand, the bad and ugly aspects of the new feature are quite extensive.
On Wednesday night, Twitter announced the launch of encrypted direct messages, which Musk had assured users would come from his earliest days running the company. To Twitter's credit, it published an article on its help center detailing the feature's strengths and weaknesses with uncommon transparency. Unfortunately, there are many weaknesses, as the article highlights.
Twitter appears to have stopped short of calling the feature "end-to-end" encrypted, which would imply that only users on either end of the conversation can read messages, as opposed to hackers, government agencies, or even Twitter itself. In essence, the feature falls short of the standard that Musk had set when he said, "If someone puts a gun to our heads, we still can't access your messages." Although Twitter is working on it, the company is not there yet.
In reality, the description of Twitter's encrypted messaging feature seems like a list of the most serious flaws in every existing end-to-end encrypted messaging app, combined into one product. Additionally, there are a few extra flaws that are unique to the platform. For example, the encryption feature is opt-in, and it's not turned on by default, unlike Facebook Messenger, which has been criticized for this decision. Furthermore, it doesn't explicitly prevent "man-in-the-middle" attacks that enable Twitter to invisibly fake users' identities and intercept messages, which is a major flaw in Apple's iMessage encryption. The feature doesn't include "perfect forward secrecy," which makes spying on users more difficult even after a device is temporarily compromised. It doesn't allow for group messaging or even sending photos or videos. Finally, the subpar encrypted messaging system is currently restricted to verified users who are messaging each other and most of whom pay $8 a month, which significantly limits the network that can use it.
