Musk Does Have Some Good Ideas: Encrypting DMs Would Be Huge, But…
from the it's-not-as-easy-as-he-thinks dept
We’ve been somewhat critical of Elon Musk‘s tenure as Twitter owner and CEO (I think for fairly good reasons), but he does have a few good ideas. Lead among them, wanting to enable encrypted direct messages (DMs). He’s mentioned it before, but also had this slide in a recent internal presentation he gave:
There’s not much to go on with that slide, given that… it just says “Encrypted DMs” and appears to have an image of… existing, unencrypted DMs.
However, Jane Manchun Wong, who is basically a wizard in sniffing out new features and new code being tested on Twitter (and elsewhere) notes that she’s seen snippets of code referencing Signal Protocol for encrypted DMs already showing up inside the Twitter iOS app.
Of course, it appears that’s old code. Like so many things that Elon trots out, these were ideas that Twitter was already exploring, though it did appear that encrypted DMs was shelved. Jane had also spotted encrypted DM testing all the way back in early 2018 as well.
That said, it looks like the new code… is just the old code that Twitter had worked on being dusted off. Former Twitter engineer Brandon Carpenter notes that the code that Jane spotted was really his own code from that 2018 test, quote tweeting Jane and noting “Oh look! Some code I wrote four years ago.”
For what it’s worth, Brandon also laid out one of the issues they had back in 2018, which was in the process of trying to obtain a license from Signal, Moxie Marlinspike, Signal’s founder, ghosted them for weeks when he just decided to go sailing without telling anyone. I’ve seen some people question why anyone would need a license from Signal, considering that Signal Protocol is an open protocol that anyone can use. But, it’s not easy to do it right, and there are many, many reasons to get Signal’s seal of approval before trusting the encryption.
On a… let’s say related note… Twitter’s former Chief Information Security Officer, Lea Kissner wrote out a very interesting and useful thread about the general pitfalls of trying to implement end-to-end encryption, especially in a web app. Suffice it to say it is not easy, and is not something you rush through or things are going to go very, very badly. There are big questions to consider, including how do you handle lost keys, how do you handle stolen keys, how do you handle abuse, and much, much more.
This has all proven challenging for others as well, including Facebook’s very slow efforts to roll out more end-to-end encryption among its various messaging products with a much larger team.
Still, it’s good that Elon considers this important, and one hopes that he can actually get it done, and at least implement less bad answers to some of the many questions that have stymied other teams looking to implement end-to-end encryption. Of course, it may also mean being willing to stand up against government demands and threats regarding encryption, something that we don’t know if Elon is actually willing to do.
On the whole, though, even as he’s made many other mistakes, it’s worth celebrating his stated support for more encrypted messaging.
Filed Under: e2ee, elon musk, encryption, end to end encryption, signal protocol
Companies: signal, twitter
Comments on “Musk Does Have Some Good Ideas: Encrypting DMs Would Be Huge, But…”
I guess this proves the saying about broken clocks being correct twice a day.
But the trolls say…
WhY aRe YoU sO bIaSeD aGaInSt ElOn MuSk, MiKe?!?!
Re:
Is a trolling comment about trolls really a valuable addition to conversation here?
Want better for yourself, Mr. Abram.
Re: Re:
Fair enough. It’s just that trolls on TechDirt seem to be as inevitable as copyright infringement and content moderation so I thought I’d mock the inevitable trolls coming here.
This comment has been flagged by the community. Click here to show it.
Long Term Benefit
Implementing end-to-end encrypted DMs would probably do wonders toward getting governments to abandon their requests to surveillance users. It’s also a great way to reduce the need to hire people to interface with the busybody agencies.
Re:
How are you this naïve after having been on Techdirt for this long?
Re:
The US treats iMessage, facebook, and signal encrypted communications as inherently criminal and has long sought forced decryption. While a good step, this is not an anticipated benefit of such a move.
Re:
Sure fucking worked in Singapore, all right.
Oh wait, the government managed to get access to a PRIVATE FACEBOOK POST. After basically spamming Facebook with requests to surveil dissidents.
Yes, the post was probably unencrypted. So what? It isn’t gonna stop authoritarian shitholes from spamming requests or deploying software like what the NSO Group sold to catch dissidents.
Re: Re:
You really seem to have a hate-on for Singapore. I’ve seen you comment on other articles and your one-track posts on this one country reek of xenophobia.
Re: Re: Re:
The summation of this guy’s posts is essentially “US ruined Singapore”, “China ruined Singapore”, and “Singapore doesn’t let be faaaaabulous enough”. But it makes him a sexual minority and a bastion of love and inclusivity so that makes it OK.
Re: Re: Re:2
I’d rather describe myself as an angry demon from the violent portion of Hell, hellbent on destroying humanity through violent means rather than spreading what the white supremacists think of as “sexual and racial degeneracy”. Complete with a big enough gun to blow a hole into Mars.
I don’t shatter any myths, unfortunately. I merely reinforce lies the Singapore government say about themselves.
Re: Re: Re:
I would guess that he lives there (or lived there) and doesn’t like it. Occam’s razor and all that…
Re: Re: Re:2
Yes. I hate Singapore enough to want to see the nation nuked from orbit. Bonus points for me being born there and holding that accursed citizenship.
I get constant reminders that the place is basically a dream to most people, and it only makes me madder because no one cares to dig deep enough. Oh, yes, we’re not on Indonesia’s level of garbage (actual genocide happened there and the government in Indonesia PROMOTES it) but letting China do whatever it wants is far worse.
And no, last I checked, I’m a hated cisgender male asshole. Just because I see the LGBT+ as people doesn’t mean I’m a special snowflake, it makes me a civil and existential threat to the white worshippers in power.
Musk’s work to destroy Twitter is far more than just some “mistakes”. He’s done intentional shit-stirring and lying whilst replatforming his fascist buddies and multiple accounts of progressives and his critics being suspended. I don’t have to celebrate an asshole having one good idea. If Truth Social or Parler got E2E Encryption, I wouldn’t be giving them any praise, that’s for sure. Hell, they could already have E2E Encryption and we just don’t know or care about it because they’re platforms for nazis.
What would a nerd do?
I know this is not a technology site per se, but encrypted DM’s using basic methods is very easy nowadays.
If an app is used, its simply an encrypted outbox that transfers the e2e DM when the recipient is online.
No technology trickery involved and no intermediary to store-and-forward.
Using the twitter web portal would require store-and-forward services, but twitter could easily code-and-go encrypted DM’s today if they chose to.
Just about any app could do e2e DM’s if both parties use it. And even if it was rocket science, gotta update all those sayings for Elon twitter :p
What a genius.
Encryption. Everyone but LEOs knows it’s necessary to protect our privacy, security, finances, and rights.
Good on Musk for figuring that out. What a genius.
And… bringing up 4 year old code. I’d be curious if Brandon would add to “My code from 4 years ago” and explain why that never made it to prod.
Hes sacking alot of the most talented programmers and workers at twitter,its doubtful if twitter has the resources to encrypt dms ,remember even facebook has to follow the laws of different countrys some with laws that say the police can acess any data they might say is a threat to the state.i think elon has lots of ideas some of which are awful,random or make no sense.
if they enable encryption they can say we dont have acess to user dm,s ,saves employing staff to acess data for police court orders
Good job on the screenshot policy.
This Tweet is from an account that no longer exists. Learn more
Musk Does Have Some Good Ideas: Encrypting DMs Would Be Huge, But...
…at this point, he’s probably fired and/or alienated everyone who might have helped him see that trough.
Careful what you wish for
https://arstechnica.com/information-technology/2022/09/matrix-patches-vulnerabilities-that-completely-subvert-e2ee-guarantees/
All the encryption in the world is for naught if the key-exchange protocol has glaring issues. Not the first time having been bitten by their implementation of Signal encryption methods either…