Twitter Launches Not-Actually-Encrypted Encrypted DMs
from the maybe-just-call-them-slightly-obfuscatory-dms dept
For many months now, Elon has been promising encrypted DMs. And, indeed, we’ve pointed out that he’s absolutely correct that this is an important feature, and one that social media services should offer. The fact that he’s brought it up a bunch and it seemed to be a priority was definitely a good thing, and for all the criticism we’ve leveled at Musk for his decisions at Twitter, I was still hopeful that he’d do at least this one good thing.
But, here’s the thing: doing encryption right is hard. It’s very, very easy to mess up. And if you mess up, you don’t really have encryption, you have something potentially worse: you have users who think their messaging is safer than it really is. There’s a reason that Meta, which owns WhatsApp, which already uses Signal’s end-to-end encryption technology, has taken years in trying to figure out how to add end-to-end encryption to its other messaging products. It’s not because they don’t care. It’s because getting it right is ridiculously difficult, and it’s not something you rush out in a couple months.
So, anyway, this week, Elon released the first version of his “encrypted’ DMs, which he’s been teasing for a few weeks now. And, because people falsely accuse me of being unfair to Elon, I’ll start with a bit of praise? I appreciate that the announcement basically tells you just how insecure these “encrypted” DMs are, which is to say they basically admit that they’re not actually encrypted, and they’re certainly not end-to-end encrypted. They’re… sort of pseudo encrypted. Obfuscated, perhaps.
Because here’s the thing: true encryption means you’re able to stop a man in the middle attack. And Twitter flat out admits its “encryption” can’t do that:
Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process–were to compromise an encrypted conversation, neither the sender or receiver would know. We are, however, working on mechanisms for a future release that will:
Points for honesty, I guess?
You almost feel like the blog post announcement is a cry for help from the team of engineers who built this, as it practically screams out “Elon demanded we get this done, and look, this was the best we could do in the period of time he gave us.” I mean, this is a kinda odd thing to see in a product announcement like this:
As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it.
This reads as: “Elon told us he wanted end-to-end encryption, and it had to be released by this date, and we explained that that was impossible, but he demanded we ship something, so we hacked together this thing, which is the best we can do, but it’s not really encrypted.”
Again, though, Twitter could have misrepresented all this and still claimed it was end-to-end encrypted. They… don’t. really. They do call it encrypted. They don’t call it end-to-end encryption. And they’re public about the limitations on it. If they had gone the other direction, I’d imagine they’d be facing a Zoom-like situation, including another fine and FTC consent decree for misrepresenting the security of their encryption.
On top of that, from the explanation given, it does seem like this new way of DMing is at least somewhat more secure than existing DMs, but it’s still subject to very real risks. They’re also launching it for only Twitter Blue subscribers, so you can only use it between two Blue subscribers who want to communicate back and forth with each other in an “only-kinda-encrypted” manner.
Given that you can use Signal or WhatsApp for free, and get real encryption that is more tested and proven, it’s unclear why anyone would bother with Twitter’s offering.
I do still hope that this truly is just a “first step” and this release was simply an attempt to take a public step in the direction of actually encrypted DMs, but released early to appease their mercurial boss.
It would still be a good thing for Elon to implement end-to-end encryption of DMs. But this is not that.
Filed Under: direct messages, e2ee, elon musk, encryption, end-to-end encryption, man-in-the-middle attack
Companies: twitter
Comments on “Twitter Launches Not-Actually-Encrypted Encrypted DMs”
I wonder if that’s the point. Given Musk’s prior cooperation with demands by governments, such as India’s, I imagine what was specifically asked was “end-to-end encryption that still lets us comply with law enforcement orders”. This specification is contradictory, but not-really-encryption like this is close to how I see it implemented.
Sounds encrypted alright.
The thing that is susceptible to man-in-the-middle attacks is not encryption but key exchange and/or session/trust management.
If you ignore that aspect, encryption is good against eavesdropping.
Of course there is no practical way to ignore this without a separate man-in-the-middle-attack-safe channel for exchanging/managing keys.
Re:
Just use public key encryption, where Twitter can store and pass on public keys to the sender, but only the owner of that key can decode the message. The system can be built into am app so that everything is automated, and is safe, so long as the app does not expose the private key.
Re:
….Diffie-Hellman key exchange is a foundational process to modern encryption and one of the first public key protocols. Consisting of a private and public key, It allows a public key to be sent in the open and maintain the secrecy of the underlying message. It was first proposed in 1976.
If you don’t know about public/private key exchange schemes, you know nothing about E2E encryption.
That is the sort of ‘end to end’ encryption that most governments want, that is one open to a man in the middle.
Re:
And what oppressive regimes want, Musk wants.
“They’re also launching it for only Twitter Blue subscribers”
Competing with Telegram for the nazi market? Seems kinda on-brand for Musk.
Bogus encryption added to bogus prestige, well it's consistent at least
On top of that, from the explanation given, it does seem like this new way of DMing is at least somewhat more secure than existing DMs, but it’s still subject to very real risks. They’re also launching it for only Twitter Blue subscribers, so you can only use it between two Blue subscribers who want to communicate back and forth with each other in an “only-kinda-encrypted” manner.
Twitter/Elon: We kinda care about user privacy and security, but only if you pay us to.
The Twitter encryption equivalent of Tesla’s “full self driving” feature
Re:
Since you can use Signal or WhatsApp for free and get real security that has been tried and tested more, it’s hard to see why anyone would use Twitter’s service.
https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/
https://slopegame3d.com
I won’t be surprised if Musk will continue to call it “end-to-end encrypted” not because he is lying. But more because he fundamentally does not understand the difference.
Either way, based on how easily he has rolled over for every single government request, I highly doubt he will have the team do anything further to secure DM’s.
“it’s still subject to very real risks”
Elon selling access to despots is a very real risk.
He knows who had the anonymous accounts.
Re:
Musk helping out his funding-buddy Mohammad Bonesaw find more journalists to dismember.