Jump to content
  • Twitter source code indicates end-to-end encrypted DMs are coming

    alf9872000

    • 390 views
    • 3 minutes
     Share


    • 390 views
    • 3 minutes

    Twitter is reportedly working on finally adding end-to-end encryption (E2EE) for direct messages (DMs) exchanged between users on the social media platform.

     

    This is a sought-after and massively requested feature that will help protect private communications from anyone sitting between the conversation parties or even legal requests.

     

    Twitter had attempted to prototype an E2EE system back in 2018, naming it "Secret Conversation," but it never materialized as a finished product and was later abandoned.

     

    Recent work on bringing E2EE on Twitter DMs was spotted by mobile researcher Jane Manchun Wong, who found new additions to the source code of Twitter for Android, mentioning "encryption keys" on the platform.

     

    "This number was generated from your encryption keys from this conversation. If it matches the number in the recipient's phone, end-to-end encryption is guaranteed," reads one of the strings in the source code.

     

    Twitter's current owner, Elon Musk, responded to Wong's Tweets with a winking emoji, hinting the feature is indeed under development.

     

    tweet

    Why Twitter needs E2EE

    End-to-end encryption ensures that messages leave the sender in encrypted form and are decrypted on the recipient end to allow reading them.

     

    For this to work, the two parties have to use a cryptographic key pair to encrypt and decrypt the contents of their messages.

     

    In most E2EE implementations, the sender uses the recipient’s digitally signed public key to encrypt their message, and the recipient uses their private key to decrypt it.

     

    In Twitter's case, Wong mentions a "conversation key," so the implemented E2EE method might be "symmetric," meaning that both people in a chat use the same key for encryption and decryption.

     

    tweet

     

    The sender’s message is transformed into unreadable ciphertext and remains in this state while in transit, so any intermediaries, like internet service providers, network snoopers, or even Twitter itself, will not be able to read the message contents.

     

    If Twitter introduces E2EE on DMs, users will feel more comfortable about the security and privacy of their communications under even unfortunate circumstances like platform-impacting hacks.

     

    For example, in July 2020, Twitter admitted that hackers who breached employee accounts and accessed administration panels could read the DM inbox of 36 high-profile users, downloading the contents of seven of them.

     

    If Twitter had E2EE at the time, all the hackers would have gotten access to would be unreadable ciphertext, lessening the impact on the compromised users.

     

    Other messaging platforms/apps using E2EE include Signal, Threema, WhatsApp, iMessage, Viber, Element/Matrix, Tox, Keybase, XMPP, Skype, and Wire.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...