“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
You must log in or register to comment.
Dude, even X’s AI, Grok, distrusts the CEO.
Twitter rolls out encryption for direct messages but with key limitations
Both the sender and recipient must be verified, while group conversations and attached media aren’t supported by the encryption.
For an existing chat, tap the Info icon. If the option is available, you’ll see a button for Start an encrypted message that you can just click. For a new chat, turn on the switch to enable encrypted mode. Write your message, and then send it.
So what is the difference between what they’re rolling out and what they added in 2023? Support for more users, maybe? Support for non-verified users?
EDIT: Apparently it had been disabled earlier this week?
https://www.theverge.com/news/676171/xs-encrypted-dms-are-being-put-on-pause
This article implies that it was to address some of the limitations in the 2023 feature, though isn’t explicit about what is being addressed:
According to the document, encrypted DMs are only available if you are a verified user (somebody who pays for Twitter Blue), a verified organization (an organization that pays $1,000 per month), or an affiliate of a verified organization (which costs $50 per month per person). Both the sender and recipient must be on the latest version of the Twitter app (on mobile and web). And an encrypted DM recipient must follow the sender, have sent a message to the sender in the past, or accept a DM request from the sender at some point.
The question is whether this actually is E2EE, as it’s easy to fake by using a man in the middle attack and hard to prove. The only real way to prove it for sure is to run a third party security audit, like Signal does.
Taking down the old system doesn’t inspire confidence either, as this downtime could easily been used to interrupt old conversations in order to implement a way to decrypt the messages on the servers before passing it on to the actual recipient, as all keys would have to be re-issued.
Somehow I don’t believe them.
Maybe the mods should add another rule to the sidebar saying only negative X posts are allowed, since that’s clearly all the “community” wants lol.
The fact this is being treated as bad news is unbelievable.
I think it’s because many people (including me) doubt it’s actually private and secure. The last thing you should ever trust xitter with is your privacy and security. If it actually is private and secure, that’s great
What are you basing your doubts on? When has X under Musk had anything happen to doubt their encryption? You think the guy fighting for free speech and ending people getting in trouble for what they say is going to lie about this?
I’m not the one who you asked, but I’d still give some feedback of my own. Musk as a person is a difficult character. I would even go as far as calling him narcissistic.
- He got thrown out of PayPal for his incessant micromanagement and disruptions to the flow of the company
- he bought himself into Tesla to replace the CEO with himself
- he tends to depict himself as one of the greatest tech geniuses out there, yet often the plans he presents to the public are often poorly thought out and serve no other purpose than to show his “talents”
- when his proposal to build a tiny submarine for the Than Luang cave rescue was shot down and a British diver was chosen instead he resorted to call the diver a “pedo guy”
- his latest attempts in politics, especially concerning DOGE feel completely half baked and, again, how he presents himself in his position feels more like an ego trip than something more reasonable
- he publicly had talks with the controversial German political party “Alternative für Deutschland”, which are currently legally considered “assured right-wing extremists” and have had a history of having Nazis and Nazi sympathisers in their ranks
I generally can’t trust someone who seems to put himself first at everything to handle anything related to security when the role allows him to exploit it for his own gains. And I do not trust someone who supports political groups known for trying to oppress minorities to defend actual rights for free speech.
When has X under Musk had anything happen to doubt their encryption?
Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.
There’s plenty of other stories out there of Musk’s ego interfering with his staff’s ability to do their jobs properly.
Most recently, the new DOGE has suffered substantial security lapses, associated with under-hiring and under-provisioning against cyber security threats, under Musk’s leadership.
Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter’s own staff, training, technology or processes. This was arguably not a huge problem for an almost fully public messaging platform, but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.
The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff. X arguably has little to none of that going for it, today.
There’s very little reason to assume that X, under Musk’s current leadership, has correctly securely implemented end-to-end encryption, and there are reasonable reasons for people to fear that E2EE developed at X may have serious security flaws.
Most recently, the new DOGE has suffered substantial security lapses,
Did they? What? The made up ones where people claimed that DOGE gave russian hackers access to databases despite DOGE never even requesting access to their systems?
Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter’s own staff, training, technology or processes.
Funny that you say this after you said this:
Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.
So twitters staff, training, technology and processes were the source of these embarrassing incidents…but then Musk shouldn’t have gotten rid of them?
but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.
And there’s nothing to say that it is incorrectly implemented other than hopes and dreams by people who want it to be.
The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff.
Absolutely not true lol. Secure end to end encryption is a solved problem. It’s not hard to implement.
It’s not hard to implement.
Oh sweet summer child.
Software developer with 20+ years of experience here, but go on, tell me all about how it’s hard :)
Rules were put in place to stop trackers like that as they are massive security risks, borderline doxing.
Yes they comply with the laws of the countries that they operate in. That’s part of doing business in a country. They challenge any government requested censorship in court whenever they can. No one else challenges them.
Source?
Haha! Yeah, sure it is.
Who holds the encryption keys? If it’s X/Twiiter, I wouldn’t trust it at all, especially considering who owns it.
The guy who champions free speech?
Were you being serious with that or sarcastic?
Are you? Because X is the only platform that’s legally fighting against government ordered censorship. X is the only social media platform that pretty much only bans you if you break the law, instead of banning you the second you question the echo chambers preferred message.
It’s not. They have been caught steering traffic over and over again. If you say anything Elon dislikes and it starts getting attention, their algorithm will hide your posts once Elon tells it to. Elon LOVES censorship so long as he’s in control of it.
You’ve got zero evidence of that lol. Their algorithm is open source btw.
See the “lol” everyone? It means he’s trying make my assertion sound ridiculous because he didn’t have a way to counter it and doesn’t want believe it. People do this on the internet so they can pretend they are winning.
So you do have evidence? Where is it?
Without the weights or promotion criterion. You’re kind of stupid, aren’t you?
Without the weights or promotion criterion.
Oh so you’ve seen the weights and promotion criterion and know what musk is changing and when? Cause if you don’t, you’re just spreading conspiracy theories.
Thanks for the rule breaking insult though.
I prefer to judge people by their actions, not by the bullshit they spew. If you really think he champions free speech you are not at all paying attention to his actions.
Elon Musk says he champions free speech. He does not.
deleted by creator
Lmfao, 4 digit password? That’s like 1 femtosecond to bruteforce given whoever tries to access your messages isn’t rate-limited *ahem, feds*
That’s a 4 digits password behind your account password and 2FA lol.
I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn’t of any help here given it’s kinda random with shared seed). I, however, doubt it’s done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn’t be stored in plaintext after you’ve entered it), and, secondly, that’ll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.
Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter’s servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.
They specifically say they can not decrypt your messages.
Why does everyone in here think that E2E encryption is some insanely hard new thing? It’s been “solved” for years lol. It’s not hard to do.
Because cryptography is hard, especially when you’re trying to do it in a user-friendly manner, with syncing encrypted conversations between devices and whatnot. Like, it’s kinda the whole reason why the classic reply to “how do I make my own encryption algorithm” is “don’t”.
Also, with proprietary platforms you can’t make sure stuff’s encrypted the way they say it is
Like every news from X I’ll pretend I did nazi it
Platform from a whiny, fascist asshole for whiny, fascist assholes. Not that everyone on that platform is one, some might just have a high tolerance for bs
Sure as hell wouldn’t trust it unless they publish their trust system docs and verification tools.
With recent advances, there is nothing released online that can be believed. A. I fakes are everywhere and in everything
So I wouldn’t trust them even then.
Untrue. Many Zero-Trust platforms out there that give you the tools to confirm when you are in fact e2e encrypted. They publish their docs, open source their tools, and give verification tools to check.
Anything, even your tools can be faked. Anything. You may not like it, and for the most part most mundane data isn’t worth faking, but there’s no real way to trust any online anymore
There wasn’t any in the first place, fundamentally.
Fair enough
Riiiight. First time I’m hearing of network traffic being faked. You must be blowing the lid off of something HUGE here 😂
You’re not as smart as you think.
everything can be spoofed. Hell your comment could be.
Network traffic is faked all the time
Hell that article is a year old, so your info is a bit dated.
You have a good evening
I’m confused about this conversation. Are you the idiot here, or do you think I am?
Your AI generated article doesn’t have any actual information, doesn’t deal with MITM attacks, and has zero context about how anything it mentions could be used to attack what we’re discussing here.
Unless you have a quantum responder in the chain, there isn’t a currently known way to fake an exchange of keys to infiltrate secure channels secured by keys.
Not only would this destroy the currently existing Internet, you’d be seeing floods of information exfilateates for sale on the black market.
Not only have you not contributed to this conversation, you’ve proven to be absolutely ignorant about the topic, and you are awarded no points.
God have mercy on your soul.
Youngster, your not an idiot.
You just proved my point
See you don’t agree with an article. You think it’s a. I generated. Fine
Prove it beyond a shadow of a doubt. You can’t. …
Your simply not looking at it from a vriepoirnt of having watched this outcome be developed intentionally by controlling men
It is what it is. No amount of name calling, or wishful thinking on your part. Will change that.
You are making statements that unfortunately have been proven incorrect in the real world.
It’s faked all the time because THERES MONRY IN IT.
If there’s money in it, it is happening. No amount of pretending that a quantum computer( Which isn’t available so is a non factor in reality, so I’ll ignore the irrelevant argument. ) is the only way to fake traffic.
And on to your argument. You’ve proven nothing. Your comment has nothing of substance in it, and what is was Trumpian in focus and meaning.
I truly wish you a good day. I’m too tired of overly confident tech bros to continue this.
Even then, lots of other options…
I don’t think I’m going to trust them. Besides 4 digit pass is very easy to crack.
You don’t just log in to their new chat with a 4 digit pass key lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be “hacked” in order to even get to the 4 digit password.
I was thinking about X employees accessing the chat…
Someones afraid of their dealer getting caught…
