Categories
security software Technology Reviews

Twitter source code reveals plans for end-to-end DM encryption


Researchers discovered interesting changes in Twitter’s source code, linking it to future plans

End-to-end encryption in DMs on TwitterHints on Twitter finally making DMs encrypted

End-to-end encryption direct messaging is finally coming to Twitter. The social media giant experimented “Secret Conversations” feature back in 2022, just to abandon the concept relatively quickly. Under the new ownership of Elon Musk, the end-to-end DM feature seems to be revitalized.

Independent researcher Jane Manchun Wong has observed that work appears to have resumed on the feature in the latest version of Twitter’s Android app based on changes to the code. She wrote on Twitter after discovering what she has:[1]

Twitter is bringing back end-to-end encrypted DMs Seeing signs of the feature being worked on in Twitter for Android

The Tweet was not unnoticed by Musk himself, and he swiftly replied with a smiley emoji – it is not difficult to make a conclusion that Wong is on the right track here.

The importance of E2EE on Twitter

Twitter is among the few popular social media apps which don’t use end-to-end encryption for its user messaging aspect, which makes it much less privacy-oriented. Apps like Signal, Telegram, or WhatsApp have been using it for years, and it is likely that Musk wants to attach users of these to switch to Twitter – or at least to use Twitter DMs more often than not.

Back in 2022, Twitter never explained why it abandoned the “Secret Conversations” project, and it went untouched for many years. In the meantime, it has been requested by users for years.

E2EE allows encryption of the message before it leaves one’s device, only for it to be decrypted once it reaches its destination. According to Wong, the “conversation key” is likely to mean that the encryption used would be symmetric, which indicates that the key used by both – sending and receiving parties – is the same.

The researcher provided more details:[2]

Early prototype of Twitter’s upcoming end-to-end encrypted DMs “Encryption keys” screen:

This number was generated from your encryption keys from this conversation. If it matches the number in the recipient’s phone, end-to-end encryption is guaranteed”

With the implemented E2EE in direct messaging on Twitter, users can feel more secure that nobody can access the information they have sent to the recipient, including internet service providers, cybercriminals, or even Twitter itself. This aspect has been highly requested by users for years, and it might finally come true. However, not everything is so simple.

Implementation might take some time

Twitter has been rapidly changing after Musk’s acquisition, with many users finding changes rather controversial – the infamous subscription for verification being one of the most debated topics on the platform since its owner announced a monthly charge of $8.[3]

While some projects can be implemented immediately, others can’t be rushed, and end-to-end encryption is one of those. It took meta almost six years to implement the E2EE in its Messaging app. The delays were attributed to various legal issues, such as child safety, as well as technical challenges, including so that their abuse report would continue to be operational.[4]

Besides the technical challenges that Twitter might face, bringing it out live could result in people and security advocates ion questioning how well the end-to-end encryption is actually implemented, especially when Elon Musk made a lot of previous Twitter staff redundant, including the chief information security officer Lea Kissner.

Despite these criticisms, Musk is positive about the changes made to the social media platform. His plan is to create a “super app” that can be used for multiple aspects of users’ daily life, including payments, entertainment, social networking, and more. Of course, security with E2EE adds to this goal, and hopefully, users can feel more security while using Twitter DMs.