Twitter Launches Not-Actually-Encrypted Encrypted DMs

For many months now, Elon has been promising encrypted DMs. And, indeed, we’ve pointed out that he’s absolutely correct that this is an important feature, and one that social media services should offer. The fact that he’s brought it up a bunch and it seemed to be a priority was definitely a good thing, and for all the criticism we’ve leveled at Musk for his decisions at Twitter, I was still hopeful that he’d do at least this one good thing.

But, here’s the thing: doing encryption right is hard. It’s very, very easy to mess up. And if you mess up, you don’t really have encryption, you have something potentially worse: you have users who think their messaging is safer than it really is. There’s a reason that Meta, which owns WhatsApp, which already uses Signal’s end-to-end encryption technology, has taken years in trying to figure out how to add end-to-end encryption to its other messaging products. It’s not because they don’t care. It’s because getting it right is ridiculously difficult, and it’s not something you rush out in a couple months.

So, anyway, this week, Elon released the first version of his “encrypted’ DMs, which he’s been teasing for a few weeks now. And, because people falsely accuse me of being unfair to Elon, I’ll start with a bit of praise? I appreciate that the announcement basically tells you just how insecure these “encrypted” DMs are, which is to say they basically admit that they’re not actually encrypted, and they’re certainly not end-to-end encrypted. They’re… sort of pseudo encrypted. Obfuscated, perhaps.

Because here’s the thing: true encryption means you’re able to stop a man in the middle attack. And Twitter flat out admits its “encryption” can’t do that:

Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process–were to compromise an encrypted conversation, neither the sender or receiver would know. We are, however, working on mechanisms for a future release that will:

Points for honesty, I guess?

You almost feel like the blog post announcement is a cry for help from the team of engineers who built this, as it practically screams out “Elon demanded we get this done, and look, this was the best we could do in the period of time he gave us.” I mean, this is a kinda odd thing to see in a product announcement like this:

As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it.

This reads as: “Elon told us he wanted end-to-end encryption, and it had to be released by this date, and we explained that that was impossible, but he demanded we ship something, so we hacked together this thing, which is the best we can do, but it’s not really encrypted.”

Again, though, Twitter could have misrepresented all this and still claimed it was end-to-end encrypted. They… don’t. really. They do call it encrypted. They don’t call it end-to-end encryption. And they’re public about the limitations on it. If they had gone the other direction, I’d imagine they’d be facing a Zoom-like situation, including another fine and FTC consent decree for misrepresenting the security of their encryption.

On top of that, from the explanation given, it does seem like this new way of DMing is at least somewhat more secure than existing DMs, but it’s still subject to very real risks. They’re also launching it for only Twitter Blue subscribers, so you can only use it between two Blue subscribers who want to communicate back and forth with each other in an “only-kinda-encrypted” manner.

Given that you can use Signal or WhatsApp for free, and get real encryption that is more tested and proven, it’s unclear why anyone would bother with Twitter’s offering.

I do still hope that this truly is just a “first step” and this release was simply an attempt to take a public step in the direction of actually encrypted DMs, but released early to appease their mercurial boss.

It would still be a good thing for Elon to implement end-to-end encryption of DMs. But this is not that.