Apps
Twitter’s encrypted DM feature is a mess, and you shouldn’t trust it
A Twitter employee claimed they Twitter’s encrypted DM feature is safe. But, people on the inside say there tell a different story.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Twitter recently launched a new feature for Twitter Blue users: encrypted DMs. But it is still far from being a refined product, which Twitter CEO Elon Musk and the company fully admit.
An official quote from Twitter states:
Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone – for example, a malicious insider, or Twitter itself as a result of a compulsory legal process – were to compromise an encrypted conversation, neither the sender or receiver would know.
Public and private keys are required to access encrypted messages, like Twitter’s encrypted DMs. Unfortunately, this method isn’t perfect, and people have discovered vulnerabilities like man-in-the-middle attacks.
A man-in-the-middle attack (MITM) is a cyberattack in which attackers secretly relay and possibly alter the communications between two parties. These people believe they are directly communicating with each other. However, the attacker is still able to read the contact.
Imagine you and your friend are talking on walkie-talkies, but a hacker in the middle listens to everything you both say. This person pretends to be you when talking to your friend and pretends to be your friend when talking to you. You both think you’re talking directly to each other, but the hacker controls the whole conversation. That’s what a MITM attack is like
Security researcher Matthew Garrett recommends that users use WhatsApp or Signal instead. This is the man who discussed these security issues with Christopher Stanley, a lead security engineer for Twitter.
Twitter was supposed to have the feature audited by a security firm, and even though one of its employees said it was tested, sources claim Twitter never signed a contract, which leads most to believe the test never happened.
Yea, it’s an absolute mess, we know.
According to Platformer, sources within Twitter stated that layoffs were why the audit never took place. Twitter and the security firm still have yet to comment on the situation.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Elon Musk teases a new Twitter CEO, what is he hiding?
- Airlines abandon Twitter customer service amid high API fees
- What is Bluesky? And does it have the potential to be a Twitter killer?
- Elon Musk & Twitter: a definitive timeline