Connect with us

Apps

Twitter’s encrypted DM feature is a mess, and you shouldn’t trust it

A Twitter employee claimed they Twitter’s encrypted DM feature is safe. But, people on the inside say there tell a different story.

twitter logo on dark background with tweets

Twitter recently launched a new feature for Twitter Blue users: encrypted DMs. But it is still far from being a refined product, which Twitter CEO Elon Musk and the company fully admit.

An official quote from Twitter states:

Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone – for example, a malicious insider, or Twitter itself as a result of a compulsory legal process – were to compromise an encrypted conversation, neither the sender or receiver would know.

Public and private keys are required to access encrypted messages, like Twitter’s encrypted DMs. Unfortunately, this method isn’t perfect, and people have discovered vulnerabilities like man-in-the-middle attacks.

A man-in-the-middle attack (MITM) is a cyberattack in which attackers secretly relay and possibly alter the communications between two parties. These people believe they are directly communicating with each other. However, the attacker is still able to read the contact.

Man-in-the-middle (MITM) example

Imagine you and your friend are talking on walkie-talkies, but a hacker in the middle listens to everything you both say. This person pretends to be you when talking to your friend and pretends to be your friend when talking to you. You both think you’re talking directly to each other, but the hacker controls the whole conversation. That’s what a MITM attack is like

Security researcher Matthew Garrett recommends that users use WhatsApp or Signal instead. This is the man who discussed these security issues with Christopher Stanley, a lead security engineer for Twitter.

Twitter was supposed to have the feature audited by a security firm, and even though one of its employees said it was tested, sources claim Twitter never signed a contract, which leads most to believe the test never happened.

Yea, it’s an absolute mess, we know.

According to Platformer, sources within Twitter stated that layoffs were why the audit never took place. Twitter and the security firm still have yet to comment on the situation.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

I have experience writing in-depth reviews of tech products, with a focus on market trends and analysis. I am skilled at explaining complex concepts in a clear and concise way, and I enjoy writing.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Apps