Twitter Rolls Out Encrypted Direct Messages for Verified Accounts

After months of anticipation, Twitter has introduced encrypted direct messages (DMs) to its platform. Elon Musk, the company's chief executive, first confirmed plans for the feature in November 2022. The new encrypted chats will appear separately in users' inboxes, alongside non-encrypted conversations, and will be marked with a padlock icon to indicate their secure nature.

The decision to offer encrypted DMs is a response to growing concerns over privacy and security in online communications. Enforcing end-to-end encryption ensures that solely the people in the conversation can view the contents, offering an extra safeguard against cybercriminals and monitoring snoops.

For now, the feature is opt-in only and exclusively available to verified accounts or affiliates of verified organizations. Twitter's decision to initially limit the availability of encrypted DMs aims to test the functionality and gather user feedback before expanding to a broader audience.

To exchange encrypted messages, a few conditions must be met. The recipient must follow the sender, have engaged in prior communication with the sender, or have accepted a direct message invitation from the sender at an earlier moment.

The sender and recipient must also use the most recent versions of the Twitter apps on Android, iOS, and desktop web platforms to ensure proper encryption.

While the specific encryption method employed by Twitter remains undisclosed, the company has said that it uses a "combination of strong cryptographic schemes" to protect users' messages, links, and reactions within the encrypted DMs.

Users should note that the new encryption feature has a few particularities. For example, in its current state, it doesn’t support encrypted group messages, nor can it encrypt file attachments. Furthermore, users can only register up to 10 devices to use the message encryption feature, and logging out from Twitter will wipe all messages from the device.

“Currently, we do not offer protections against man-in-the-middle attacks,” Twitter’s announcement reads. “As a result, if someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process–were to compromise an encrypted conversation, neither the sender or receiver would know.”

The announcement also mentions the feature’s lack of forward secrecy, stating that “if the private key of a registered device was compromised, an attacker would be able to decrypt all of the encrypted messages that were sent and received by that device. In other words, this implementation is not ‘forward secure’.”

Critics argue that the restriction of encrypted DMs to only verified accounts might exclude much of the platform's user base from this critical privacy tool. Twitter says it plans to monitor the performance of the feature and gather user feedback before considering a wider rollout.

As concern over online privacy mounts worldwide, Twitter's introduction of encrypted DMs demonstrates a commitment to protecting its users' communication. A favorable outcome of the preliminary launch may influence the decision to extend the availability of this feature to the broader Twitter user base.