Twitter has released a new secure messaging feature that encrypts your data and prevents your messages from being seen by prying eyes. However, it’s not secure.
To start, it lacks a lot of functionality you’d expect from a massive social media app. The messaging only works between individuals, not groups and it only encrypts text, not videos or pictures.
Normally, end-to-end encryption (the standard for apps with this feature) prevents anyone, even the company itself, from being able to read your messages. It encrypts each message, making it only accessible with a private decryption key. Twitter, on the other hand, is vulnerable to “man-in-the-middle” attacks, since it doesn’t use this encryption method to hide your messages.
What this means, is that Twitter or any threat actor could potentially listen to your conversations, read your messages, and even modify the ones you’ve sent previously.
Another security feature it’s lacking is forward secrecy, which prevents people who are actually able to get your private key from being able to read prior messages. Without forward secrecy, anyone, including Twitter, who has your private key can read every message you send.
Twitter went on to say that it doesn’t plan on adding this feature, either. Its reasoning is that because users want to be able to read prior messages stored on their Cloud software, Twitter doesn’t intend on adding a feature that removes prior messages — even at the cost of security.
Other minute details, like the inability to report encrypted messages for harassment, stack onto its major issues to create not-so-secure messages.
Overall, the foray into encryption simply doesn’t cut the mustard for what a security minded-person wants in secure messaging. This includes Elon Musk, who even gave a warning to his followers.
“Try it, but don’t trust it yet,” he posted on Twitter.