Twitter has introduced encrypted direct messages (DMs) to its platform after months of anticipation. The feature’s initial confirmation came from the company’s CEO, Elon Musk, in November 2022. The new encrypted chats will appear one by one in customers’ inboxes, along with non-encrypted messages, and could be marked with a padlock icon to signify their secure nature.
However, in his now-signature eccentric style, he followed the announcement up with advice to users, “Try it, but don’t trust it yet.”
Early version of encrypted direct messages just launched.
Try it, but don’t trust it yet.
— Elon Musk (@elonmusk) May 11, 2023
It’s important to take that the function is now only reachable to verified Twitter users, which includes Twitter Blue subscribers and anyone who is part of a “Verified organization.”
How does it function?
The most recent versions of the Twitter apps (for iOS, Android, and the web) produce a set of private and public key pairs, which are device-specific keys. When a user signs into Twitter on a new device or browser, the public key is instantly registered; the private key is always kept on the device and is never sent to Twitter.
The content of messages is encrypted using a per-conversation key in addition to the private-public key pairs. The message key is securely exchanged between participating devices using private-public key pairs.
Every message, link, and reaction that is part of an encrypted conversation is encrypted before it leaves the sender’s device and is kept encrypted while it is stored on Twitter’s infrastructure. Messages are decrypted so that the user can read them once they have been received by the recipient devices.
Who is allowed to send and receive messages that are encrypted?
- Both sender and recipient are on the latest Twitter apps (iOS, Android, Web);
- Both sender and recipient are verified users or affiliates of a verified organization; and
- The recipient follows the sender or has sent a message to the sender previously, or has accepted a Direct Message request from the sender before.
How to send encrypted messages?
A regular unencrypted message can be sent just like an encrypted message. When you click on the message icon, a toggle to enable “encrypted” mode will appear if you are qualified to send encrypted messages.
An encrypted message will be sent after choosing a qualified recipient, writing your message, and clicking Send.
“Encrypted conversations are visually differentiated from unencrypted conversations through a lock icon badge on the avatar of the user you are talking to. The badged avatar shows up in both the inbox and conversation views”, Twitter explains.
From the chat info page, you can also determine whether a conversation is encrypted. For discussions that are encrypted, the top of the conversation info page states, “Messages are encrypted.”
Limitations
Currently, only one recipient can receive encrypted messages. Twitter will shortly add group talks to this functionality.
Only text and links can be included in an encrypted message; media and other records are not yet supported. When users attempt to send media via an encrypted discussion, this action will not be done. Responses to communications that are encrypted are similarly encrypted. Also, while messages themselves are encrypted, metadata (recipient, advent time, and so forth.) aren’t, and nor is any related content (only links themselves, no longer any content they talk over with, is encrypted).
Current encrypted conversations cannot be joined by new devices. On new devices that you log into, existing encrypted conversations and the messages within them will be filtered away.
Reporting an encrypted message to Twitter is presently not feasible due to the conversation’s encryption. It is essential to emphasise that media cannot yet be transferred via direct encrypted messaging.
