\nTwitter launches encrypted DMs for verified users with security drawbacks<\/br>
\n2023-05-11 22:21:29<\/br><\/p>\n
After talking about it for months<\/a>, Twitter has finally released<\/a> its first version of encrypted DMs \u2014 but there are a few limitations. Currently, this feature is only available to verified users (such as Blue subscribers) or accounts associated with verified organizations. Additionally, the encryption feature isn\u2019t compatible with group messages and Twitter doesn\u2019t offer protection against man-in-the-middle attacks.<\/p>\n Twitter said that while encryption works across platforms, the recipient has to follow the sender to enable it. Alternatively, encryption can be enabled if a user has chatted with the sender before, or accepted their DM request. If users are eligible for an encrypted conversation, the sender will get an option to turn on encryption through a toggle on the new chat screen.<\/p>\n Image Credits:<\/strong> Twitter<\/p>\n<\/div>\n To turn on encryption for an existing conversation, you can tap on the information icon in the corner of the conversation screen and tap on the option that says \u201cStart an encrypted message.\u201d Encrypted conversations will look different from normal conversations, as Twitter places a lock badge on the recipient\u2019s profile picture. In the conversation itself, the company will show a \u201cMessages are encrypted\u201d banner at the top.<\/p>\n Image Credits:<\/strong> Twitter<\/p>\n<\/div>\n The social network makes it clear in its blog post<\/a> that there are several limitations to this implementation. On the conversational level, Twitter just supports encryption for one-to-one messages with text and links. Twitter said that media is currently not supported in encrypted conversations.<\/p>\n Additionally, people can\u2019t use a new device to join an existing encrypted conversation. So you either have to use the same device with which you initiated an encrypted conversation or start a new conversation when you get a new device. Users can only use 10 devices in total to use the encryption feature, and there is no way to deregister a device to make room for a new one.<\/p>\n Notably, Twitter considers reinstalling the app as registering a new device. Twitter doesn\u2019t offer a key backup option, which means that all your encrypted messages on that device will be wiped out if you log out of the account.<\/p>\n But the complex part is that Twitter doesn\u2019t delete private keys from the device on logout \u2014 only messages. Users will be able to fetch existing conversations if they log in again from the same device. The company cautioned that people shouldn\u2019t use the encryption feature on shared devices because of this limitation. This could change when Twitter starts offering a key backup option.<\/p>\n There are plenty of doubts about the feature\u2019s security offering, too. It\u2019s not clear what cryptographic standard Twitter is using for this feature. The company just said it is deploying \u201ca combination of strong cryptographic schemes\u201d in its blog post<\/a> talking about the encryption feature.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/techcrunch.com\/wp-content\/uploads\/2023\/05\/phone-new-message.jpg.twimg_.1920.jpg?resize=337%2C680&ssl=1\")
<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/techcrunch.com\/wp-content\/uploads\/2023\/05\/phone-dm-encrypted.jpg.twimg_.1920.jpg?resize=680%2C680&ssl=1\")
<\/p>\n