Twitter on Thursday announced the launch of its encrypted DMs feature, which is aimed at securing messages on the platform. While this is Twitter’s first move in its goal of supporting end-to-end encrypted messages on the service, the company has warned that the current implementation has multiple limitations. Only verified users can start encrypted chats, while Twitter doesn’t currently support encrypted group messages on the app. There’s also a limit on the number of devices that will have access to encrypted conversations, according to the company.
The company explained in a blog post that the new encryption feature for direct messages, or DMs, is supported on the latest versions of Twitter for iOS, Android, and the Web. However, both users will need to be verified, either as a Twitter Blue subscriber, or as a member of a verified organisation on Twitter. Even if these two criteria are met, the recipient must follow the sender of the message or have already sent them a message in the past — they can also accept the sender’s DM request.
After meeting the above requirements, the sender will see a toggle with a lock icon after clicking on the new message floating action button. This will open a chat with an eligible recipient and encrypted chats will be denoted by a lock icon on the recipient’s profile picture.
However, unlike messaging services like Signal and WhatsApp there are currently several limitations to Twitter’s encrypted DMs feature. Twitter hasn’t disclosed what cryptographic scheme it has used to encrypt messages. As of now, groups aren’t supported, so you can only send messages to one recipient. Only text and links will be encrypted, which means that media, reactions, and all chat metadata is not encrypted.
Twitter also says that there is currently no way to verify the integrity of a conversation, which means that Twitter or a malicious third party could compromise an encrypted conversation and users would not be alerted. The company says that it is working on implementing signature checks and “safety numbers” (features implemented by apps like Signal and WhatsApp) to easily allow users to verify the integrity of their chats.
Early version of encrypted direct messages just launched.
Try it, but don’t trust it yet.
— Elon Musk (@elonmusk) May 11, 2023
Meanwhile, Twitter will only let you sign in to a maximum of ten devices to access encrypted DMs. You cannot see a list of registered devices, or de-register a device you no longer have access to. New devices will not have access to existing encrypted conversations.
Logging out of a device will delete all your encrypted chats, according to Twitter, and in the absence of a key backup feature, there is currently no way to retrieve those chats except logging in to the same device. The company also says that users won’t be able to report encrypted messages to Twitter, but suggests that they can block a user from sending them DMs and report the account instead.