Twitter introduces encrypted direct messages. But are they really safe?

Twitter has announced the implementation of the feature encrypted direct messages (DMs)i.e. the possibility of send direct messages between users that are encrypted and are accessible only to the sender and recipient. The function had been anticipated in recent months by Elon Musk, announced as a feature that, unlike other messaging systems, actually protects the communications of platform users.

The function will be initially only available to “verified” users of the platform, i.e. paying users, or affiliates to a verified organization which uses the latest version of the app for iOS devices, Android, and the web version of the application.

At the moment Twitter did not reveal any technical details of the encryption algorithms that the new feature uses.

The process described uses a public/private key pair for each user as happens in all asymmetric encryption processes.

Recap, the Latest Version of Twitter Apps (iOS, Android, Web) generates a pair of private keys and public for each device. The public key is automatically recorded when a user logs into Twitter on a new device or browser; the private key is stored exclusively on the device. Importantly Twitter has no access to the private key in any wayas pointed out in a Tweet by Musk himself.

The platform also uses an additional “conversation” key which is used to encrypt the content of messages. For the exchange of the latter key between the participants in a conversation, the previously created key pairs are used. The sender of a message can encrypt this key in use for the conversation with the recipient’s public key so that only the recipient using his own private key associated with the used public key will be able to decrypt it.

Details of the algorithms in use were not provided, however the company has announced that it will publish a technical analysis of the encryption process later this year.

Twitter also intends to open-source its implementationa decision that aims to make its encryption process more secure thanks to public assessments that could result from it by the international community of experts.

“We use a combination of strong cryptographic schemes to encrypt every single message, link and reaction that is part of an encrypted conversation before they leave the sender’s device and remain encrypted while stored on Twitter’s infrastructure.” it is read in the’announcement posted by Twitter. “Once messages are received by recipient devices, they are decrypted so they can be read by the user.”

Sending and receiving encrypted messages will be really simple, but it will be possible only if the recipient follows the senderor has sent a message to the sender before, or has accepted a direct message request from the sender before.

Eligible users will see a switch will appear at the top right of your display after clicking on the message icon, by pressing on it you can enable the “encrypted message” mode. At this point, simply compose your message, select a suitable recipient and click Send.

Alternatively, users can send an encrypted message through the conversation settings page of an unencrypted conversation

• Access an unencrypted conversation from incoming messages
• Tap the info icon
• Select “Start an encrypted message”

In encrypted conversations, on the avatar of the user you are talking to comes A badge with a lock icon is displayed. The badged avatar is displayed in both the inbox and conversation views.

The conversation info page also displays the “Message is encrypted” label at the top of encrypted conversations.

It is all ready?

The answer is no, there are several features it is still under development. Below the limitations Current rates declared by Twitter for the new feature:

• encrypted messages can be sent only to a single recipient, group conversations are not yet supported.
• encryption of media files and other attachments is not yet supported.
• currently, new devices cannot join existing encrypted conversations.
• users can only register one maximum of 10 devices to use encrypted direct messages (DM).
• currently, the company offers no protection against man-in-the-middle attacks.
• by logging out of Twitter, all messages including encrypted messages on the user’s current device will be deleted.
• forward secrecy functionality is not yet supported, which means that if the private key of a registered device were to be compromised, an attacker would be able to decrypt all encrypted messages sent and received from that device.

Unfortunately, the limitations described above do not currently make the Twitter solution comparable to instant messaging solutions such as Signal, Wickr Me, or WhatsApp.

Also, the fact that the functionality is only available to a limited portion of users paying makes it limited for the huge audience of users of the platform.

To confirm my opinion, there is the opinion of the professor Matthew Green of Johns Hopkins University, recognized as one of the leading experts on the subject.

“This application is clearly no better than Signal or WhatsApp or any instant messaging software that uses the Signal protocol, in terms of functionality as well as in terms of security”, Green explained in an interview with Wired.

Green points out how the Signal’s encryption protocol is in fact the most secure and for this reason also used by other platforms, for example in WhatsApp’s default encrypted communications and in Facebook Messenger’s active encryption feature known as Secret Conversations. Furthermore, both Signal and WhatsApp are free, compared to $8 a month for a Twitter Blue subscription which includes verification.

“You should use these solutions instead [Signal] if you really care about security”, continues Green. “And they’ll be cheaper because you won’t have to pay $8 a month.”

“The upside is that it’s a first step [da parte di Twitter] and maybe it will be better in the future”.

It is likely that the limitations described above will be overcome in the future thanks to the adoption of the protocol at the base of Signal developed by the expert Moxie Marlinspike. In the past, Musk himself had made public appreciations right on the Signal app and had spoken directly with Marlinspike.

Many were therefore surprised by the limited version released by Twitter, still immature and certainly not comparable to market standards.

The absence of the forward secrecy function and the vulnerability to man-in-the-middle attacks excludes for the moment Twitter from the list of applications recommended for those looking for a secure communication platform. The MiTM vulnerability could allow an attacker, and potentially Twitter, to spoof user identities to intercept their messages.

“I’m a little baffled by the lack of functionality forward secrecy“, says Green. “This is a key feature of the Signal protocol.”

Twitter defends itself by arguing that it essentially couldn’t use that feature while preserving the ability to access DMs when the user uses on a new device. “We are not going to address this limitation“, reads the Twitter announcement. In short, a serious shortcoming to bear in mind!

“Seems to be a rushed implementation of a product that isn’t fully ready yet”, says Riana Pfefferkorn, a security researcher at the Stanford University Internet Observatory. The expert recalls how Zoom was penalized by the Federal Trade Commission in 2020 for claiming to offer “end-to-end” encryption when it didn’t, and that Twitter’s reluctance to use the term could be a sign that it doesn’t is sure that your system could meet the “end-to-end-encrypted” standard.

At this point we can’t wait for the future developments of the functionality, hoping that the current limitations are really overcome.