Twitter’s new encrypted message feature criticized by security and privacy experts



Washington
CNN
 — 

Privacy and security experts widely panned a new feature that Twitter unveiled Wednesday that encrypts some direct messages between users, raising questions about the future of user safety on the platform.

Twitter’s early efforts at securing direct messages with encryption appear to be riddled with caveats, flaws and risks that may endanger users, the experts said after the company rolled out its initial release.

With the first iteration of the feature, only users who are paying subscribers to Twitter Blue or whose organizations have paid to be verified with the company may use encrypted messages.

In addition, encrypted messages may only be sent between two individuals, not groups. Encrypting images, video and other media is not supported. Both participants must either have exchanged direct messages in the past, or the recipient of an encrypted message must already follow the sender.

Perhaps most crucially, Twitter acknowledged that even with the encryption feature enabled, the company itself, and other third parties, can still potentially access user messages.

“I’m trying to be positive about Twitter deploying encrypted DMs even though there are so many things about this system that make it feel like a v0.1 release, or are just obnoxious,” said Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, in a tweet.

Twitter’s former chief information security officer, Lea Kissner, publicly pleaded with Twitter’s current engineering team to improve the feature quickly.

“Twitter folks, seriously. I left some design docs somewhere. Please use them,” Kissner said on Bluesky, a rival platform.

Twitter has described encrypted messaging as key to the company’s future of becoming “the most trusted platform on the internet.” But the rollout provides another example of how, under CEO Elon Musk, Twitter has forged ahead with significant changes to the platform over the warnings of independent researchers about potential unintended consequences…

Source…