Twitter is beginning to its long-promised encrypted direct messaging feature. However, the initial rollout comes with some major limitations that could make it less than ideal for privacy-conscious Twitter users.
Of note, the feature is currently only available to verified Twitter users, which includes Twitter Blue subscribers and those part of a “Verified Organization.” It’s not clear if this is just for the early rollout or if encryption will be added to the growing list of exclusive features for users with a checkmark. For now, an encrypted chat requires both users to be verified, the company.
There are also some significant limitations to the feature itself. It doesn’t support group messages, or any kind of media other than links. The company also doesn’t allow users to report an encrypted message directly, advising on a help page that users should report accounts separately if they “encounter an issue with an encrypted conversation participant.”
Finally, the level of encryption appears to be less secure than what other apps offer. For one, message metadata is not encrypted. Furthermore, Twitter notes that “currently, we do not offer protections against man-in-the-middle attacks” and suggests that the company itself is still able to access encrypted DMs without the participants knowing. “If someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process—were to compromise an encrypted conversation, neither the sender or receiver would know,” the company explains on a help page. It added that it’s working on improvements that would make such exploits more “difficult.”
That’s particularly notable because it falls far short of the standard Twitter owner Elon Musk has described when expressing his desire to add encryption for Twitter DMs. He has said he wants it to be impossible for the company to access users’ encrypted messages even if “someone puts a gun to our heads.”
In a tweet, Twitter security engineer Christopher Stanley acknowledged the shortcoming. “We’re not quite there yet, but we’re working on it.”
For those who are verified and want to try out the feature anyway, encrypted messaging can be accessed via the info menu (that’s the same menu you use to block or report a conversation) within a particular DM. Once encryption is enabled, the encrypted messages will appear as a separate message thread with labels at the top of the chat to indicate that the conversation is encrypted.
This article originally appeared on Engadget at https://www.engadget.com/twitters-encrypted-dms-are-here–but-only-for-verified-users-234934842.html?src=rss