Elon Musk’s long-promised launch of encrypted direct messages on Twitter has arrived. Like most attempts to add end-to-end encryption to a massive existing platform—never an easy proposition—there’s good, bad, and ugly. The good: Twitter has added an optional layer of security for a small subset of its users that has never existed in Twitter’s 16-plus years online. As for the bad and ugly: Well, that list is quite a lot longer.
Yesterday night, Twitter announced the release of encrypted direct messages, a feature that Musk had assured users was coming from his very first days running the company. To Twitter’s credit, it accompanied the new feature with an article on its help center breaking down the new feature’s strengths and weaknesses with unusual transparency. And as the article points out, there are plenty of weaknesses.
In fact, the company appears to have stopped short of calling the feature “end-to-end” encrypted, the term that would mean only users on the two ends of conversations can read messages, rather than hackers, government agencies that can eavesdrop on those messages, or even Twitter itself.
“As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages,” the help desk page reads. “We’re not quite there yet, but we’re working on it.”
In fact, the description of Twitter’s encrypted messaging feature that follows that initial caveat seems almost like a laundry list of the most serious flaws in every existing end-to-end encrypted messaging app, now all combined into one product—along with a few extra flaws that are all its own.
The encryption feature is opt-in, for instance, not turned on by default, a decision for which Facebook Messenger has received criticism. It explicitly doesn’t prevent “man-in-the-middle” attacks that would allow Twitter to invisibly spoof users’ identities and intercept messages, long considered the most serious flaw in Apple’s iMessage encryption. It doesn’t have the “perfect forward secrecy” feature that makes spying on users harder even after a device is temporarily compromised. It doesn’t allow for group messaging or even sending photos or videos. And perhaps most seriously, it currently restricts this subpar encrypted messaging system to only the verified users messaging each other—most of whom must pay $8 a month—vastly limiting the network that might use it.
“This clearly is not better than Signal or WhatsApp or anything that uses the Signal Protocol, in terms of features, in terms of security,” says Matthew Green, a professor of computer science at Johns Hopkins University who focuses on cryptography, referring to the Signal Messenger app that’s widely considered the modern standard in end-to-end encrypted calling and texting. Signal’s encryption protocol is also used in both WhatsApp’s encrypted-by-default communications and Facebook Messenger’s opt-in encryption feature known as Secret Conversations. (Both Signal and WhatsApp are free, compared to the $8 per month for a Twitter Blue subscription that includes verification.) “You should use those things instead if you really care about security,” Green says. “And they’ll be easier because you won’t have to pay $8 a month.”