Twitter‘s long-promised encrypted messaging feature is finally here. The initial version of the feature is very much bare-bones, but the company is just getting started. Future updates should address the limitations of DM (direct messages) encryption on Twitter. Elon Musk previously said that the plan is to make encryption strong enough that he couldn’t see your messages even if someone puts a gun to his head.
Twitter rolls out encrypted messaging with several major limitations
For starters, encrypted messaging on Twitter is currently only available for verified users, including Twitter Blue subscribers and accounts affiliated with a verified organization. Both the sender and receiver need to be verified for conversations between them to be encrypted. Additionally, the feature will only work if the recipient follows the sender or has sent a message to the sender previously, or has accepted a DM request from the sender before. Both parties need the latest version of the Twitter app as well or should be using the web client.
On top of limited availability, encryption doesn’t appear to be enabled by default for eligible users either. Twitter says that you’ll have to manually flip the “encrypted messaging” toggle on top of the screen before starting a new conversation. All subsequent messages to eligible recipients should be encrypted, which is indicated by a “lock icon” on the avatar of the recipient. An option to “start an encrypted message” is also available on the conversation info page. You can access this page by tapping the information icon on the top-right corner of any conversation on Twitter.
Twitter’s DM encryption currently doesn’t work in group chats. It also doesn’t support any media (photos, videos) and attachments. Only text messages, message reactions, and links are encrypted. You cannot send via an encrypted conversation. Moreover, Twitter doesn’t encrypt message metadata either. So details like the recipient and creation time of a message are still not secure. The company does plan to expand encryption to cover group chats and other message details in the future, though.
Encrypted messages don’t sync across multiple devices
Another major limitation is that you cannot continue an encrypted conversation on a new device. If you log in to the same Twitter account on a new device or reinstall the app on the same device, your existing encrypted messages won’t sync with it. You’ll have to start again. You can send encrypted messages from the same account through a total of ten devices. Once you have registered ten devices, encryption won’t work for you on a new device. You cannot remove a registered device to add a new one either.
Twitter also notes that it currently doesn’t offer “protections against man-in-the-middle attacks”. That essentially means it’s still possible for a third person to see encrypted messages between two Twitter users. This includes the company itself. Neither the sender nor receiver would know if someone accessed their messages in the middle. Other limitations include the lack of forward secrecy, key transparency, and message reporting in encrypted conversations. Hopefully, Twitter will patch these limitations sooner than later.