Twitter's new encrypted DMs aren't better than the old ones (mjg59.dreamwidth.org)
215 points by tabletcorry a day ago
tptacek a day ago
I like everything Matthew Garrett writes but I can't resist being annoying about this:
Signal has had forward secrecy forever, right? The modern practice of secure messaging was established by OTR (Borisov and Goldberg), which practically introduced the notions of "perfect forward secrecy" and repudiability (as opposed to non-repudiability) in the messaging security model. Signal was an evolution both of those ideas and of the engineering realization of those ideas (better cryptography, better code, better packaging).
What's so galling about this state of affairs is that people are launching new messaging systems that take us backwards, not just to "pre-Signal" levels, but to pre-modern levels; like, to 2001.
nickpsecurity a day ago
Let's not forget three things from prior leaks:
1. Core Secrets said the FBI "compelled" companies to secretly backdoor their products. Another leak mentioned fines by FISA court that would kill a company. I dont know if you can be charged or not.
2. They paid the big companies tens of millions to $100+ million to backdoor their stuff. Historically, we know they can also pressure them about government contracts or export licenses. Between 1 and 2, it looks like a Pablo Escobar-like policy of "silver or lead."
3. In the Lavabit trial, the defendant said giving them the keys would destroy the business since the market would know all their conversations were in FBI's hands. The FBI said they could hide it, basically lying given Lavabit's advertising, which would prevent damage to the business. IIRC, the judge went for that argument. That implies the FBI and some courts tell crypto-using companies to give them access but lie to their users.
Just these three facts make me wonder how often crypto in big platforms is intentionally weak by governemnt demand or sloppy because they dont care. So, I consider all crypto use in a police state subverted at least for Five Eyes use. I'll change my mind once the Patriot Act, FISC, secret interpretations of law, etc are all revoked and violators get prosecuted.
tptacek a day ago
There is no such thing as "fines by FISA court". FISA doesn't hear adversarial cases and doesn't have statutory authority or even subject matter jurisdiction to enforce compliance on private actors. FISA is an authorizer for other government bodies, who then use ordinary Article III courts to enforce compliance. Other than the fact that they're staffed by Article III judges and not directly overseen by Article III courts, the FISA court functions like a magistrate court, not a normal court. So: I immediately distrust the source.
People are going to come back and say "well yeah that's just what they tell you about FISA court, but I bet FISA courts fine people all the time", but no, it's deeper than that: private actors aren't parties to FISA cases. It's best to think of them as exclusively resolving conflicts between government bodies.
voxic11 2 hours ago
nickpsecurity 15 hours ago
pessimizer 18 hours ago
The part nobody mentions about Crypto AG:
https://inteltoday.org/2020/02/15/crypto-ag-was-boris-hageli...
We've always done this.
numpad0 15 hours ago
And it's going to remain that way as long as people download apps written on PC through App Store.
remram 15 hours ago
On PC? What do you mean?
b0a04gl a day ago
if this's using ephemeral keys with no forward secrecy and no ledger of interactions, what part of it’s actually bitcoin style besides the name?
cobbal a day ago
It uses cryptography (a little-known and mostly-useless offshoot of Crypto)
anon7000 21 hours ago
Plus, one of the simplest forms of cryptography is a basic SHA, so the words is practically meaningless without more details
masklinn a day ago
Having no actual use?
jeroenhd a day ago
Bitcoin is great for prospecting, laundering money across borders, and scamming gullible people. It's also easier to hide a stash of stolen bitcoins from the authorities for after you get released from jail than it is to hide a stash of actual money. Bitcoin is certainly no alternative to actual money but it's not entirely useless.
I think these Twitter DMs only does the scamming the gullible part, as you need to pay to use the feature and this is scamming people into thinking they're paying for secure messaging.
8note 14 hours ago
unstablediffusi a day ago
pureagave a day ago
shiandow a day ago
Bitcoin isn't a secure communication channel either?
hoppp 8 hours ago
Its all out in the public....
mjg59 a day ago
Key derivation from a PIN? Although that's an implementation detail of the key backup rather than anything inherent in the actual messaging so who knows.
deciduously a day ago
They use a hash function.
gizmo686 a day ago
He didn't say it was Bitcoin style, just that it used "(Bitcoin style) encryption".
I was going to point out that Bitcoin does not use encryption; but technically I think it's signature algorithm (ecdsa) can be thought of as a hashing step, followed by a public-key based encryption step.
So, in the most charitable reading, it using ecliptic curve asymmetric encryption. Presumably for the purpose of exchanging a symmetric key, as asymmetric encryption is very slow. In other words, what basically everything written this decade does. Older stuff would use non EC algorithms, that are still totally fine, but need larger keys and would be vulnerable to quantum computers is those ever become big enough.
SAI_Peregrinus a day ago
> but technically I think it's signature algorithm (ecdsa) can be thought of as a hashing step, followed by a public-key based encryption step.
It really can't. If you're extremely drunk you can think of it as similar to hashing followed by a public-key based decryption step (signing uses the private key, as does decryption) but that's about as good an analogy as calling a tractor-trailer a container ship because both haul cargo. The actual elliptic-curve part of the operation isn't encryption or decryption, and thinking of it as such will lead to error.
RSA does have a simpler correspondence in that the fundamental modular multiplication operation is shared between decryption and signing (or between encryption and verification). But modular multiplication alone isn't secure, it's the "padding" that turns modular multiplication with a particularly-chosen modulus from some basic math into a secure encryption/signature system. And the padding differs, and the correspondence doesn't hold in real systems. RSA without padding is just sparkling multiplication.
varjag a day ago
I was going to point out that Bitcoin does not use encryption
Yeah Musk as not very technical person would hardly know the difference.
brobinson a day ago
Bitcoin does use encryption for messaging, but I don't know if this is what Musk was referencing: https://bitcoinops.org/en/topics/v2-p2p-transport/
ChrisArchitect a day ago
Earlier discussion:
X's new "encrypted" XChat feature doesn't seem to be any more secure
consumer451 a day ago
Thanks. The top comment there gets pretty technical and ends with:
> ... As noted in the help doc, this isn't forward secure, so the moment they have the key they can decrypt everything. This is so far from being a meaningful e2ee platform it's ridiculous.
jeroenhd a day ago
The top comment is written by the person who wrote the blog post this thread is discussing.
consumer451 a day ago
michaelg7x a day ago
Username matches the current URL
undefined a day ago
zzo38computer 21 hours ago
It would be better to use separate software for encryption, and to get the public keys by meeting with them in place.
undefined a day ago
LAC-Tech 17 hours ago
Question: I plan to visit Peking soon, can I use Twitter there without a VPN? Thanks.
dongcarl 17 hours ago
Some roaming SIM cards aren't restricted by the Great Firewall, but in general, yes you'd need a VPN.
cyberax 16 hours ago
ALL roaming SIMs aren't restricted unless the home telecom company cooperates. The roaming traffic passes over a global MPLS network to the home mobile network, so it's not restricted by the national firewalls.
fewdaysto2025 15 hours ago
[dead]
diggan a day ago
> All new XChat is rolling out with encryption [...] This is built on Rust with (Bitcoin style) encryption
What does "Bitcoin style encryption" mean? Isn't Bitcoin mostly relying on cryptographic signatures rather than "encryption" as we commonly know it?
paxys a day ago
It doesn't mean anything, just sounds cool to people who don't know the tech well enough. Same reason why your HDMI cable is "gold plated for 10x speed!"
jsheard a day ago
Gold plating electrical contacts does at least do something useful though, it helps to prevent oxidization/corrosion. A better analogy would be gold plated TOSLINK cables, which unfortunately do exist.
kees99 a day ago
seanhunter a day ago
I can tell you're no connoisseur. Gold-plating a digital connector like HDMI makes sure the zeros are really round and the ones are really pointy. If you have the right setup you can definitely tell the difference.
thewarpaint a day ago
The source of that comment is provably not someone with deep technical expertise so take that with a grain of salt.
arealaccount 18 hours ago
Its there because he knows it’s going to trigger people and will get more attention
killdozer 16 hours ago
It's explained in this video https://www.youtube.com/watch?v=sJNK4VKeoBM
77pt77 a day ago
It's just a buzzword meant to add perceived value.
nicce a day ago
For me it feels like that after sending messages over 5 years, you need 1TB storage just for the Twitter app.
londons_explore a day ago
e2e encryption is easy if everyone knows public keys for everyone else. This is how GPG works for example.
However, the challenge is distributing those keys in a trustworthy way - because if someone can tamper with the keys during distribution, they can MITM any connection.
I assume this "bitcoin style" encryption is a blockchain or blocktree of every users public key now and throughout history. Ship the tree root hash inside the client app, and then every user can verify that their own entry in the tree is correct, and any user can use the same verified tree to fetch a private key for any other user.
kstrauser a day ago
I’m not sure you appreciate how large that data structure would be if you had to ship it inside the app.
CodesInChaos a day ago
londons_explore a day ago
JustFinishedBSG a day ago
viraptor a day ago
We pretty much know this can't be practically done in a distributed way. Even the public federated stores for gpg keys have been flooded so much they stopped being usable.
undefined a day ago
yndoendo a day ago
Would the real XChat be able to sue X-Twitter for name infringement?
pityJuke a day ago
Man, I remember being an IRC regular during the transition from XChat to HexChat. Now I learn HexChat is also dead :( [0]
nadermx a day ago
Maybe? XChat would have to show an established market in commerce in each market that x is infringing that they have an established commercial precense in. Also it's harder if xchat doesn't have a trademark in each of those regions.
remram 15 hours ago
No, they would have to show an established market in commerce in ONE market that X is infringing.
undefined a day ago
undefined a day ago
pityJuke a day ago
I do find it funny that the library Twitter is using (according to TFA anyway) self-describes itself as:
> Caution
> Experimental library!
and
> While this library is just a wrapper around the well known Libsodium library it still comes with high potential of introducing new attack surfaces, bugs and other issues and you shouldn't use it in production until it has been reviewed by community.
[0]: https://github.com/ionspin/kotlin-multiplatform-libsodium
lifeinthevoid a day ago
Move fast and break encryption.
undefined a day ago
pier25 a day ago
The Twitter brand is so strong it survives even after a rebrand.
ashleyn a day ago
The footnote elaborates on why the author used the old name.
jhardy54 a day ago
> I'll respect their name change once Elon respects his daughter
Marsymars a day ago
romaaeterna a day ago
Given that Signal is pushing new code updates all the time, isn't it trivial for them to push new binaries that harvest messages/keys/whatever-they-want?
paxys a day ago
Their client is open source and is routinely audited. Their Android builds are fully reproducible. You can also build and run the app yourself if you want instead of downloading it from the app stores. It is virtually impossible for them to ship a backdoor, at least on Android, without the security community noticing.
romaaeterna a day ago
What exactly prevents them from doing a Windows build with an non-published change, signing it with the keys they control, and pushing it to an individual client through the upgrade servers which they control?
undefined a day ago
tabletcorry a day ago
dingaling a day ago
There is a window of vulnerability between a theoretically malicious update being pushed and the security community noticing that it doesn't correspond to a build of the published source. That might only be a few hours, or even minutes - but milliseconds would be enough to do most of its work.
jzb 21 hours ago
romaaeterna 21 hours ago
paxys a day ago
perching_aix 21 hours ago
e44858 a day ago
How easy would it be for them to ship a backdoor on iOS? With Apple's DRM it should be difficult to decrypt the IPA and compare it to the source code.
maqp a day ago
paxys 21 hours ago
VWWHFSfQ a day ago
> It is virtually impossible for them to ship a backdoor [..] without the security community noticing.
OpenSSH was trivially backdoor'd [1] and distributed in several major distributions and the security community _did not_ notice until after it was already wild.
[1] https://www.ssh.com/blog/a-recap-of-the-openssh-and-xz-liblz...
qualeed a day ago
xmodem a day ago
yifanl a day ago
Sure. If you don't trust Signal to not do that, then you likely aren't using Signal.
thrance a day ago
Signal is open-source [1]. You can compile the code yourself and review each PR if you're that paranoid.
Pesthuf a day ago
Looks like the build is even reproducible. That makes me trust Signal even more.
https://github.com/signalapp/Signal-Android/blob/main/reprod...
JustFinishedBSG a day ago
Yes but an app that never pushes update can also do that
regularjack 21 hours ago
Which one do you trust more?
undefined a day ago
baby a day ago
At this point i don't care if it's encrypted, just make it better.
dehrmann a day ago
I don't get most of the hype around end-to-end encrypted messages when the app's source code isn't available for audit.
undefined a day ago
lenerdenator a day ago
[flagged]
undefined a day ago
1oooqooq a day ago
why people keep giving it the good press connotation by calling it by the old name?
rsynnott a day ago
"X" is a _terrible_ name; in a headline it looks like someone forgot to fill out a template.
Twitter wouldn't be the first rebrand where people just decide they're not going to bother with this. Notably, there the odd year or so where the Royal Mail attempted to rebrand to 'Consignia' (in the alternate universe where the Iraq War didn't happen, this would be what everyone remembered about the Blair era), and Netflix's attempt, some years before scrapping it entirely, to rename its DVD delivery business to 'Quikster'.
fc417fc802 14 hours ago
It will always remain Comcast to me. Fixing your public image requires correcting your wrongdoing, not changing your name.
callc 14 hours ago
Semi-related, parking your company name on widely used words in the dictionary like “Apple” and “Meta” really irks me.
Let’s just start some companies with the names:
- Let’s - Just - Start
You get the idea…
rsynnott 6 hours ago
fc417fc802 14 hours ago
tzs a day ago
I keep calling it Twitter, and urge everyone else to do so, because "twitter" is a better search term than "x", especially if you are using a search that doesn't let you specify word match.
AStonesThrow 14 hours ago
Sorry, but I use a search engine where I can specify "site:x.com" for example, or better yet, "site:m.xkcd.com", and it shows me exclusively results on that site’s domain, rather than clumsily trying to pretend with a content keyword.
X.com is distinctive and unambiguous. Wikipedia has entertained at least 12 proposals to change the article name; 100% of them have failed, and they are issuing 3-month moratoriums on discussion now.
Honestly the new name is a bit of a prank on porn addicts. If someone is watching over your shoulder while you try to type "x.com" into the URL bar, autocomplete may reveal how many other sites begin with "x" that you’ve visited lately.
tzs 2 hours ago
jasonlotito a day ago
It's not a good press connotation. Quite the opposite. As for why? The answer is in the article.
> [1] I'll respect their name change once Elon respects his daughter
owebmaster a day ago
That is an interesting concept as it seems that Elon Musk's main battle is against people's right to not be called by an old name. Xitter transition have not been very successful.
jeffhuys a day ago
It's still running fine for me with actual interesting content. I don't get this take, feels like only people who don't use it at all (anymore) say it's been a bad transition or "X sucks now" but they're not using it.
It's still just Twitter, but you're not being banned anymore. So ACTUAL discussions can take place without having the thought police running around with a banhammer.
happosai a day ago
nilamo a day ago
kemotep a day ago
paulryanrogers a day ago
undefined a day ago
sergiotapia a day ago
I only see bluesky types keep calling it twitter fwiw.
bigstrat2003 a day ago
I am by no means a bluesky person. I hate Twitter and all its clone sites, because I think they're tearing apart the social fabric by training people to interact in bite-sized hot takes in a cycle of outrage. I will still call it Twitter until the end of time, because I refuse to respect corporate rebrands. Whether it's Twitter, Facebook, Comcast, or anything else, I'm not going to play along with their silly name games.
undefined a day ago
linotype a day ago
[flagged]
undefined a day ago
paulvnickerson a day ago
[flagged]
undefined a day ago
upofadown a day ago
>...you're still relying on the Twitter server to give you the public key of the other party and there's no out of band mechanism to do that or verify the authenticity of that public key at present.
...
>Signal doesn't have these shortcomings. Use Signal.
Dunno that Signal is a really good counterexample for this particular aspect of E2EE messaging. The option exists to compare a 60 digit decimal number but the usability of this feature is such that most users don't even know that this is something they have to do. Just having a feature is not valuable if no one knows that feature exists and have no idea what any of it means.
I like the approach used by Briar Messenger. They just have the user use the number that represents identity in the system. There is no misleading feature that maps a phone number to the actual cryptographic identity. This makes it much harder for the user to unknowingly use the system in an unsafe way. A Briar identity looks like this:
briar://bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarciundefined a day ago
ETH_start a day ago
[flagged]
bilekas a day ago
Umm what ? Are you saying that we need to call Twitter X? And if not, we should get flagged?
If that's the case I'd like to say it will always be Twitter for me.
ETH_start 10 hours ago
People should call it by its name. Using an old name that no longer describes it is confusing.
shiandow a day ago
[flagged]
undefined a day ago
koakuma-chan a day ago
[flagged]
Imustaskforhelp a day ago
Signal doesnt have a backdoor. You might be misguided By the media. Signal is one of the best software and foundations to exist. Period.
prophesi a day ago
I'm assuming this is about TeleMessage
https://www.404media.co/the-signal-clone-the-trump-admin-use...
treebeard901 a day ago
With all the ways devices leak data, even now with all the AI integration and the screen recording happening in Windows, it is safe to assume encrypted messaging is not as secure as it used to be. Onscreen keyboards and device notification systems also offer other areas that can leak what you type.
The financial and legal consequences for companies that refuse backdoors are just too great.
77pt77 a day ago
> even now with all the AI integration and the screen recording happening in Windows
What!
> Onscreen keyboards and device notification systems also offer other areas that can leak what you type.
The keyboard one is really pervasive.
two_handfuls a day ago
ibotty 9 hours ago
mschuster91 a day ago
That was a modified client you're referring to.
pilif a day ago
It didn’t have a back door.
A third party client was used whose only purpose was to log conversations. That third party client’s archive was then hacked.
Any client must by definition have access to the unencrypted data (in order to display it to the user). If you deliberately create a client that logs all communication, well, then all communication will be logged.
thrance a day ago
brookst a day ago
[flagged]
undefined a day ago
undefined a day ago
nalekberov a day ago
[flagged]
kstrauser a day ago
That’s not true. Skepticism is good and welcome. Random allegations like “it has a backdoor” are not.
If someone has demonstrable evidence that Signal is compromised, I’d delete it immediately. Until then it’s just unwarranted speculation, seemingly intended to make people “both sides” it and switch to something more popular and less secure.
nalekberov a day ago
maeln a day ago
[flagged]
stavros a day ago
I read the first sentence and thought "that take sounds rather warm", but then I realized you were talking about Elon. Yeah, you don't get to casually throw a Sieg Heil at a public event and not get called a nazi, I have to agree.
paxys a day ago
And someone who is (or at least until recently was) a part of the US government, with overreaching authority. Yeah, these are the people I trust to keep my communication private...
undefined a day ago
rlt a day ago
[flagged]
teddyX a day ago
So you are saying that it’s not possible for someone who grew up around slavery and benefiting for apartheid to have racist ideology?
rlt a day ago
viraptor a day ago
It's very relevant. The intersection of: providing a platform with "encrypted communication" used world wide, vindictive behaviour, and Nazi leaning - it may result in some people who assume their private chats are protected being thrown under the bus in the future. The world is political and it matters.
throw8283933i a day ago
[flagged]
jeffhuys a day ago
[flagged]
hypeatei a day ago
His support for far right parties in Germany and in the United States. I'm sure it's just a coincidence, though.
jeffhuys a day ago
maeln a day ago
Oh really, then show me a video of someone specifically raising, in a very straight fashion, the right arm and hand at a fast speed. The straightness and speed is important. No a simple salute made with the right arm just does not look the same. You know it, I know it, Elon Musk knowns it. Let's not pretend he did not explicitly made a fascist salute.
jeffhuys a day ago
undefined a day ago
rschiavone a day ago
Also openly endorsing a Nazi party like the German AfD [1], and if I had to link every single Musk's tweet where he says or endorses something homophobic, transphobic, racist, sexist or antisemitic I'd hit my character limit.
[1] https://www.theguardian.com/world/2025/feb/24/elon-musk-cong...
righthand a day ago
Yes people forget but Elon was defending white supremacists on Twitter well before he owned the company.
paulvnickerson a day ago
It's ridiculous and offensive to call someone a nazi who is clearly not a nazi considering there are literally people targeting Jews and their supporters in this country [1] [2] [3].
[1] https://apnews.com/article/israel-embassy-jewish-museum-shoo...
[2] https://www.cnn.com/us/live-news/boulder-colorado-antisemiti...
[3] https://www.ed.gov/about/news/press-release/us-department-of...
owebmaster a day ago
It is probably better for Xitter/Elon's plans.