Snakeoil Crypto: Twitter Claims Bulletproof Encrypted Messaging Rollout
If it's not end-to-end crypto done using crypto code that is not also provided by the messaging service, it's not bulletproof. All that any of these services, or the State and or actors that rubberhose and or crack them or mole them out, need to do is to backdoor the code your browser downloads from them. At that point you're fucked. https://help.twitter.com/en/using-twitter/encrypted-direct-messages https://twitter.com/foaddabiri/status/1654856617723301888 https://twitter.com/elonmusk/status/1655971825665409024 Musk Launches Twitter's New Encrypted Messaging, But With Big Caveat: "Don't Trust It Yet" https://www.theepochtimes.com/musk-launches-twitters-new-encrypted-messaging... Elon Musk on Thursday announced the official launch of Twitter’s new encrypted direct messaging (DM) function, urging users to give it a try, but warning that the encryption feature in the early version should not be trusted. “Early version of encrypted direct messages just launched,” Musk stated in a Thursday tweet. “Try it, but don’t trust it yet.” Direct messages sent on Twitter will be encrypted end-to-end, meaning that private messages can only be read by the sender and recipient. Musk stated in an earlier post on Wednesday that the sophistication of the encryption feature will grow “rapidly” following the launch of the preliminary version. “The acid test is that I could not see your DMs even if there was a gun to my head,” he said. With the rollout now official, Twitter joins other platforms like Signal and WhatsApp in providing users with an encrypted messaging service, though not all Twitter users will have access to it—at least for now. Twitter stated in a post on its support site that the encryption feature is only available to people who pay for Twitter Blue or are affiliated with a verified Twitter account. Only messages containing text and links are encrypted, while media and other attachments are not yet supported. Early version of encrypted direct messages just launched. Try it, but don’t trust it yet. — Elon Musk (@elonmusk) May 11, 2023 Reactions to encrypted messages are also encrypted, but metadata—which includes the recipient as well as the creation time—are not. While links themselves are encrypted, the linked content isn’t. Eligible users who want to send encrypted messages on Twitter will see a toggle after clicking on the message icon, allowing them to activate “encrypted” mode. They can then select another eligible recipient, and clicking “send” will dispatch an encrypted message. Alternatively, eligible Twitter users can send encrypted messages though the conversation settings page of an unencrypted conversation in their inbox. After tapping the information icon, they can select the “start an encrypted message” option. Encrypted conversations will be differentiated from unencrypted ones through a lock icon badge. “As Elon Musk said, when it comes to direct messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it,” Twitter said on the support page, reinforcing Musk’s warning not to trust the encryption feature to protect sensitive information—yet. “Twitter seeks to be the most trusted platform on the internet, and encrypted direct messages are an important part of that,” the support page states. Musk revealed last year that he has plans to roll out a “Twitter 2.0 The Everything App,” which he said would combine encrypted direct messages, long-form tweets, and payments. In March, Musk merged Twitter with a shell firm called X Corp., which he owns. WhatsApp ‘Cannot Be Trusted’ In a Twitter post on Tuesday, Musk took aim at WhatsApp, telling Twitter users that the service “cannot be trusted.” Musk was responding to a post from Twitter engineer Foad Dabiri, who claimed that his WhatsApp application was constantly switching on the microphone, even while he was sleeping. Dabiri shared a screenshot of his device’s microphone usage, which showed that it had been switched on nine times between 4:20 a.m. and 6:53 a.m. while he was asleep, at one point appearing to record him for nearly 30 minutes. Replying to Dabiri’s post, Gannon Breslin, CEO of The Drop NFT Media Inc., wrote, “It’s incredible how many people don’t realize that WhatsApp is owned by Meta/Facebook.” Facebook purchased WhatsApp in 2014 for $16 billion. Musk replied: “Yeah. Or that WhatsApp founders left Meta/Facebook in disgust, started #deletefacebook campaign and made major contributions to building Signal. What they learned about Facebook and changes to WhatsApp obviously disturbed them greatly.” WhatsApp swiftly dismissed Dabiri’s claim, stating that users of the messaging service “have full control over their mic settings.” “Over the last 24 hours, we’ve been in touch with a Twitter engineer who posted an issue with his Pixel phone and WhatsApp,” WhatsApp said on its official Twitter account. “We believe this is a bug on Android that mis-attributes information in their Privacy Dashboard and have asked Google to investigate and remediate.” “Users have full control over their mic settings. Once granted permission, WhatsApp only accesses the mic when a user is making a call or recording a voice note or video—and even then, these communications are protected by end-to-end encryption so WhatsApp cannot hear them,” it added.
participants (1)
-
grarpamp