How X’s Updated DM Encryption Enhances Privacy for Premium Users
Overview of X’s New Encrypted Messaging System
X (formerly Twitter) has revamped its direct message (DM) encryption with the rollout of the new “XChat” platform for Premium subscribers. This update marks a significant backend overhaul aimed at providing default encrypted DMs for all users eventually, improving upon last year’s less secure implementation.
Key Features of the Updated Encryption
- Private-Public Key Pair: Created per user on first chat use, secured by a user-set four-digit PIN that never leaves the device.
- Conversation Key: Used to encrypt message content within each chat, exchanged securely using the key pairs.
- Comprehensive Encryption: Every message, link, reaction, media, and file is encrypted before leaving the sender’s device and remains encrypted in storage.
Security Considerations
While the system employs strong cryptographic methods, the use of a four-digit PIN for private key protection may be less secure than traditional passphrases. Metadata such as recipients and timestamps, however, are not encrypted. Additionally, posts shared within encrypted chats are recorded by X.
Usage Requirements and Limitations
- Both sender and recipient must use the latest iOS version of the X app; encryption is currently unavailable on Android and web.
- Recipients must have an existing connection with the sender (followed, accepted DMs, or prior messages) to enable encryption.
- Encrypted group messages and media are supported, with the exception of metadata remaining visible.
- Logging out deletes encrypted messages and keys from that device but allows recovery upon re-login.
Future Developments
X plans to open source its encryption system later this year, increasing transparency and potentially improving security. The company also hopes the enhanced encryption will encourage wider use of upcoming payment features within the app.
Source: Social Media Today – Latest News by Andrew Hutchinson. Read original.
