Elon Musk Unveils End-to-End Encrypted DMs For Twitter 2.0

Written by

Twitter's new CEO, Elon Musk, has confirmed plans to add end-to-end encryption (E2EE) to direct messages on the social media platform.

The billionaire made the announcement on Twitter on Sunday when he published a series of screenshots describing his vision for "Twitter 2.0."

The E2EE feature for DMs was first spotted by security researcher Jane Manchun Wong earlier this month. She analyzed code changes in Twitter's Android app referencing conversation keys for E2EE chats and posted about it on Twitter.

Perhaps not surprisingly, in this day and age, Manchun Wong's Twitter account no longer exists, but the code snippets are still available on the WayBackMachine website.

"Despite whatever claims may be made about Twitter's secure messaging capabilities over the coming weeks, it would be advisable to use caution before entrusting any sensitive data considering the stability of what appears to be a rushed design," said Melissa Bischoping, director of endpoint security research at Tanium.

"Any significant security undertaking with the complexity of something like encrypted messaging should not be rushed and – when responsibly implemented – would be the result of months or years of development and testing," Bischoping added. "Considering Twitter's recent breakneck pace, this could be a challenge."

Additionally, the executive told Infosecurity that E2EE also comes with privacy, legal and ethical considerations.

"It is often used for legitimate, essential communication that deserves privacy but can be used by criminals," she said.

"Additionally, users who believe their messages are secure may feel more comfortable discussing sensitive information that could be detrimental in the event the system is breached."

Additional features teased by Musk for Twitter 2.0 (also called by him "The Everything App") include advertising as entertainment, new video tools, long-form Tweets, payments and the relaunch of the infamous Blue Verified program, currently scheduled for early December.

The news comes weeks after several of Twitter's C-level security and privacy executives resigned amid the uncertainty of the company's future.

What’s hot on Infosecurity Magazine?