Home Web information Elon Musk wants end-to-end encryption for Twitter DMs. It may not be so simple

Web information

Elon Musk wants end-to-end encryption for Twitter DMs. It may not be so simple

John C. Jones

April 30, 2022

“Twitter DMs should have end-to-end encryption like Signal, so no one can spy on or hack into your messages,” he said. wrote.

With this statement, Musk launched into a long-running debate among technologists and privacy advocates around the level of encryption apps and platforms should provide their users. Growing privacy concerns have led to questions about how much data tech companies collect from users, and many platforms — including the messaging app Signal that Musk refers to — have started to introduce end-to-end encryption as a key feature.

This capability means that communications can only be seen by senders and recipients, without the platform being able to access them. While some apps, such as Signal and WhatsApp, have end-to-end encryption by default, others, including Telegram, Instagram, and Facebook Messenger, allow users to opt in to encrypted messaging.

Video conferencing platform Zoom quickly introduced end-to-end encryption in 2020, soon after the pandemic caused a surge in users, highlighting its security practices.

Meta, which owns WhatsApp, Instagram and Facebook Messenger, has announced plans to roll out end-to-end encryption by default for all of its apps globally by 2023.

Twitter, on the other hand, has yet to outline a plan to offer end-to-end encryption for its direct messages, despite calls from industry experts and advocates for years. These calls intensified in mid-2020, after a massive hack of the platform compromised the accounts of several prominent figures, including former US President Barack Obama and Musk himself. (End-to-end encryption may not have prevented this attack, since hackers gained direct access to accounts, but experts say it would narrow the scope of information attackers could target in the future.)

Twitter did not respond to a request for comment.

“It would be a significant step in favor of user privacy if Twitter were to activate [end-to-end encryption] for DMs because it would prevent the company from reading its users’ conversations or disclosing them to anyone,” Riana Pfefferkorn, a researcher at Stanford’s Internet Observatory whose work focuses on encryption. his own hands in this way would prevent a bad actor within the company from abusing the access he has as an employee to user data.”

In November 2019, the Justice Department accused two former Twitter employees of spying on users on behalf of Saudi Arabia while at the company.

And the fact that the influential platform will now be under a new owner raises new questions about the data it has access to.

Hours after Musk announced he would take over Twitter, Oregon Sen. Ron Wyden — a longtime digital privacy advocate — issued another warning.

“If the United States had a privacy law with teeth, or if Twitter encrypted DMs like I demanded years ago, Americans wouldn’t be wondering what today’s sale means.” today for their private information,” he said. tweeted. “Protecting the privacy of Americans must be a condition of any sale.”

Twitter’s relatively smaller size – its global user base is only a fraction of Facebook, Instagram and WhatsApp – and the fact that it is not seen primarily as a messaging platform, have perhaps allowed to slip slightly under the radar, according to Bruce Schneier, a security technologist and fellow at Harvard University’s Berkman Center for Internet and Society.

“Twitter is less used for this kind of direct conversation than Signal, SMS, WhatsApp and Telegram,” he said. “It’s more semi-public.”

Additionally, Twitter’s architecture – a single platform that includes public tweets and DMs, and accessible through its website as well as mobile apps on multiple operating systems – could make full encryption more complicated than mobile-first messaging platforms such as Signal, according to Deirdre Connolly, a cryptographic engineer.

“No web service has managed to apply end-to-end encrypted messaging to it – after its initial deployment,” Connolly said, adding that most apps that offer it started from a mobile platform. and have developed, or “designed, their website and mobile applications for [end-to-end encrypted] messaging from the start.”

“Building a secure web application that runs in a modern, patched web browser is a fundamentally different and more difficult task than doing the same thing on desktop or especially on mobile,” she said. “They haven’t done it yet because it’s difficult. Really difficult.”

But experts say giving Twitter DMs end-to-end encryption by default is an important and laudable goal. Jack Dorsey, co-founder and former CEO of Twitter, has suggests in the past that he would be open to adding the capability (Wyden also quoted Dorsey as saying in 2018 that Twitter worked there), but the company made no commitments.

Twitter and other companies often have policies and controls in place to prevent unauthorized access to private messages. But encrypting these messages “goes beyond policy or access controls by making access impossible in the first place. [and] would also limit the information a malicious third party could obtain about a particular user, whether a hacker or someone posing as law enforcement,” Pfefferkorn said.

One caveat, she added, is that fully encrypting DMs could make it harder to crack down on malicious content and cooperate with law enforcement in investigations, issues that companies such as WhatsApp and Apple have dealt with in the past. But these companies repeatedly cited the need to protect their users.

“In total, [end-to-end encryption] for DMs would be a net gain for user privacy and security,” Pfefferkorn said.

Related posts: