Twitter started offering 'encrypted DM', 'Earon Mask boasts that it will be inaccessible even if a gun is pointed at it'



Twitter has revealed that it is working on developing a function to encrypt messages (direct messages) between users to increase security. Basically, only the parties concerned can access the encrypted message, and it is said that Twitter cannot see the message.

About Encrypted Direct Messages – DMs | Twitter Help

https://help.twitter.com/en/using-twitter/encrypted-direct-messages

◆ Conditions for sending and receiving encrypted messages
In order to send and receive encrypted messages, users must meet the following conditions:

・Both sender and receiver are using the latest Twitter apps (iOS, Android, web)
・Both the sender and recipient are authenticated users or authenticated organizations
The recipient follows the sender, has previously sent messages to the sender, or has previously accepted a direct message request from the sender

In addition, in order for general users to be authenticated, it is necessary to subscribe to the subscription service Twitter Blue. The price on the website is 980 yen per month, and the price on iOS / Android is 1380 yen per month.

◆ How to send an encrypted message
Encrypted messages are distinguished from regular unencrypted messages. The procedure for sending encrypted messages is basically the same as for normal messages, but a 'toggle' is displayed for those who can send encrypted messages. When you send a message with the toggle on, the message is encrypted.



Alternatively, you can initiate a new encrypted message exchange from an existing unencrypted message history. To get started, tap the info icon from your message history.



You can start exchanging a new encrypted message by tapping the words 'Start an encrypted message'.



◆ How to distinguish between encrypted and normal messages
Encrypted message history will now display a padlock on the person's profile icon. The image below shows the normal message on the left and the encrypted message on the right.



In addition, a padlock icon will also be displayed on the screen where the message list is displayed.



In addition, 'Messeges are encrypted' is displayed on the screen that appears when you tap the information icon from the message history.



◆Device restrictions
Twitter's message encryption consists of generating a 'private key' for each device. This private key will not be erased even if you log out of Twitter, and you can retrieve the encrypted conversations again by logging back in on the same device.

However, uninstalling the Twitter app will delete the private key. Private keys are not shared with other devices, so encrypted messages cannot be shared between different devices.

A private key backup function will be provided in the future. When this feature is provided, it will be possible to clear the keys on logout.

At the time of article creation, up to 10 devices per user can use encrypted messages. After reaching the limit, new devices will not be able to send or receive encrypted messages. It also does not support the ability for users to see the list of enrolled devices or unenroll an enrolled device.



◆ Restrictions on encrypted messages
At the time of article creation, encrypted messages cannot be sent to 'groups', and can only be sent to one person at a time. We will soon be able to send to groups as well.

Encrypted messages can only contain 'text' and 'links', media such as images and videos, and other attachments are not yet supported.

As with regular messages, deleting an encrypted message only removes it from your account, not the other person's inbox. Deleting or leaving encrypted messages will not prevent the other person from sending you messages in the future. 'Block' is recommended as a way to prevent this.



In addition to encrypting the message itself, the other person's reaction to the message is also encrypted, but metadata such as recipients and creation time are not encrypted.

Messages are encrypted, so if you receive an inappropriate message, you can't report it to Twitter. If you encounter a problem, we encourage you to submit a report on the other party's account itself.

Importantly, at the time of writing the article, no protection against '

man-in-the-middle attacks ' was provided. “If Twitter compromises an encrypted conversation, for example, as a result of a malicious insider or coercive legal process, neither the sender nor the receiver will know,” Twitter said. N” is described. However, we also noted that we are preparing some workarounds for future releases.

First, by verifying the signature, the device confirms the content of the message and the authenticity of the originator. The second is the ability for messaging parties to verify which devices have access to encrypted messages. ``With these features implemented, man-in-the-middle attacks would be difficult, if not impossible, and should alert both the sender and recipient if attacked,'' Twitter said. I'm explaining.



“As Elon Musk said, when it comes to Direct Messages, the standard should be that someone can put a gun to our (Twitter) head and still not be able to access our users' messages,” Twitter said. We haven't achieved it yet, but we are working towards it.' The message encryption function implemented this time will be open sourced in the future.

◆Added 2023/05/11 17:20
Twitter's Elon Musk CEO has officially released a message encryption function. 'Try it, but don't trust it yet,' Musk said.




Related Posts:

in Web Service, Posted by log1p_kr