Elon Musk wants end-to-end encryption of Twitter direct messages. It may not be that simple 2022-04-30 09:57:00


“Twitter DMs should have end-to-end encryption like Signal, so no one can spy on or hack your messages,” books.

With this statement, Musk engaged in a long-running debate among technologists and privacy advocates about what level of encryption apps and platforms it should provide to its users. Rising privacy concerns have led to questions about how much tech companies collect user data, and several platforms — including the messaging app Signal that Musk noted — have begun touting end-to-end encryption as a key feature.

This ability means that communications can only be seen by senders and recipients, without the platform being able to access them. While some apps, such as Signal and WhatsApp, have end-to-end encryption by default, others including Telegram, Instagram, and Facebook Messenger allow users to sign up for encrypted messages.

Zoom video conferencing platform quickly Introduce end-to-end encryption In 2020, soon after the pandemic caused a surge in users, highlighting its security practices.
Meta, which owns WhatsApp, Instagram and Facebook Messenger, said it plans to roll out default end-to-end encryption for all of its apps globally. by 2023.
Why WhatsApp wants to convince Americans to stop texting
Twitter, on the other hand, has yet to outline a plan to offer end-to-end encryption for its direct messages, despite calls from industry experts and advocates for years. And those calls intensified in the middle of 2020, after a massive platform penetration He compromised the accounts of several prominent figures, including former US President Barack Obama and Musk himself. (End-to-end encryption may not have prevented this attack since hackers Access it directly accounts, but experts say it will reduce the range of information attackers can target in the future.)

Twitter did not respond to a request for comment.

“It would be an important step in favor of user privacy if Twitter were to run [end-to-end encryption] For DMs, because it would prevent the company from reading its users’ conversations or revealing them to anyone else,” Rihanna Pfefferkorn, a researcher at Stanford Internet Observatory whose work focuses on cryptography, told CNN Business that the company should link them. Her hands in this way will prevent any bad actors within the company from abusing their access as an employee to user data.”

In November 2019, the Ministry of Justice Two former Twitter employees accused Spying on users on behalf of Saudi Arabia when they were in the company.

The fact that the influential platform will now be under new ownership raises new questions about what data it has access to.

Hours after Musk announced he would take over Twitter, Oregon Senator Ron Wyden — a longtime advocate of digital privacy — issued another warning.

“If the United States had a toothed privacy law, or if Twitter encrypted direct messages as I urged it years ago, Americans won’t be left wondering what it means to today’s sale of their private information,” he said. chirp. Protecting Americans’ privacy should be a condition of any sale.
Twitter is relatively smaller in size – its global user base is bit From Facebook, Instagram and WhatsApp — and the fact that it’s not primarily seen as a messaging platform may have allowed it to fly a little under the radar, according to Bruce Schneier, a security technician and fellow at Harvard’s Berkman Center for the Internet Society.

“Twitter is used in this type of live chat less than Signal, SMS, WhatsApp and Telegram,” he said. “It’s semi-public.”

Elon Musk wants & # 39;  Authenticating all real human beings'  on Twitter.  Here's what that could mean

And Twitter’s architecture — a single platform that includes public tweets and direct messages, and can be accessed on its website as well as mobile apps across multiple operating systems — could make end-to-end encryption more complex than early mobile messaging platforms like Signal, according to Deirdre Connolly, an engineer. encrypt.

“No web service has successfully cashed end-to-end encrypted messages on it – after its initial deployment –,” Connolly said, adding that most of the apps it offers either started from a mobile platform and expanded, or “designed web and mobile apps for [end-to-end encrypted] Messaging from the start.

“Building a secure web application that runs in a modern, patched web browser is a fundamentally different and more difficult task than doing the same on the desktop or especially on a mobile phone,” she said. “They haven’t done it yet because it’s hard. Really hard.”

But experts say giving Twitter end-to-end encryption by default is an important and worthy goal. Jack Dorsey, co-founder and former CEO of Twitter, has behold In the past he would be open to adding the ability (Wyden also cited Dorsey saying in 2018 that Twitter He was working on it) But the company He made no commitments.

Twitter and other companies often have policies and controls in place to prevent unauthorized access to private messages. But encrypting these messages “bypasses policy or access controls by making access impossible in the first place.” [and] It will also limit the information that a malicious third party can obtain about a particular user, whether that be a hacker or someone pretending to be law enforcement,” Pfefferkorn said.

One caveat, she added, is that end-to-end encryption of live codes can make it difficult to crack down on malicious content and cooperate with law enforcement in investigations, problems that companies such as The WhatsApp And apple I’ve dealt with him in the past. But those companies have repeatedly indicated the need to protect their users.

Altogether, [end-to-end encryption] For DMs it would be a net gain for user privacy and security.”