Twitter users can now encrypt their direct messages, providing an added layer of security, albeit with some conditions. Recently announced by Twitter, this feature utilizes strong cryptography to encrypt messages, links, and reactions before the platform sends them from the user’s device.
The encryption remains in effect while Twitter stores the message, and it decrypts itself upon reaching the recipient. To implement encryption, Twitter generates private and public key pairs specific to each device.
The public key is established upon signing in on a new device or browser, while the private key remains on the user’s devices and is not shared with Twitter. The conversation key, used to encrypt the content of direct messages, is securely exchanged between participating devices using the private-public key pairs.
The sender and recipient must use the latest versions of Twitter’s web, iOS, or Android apps. They must also be verified users or associated with a Verified Organization, which requires a Twitter Blue account or a Verified Organization subscription.
The encryption only restricts itself to text and links, excluding media or other attachments. Twitter does not yet support encryption for group chats, though it intends to work on encrypting them in the future. Specific metadata, such as recipient information and creation time, features no encryptions as of yet.
New devices logging into Twitter cannot join existing encrypted DM conversations, and a maximum of ten devices per user can participate in encrypted DMs. Man-in-the-middle attacks are not protected against, though Twitter is actively addressing this vulnerability.
To enable encryption, users need the latest Twitter app version. They can tap the Info icon to start an encrypted message in an existing chat. Users can activate the encrypted mode switch and compose messages for new chats.
Twitter aims to differentiate encrypted DMs by displaying a lock icon on the recipient’s avatar badge. The Info icon confirms that Twitter has encrypted the messages.
While Twitter’s encryption arrives later than other platforms, such as Signal or WhatsApp, it allows users to secure their confidential or private direct messages, enhancing overall privacy and data protection.