Why you can’t trust Twitter’s encrypted DMs

After an unusually eventful few days, let’s check in on the current state of affairs at Twitter. A high-profile capitulation to the Turkish government and new CEO sparked a ton of chatter over the weekend. Meanwhile, a troubled introduction of encrypted messaging on the site has raised questions over when, if ever, the product can be said to be truly secure.

Start with encrypted messaging, where owner Elon Musk’s ready-fire-aim approach to product development has once again led to a chaotic feature rollout.

Last week, Twitter launched encrypted direct messages, a project the company has been exploring since at least 2018 and that Musk has been talking about since November. Encryption, which comes free on apps including WhatsApp, Messenger, and Signal, is available on Twitter only to paying subscribers. 

In tweets, Musk promised the feature will “grow in sophistication rapidly,” and noted, “the acid test is that I could not see your DMs even if there was a gun to my head.” 

It’s not there yet. These messages are not encrypted end to end, making them vulnerable to so-called man-in-the-middle attacks. “Currently, we do not offer protections against man-in-the-middle attacks,” the company acknowledged in a blog post. “As a result, if someone – for example, a malicious insider, or Twitter itself as a result of a compulsory legal process – were to compromise an encrypted conversation, neither the sender or receiver would know.”

Using encrypted DMs on Twitter will require you to place a great deal of trust in the company

But this doesn’t cover the full extent of the vulnerabilities. Security researcher Matthew Garrett told us that using encrypted DMs on Twitter will require you to place a great deal of trust in the company.

He explained it like this: Under Twitter’s system, each device generates a cryptographic key pair, with a public key and a private key. The public key is uploaded to Twitter and associated with your account. When you want to send a message, you effectively ask Twitter for the set of keys associated with a user and use them to decode the message.

But what if someone at Twitter added their own public key to the list of keys associated with a user, or swapped out one of the user device keys with their own? Then they’d have the corresponding private key, and would be able to obtain the message encryption key.

In a detailed blog post critiquing Twitter’s approach to encryption, Garrett said the feature represents a modest security improvement over the status quo — but said users would be safer using Signal or WhatsApp.

On Twitter itself, Garrett sparred with Christopher Stanley, who previously worked at SpaceX and is now running security engineering at Twitter. Stanley is leading Twitter’s encrypted DMs project.

“A white paper will be published soon,” Stanley said in response to criticisms. “I had [cybersecurity firm] Trail of Bits audit our implementation. Dan Guido and those folks are badass.”

Stanley then deleted the tweet. Probably because, according to Twitter sources, it hasn’t even signed a contract with Trail of Bits. (Trail of Bits declined to comment.) The reason, Platformer is told: Twitter continues to lay off employees who previously handled procurement.

To sum up, then, Twitter launched its encrypted messaging effort with the project lead appearing to falsely claim that it had been audited. And the worker shortage at the company is making it more difficult to bring on auditors.

“Try it, but don’t trust it yet,” Musk tweeted when encrypted messages launched.

He had us at “don’t trust it.” 

One reason to care about how secure your nominally encrypted messages are is that, when pressed, tech platforms sometimes share encryption keys with the government. While iMessage is encrypted end to end, for example, iCloud backups are not. In 2020, Reuters reported that Apple postponed plans to offer end-to-end encrypted backups after the FBI complained that it would make their investigations more difficult.

Tech platforms, and Twitter 1.0 in particular, will push back on some requests that they view as overbroad or inappropriate. In fact, Twitter sued Turkey in 2014 after the country temporarily blocked access to the site. 

But that was the old Twitter. Under Musk, Twitter’s full compliance with government demands has risen from around 50 percent to more than 80 percent, Rest of World’s Russell Brandom reported last month. And so if you were counting on the company to push back on requests to view your encrypted messages, the odds are much lower than they were at this time last year.

This is not the first time a company has restricted access to content as a last-ditch effort to remain operating there

Twitter’s newfound willingness to roll over for strongmen was on full display over the weekend after the company acknowledged that it would restrict access to some (unspecified) content in Turkey during its national election. The restricted tweets and accounts remained visible outside of Turkey. But to critics — especially the more liberal Twitter dead-enders, who operate under the belief that if they only screenshot enough examples of Musk’s hypocrisy he might resign in disgrace and restore the site to its former glory — the move offered an irresistible invitation to dunk.

“The Turkish government asked Twitter to censor its opponents right before an election and @elonmusk complied — should generate some interesting Twitter Files reporting,” quipped Matt Yglesias.

“Did your brain fall out of your head, Yglesias?” Musk replied. “The choice is have Twitter throttled in its entirety or limit access to some tweets. Which one do you want?”

On this point, we can be sympathetic to Musk. This is not the first time a company has restricted access to content as a last-ditch effort to remain operating there. In fact, Turkey temporarily blocked access to Twitter as recently as February, in the wake of the country’s devastating earthquake. And in 2021, before Musk bought the company, Twitter restricted access to various high-profile accounts at the behest of the Indian government.

The rationale for these moves is fairly straightforward: it’s typically better for the cause of speech to have at least some content available. Pakistan banned YouTube outright from 2012 to 2016; when the government relented and allowed it to return, it was largely in part because it had established a means to get YouTube to restrict access to some videos within the country. 

If there’s a difference in the Twitter case, it’s that some authoritarians now have an additional lever of control over the company: Musk’s business interests. Tesla just entered the Turkish market last month; that gives Musk more than the usual free-speech reasons to want to comply with the government’s demands. (Last year Yglesias raised a similar concern around Musk and Tesla’s dependence on China for manufacturing.)

In any case, the Turkish election is now headed to a runoff in two weeks. How Twitter responds to any new government demands between now and then will deserve close scrutiny.

There is much to know and surely even more to be learned about Linda Yaccarino, who Musk has named Twitter’s next CEO. And yet before discussing anything about her leadership style, her appeal to advertisers, or her politics, it seems pertinent to discuss Twitter’s previous CEO — and it isn’t who you might think. 

Here’s Aditi Bharade, writing on April 11th for Insider:

Twitter CEO Elon Musk told the BBC that his pet Shiba Inu, Floki, is the CEO of the social media platform and that he dresses it in black turtlenecks — the outfits disgraced Theranos CEO Elizabeth Holmes was known for wearing.

During a live interview on Twitter Spaces with James Clayton, a BBC journalist, Musk kept correcting Clayton when the latter called Musk Twitter’s CEO.

“I’m not the CEO of Twitter. My dog is the CEO of Twitter. He’s a great dog, very alert, and it’s hard to get anything by him,” Musk said.

Well — move over, Floki. 

Musk tweeted that Yaccarino, a longtime ad executive who comes to the company from NBCUniversal, “will focus primarily on business operations.” Musk, on the other hand, will “focus on product design & new technology.”

And maybe they will. But the Musk era at Twitter has been marked by so many broken promises and false starts that it’s hard to know how seriously to take any of it. Maybe Yaccarino and Musk will get along famously and help to rebuild the ad business that he has spent the past six months cheerfully undermining. Or maybe he will tire of her pushback, as he has tired of so many of his previous executives, and she’ll be looking for new work again within months.

In any case, the fact that she’s taking over for a Shiba Inu would seem to say a lot about what Musk thinks of the role.

Current Twitter employees don’t seem to be preparing for Yaccarino to shake things up much. On Blind, a pseudonymous workplace forum, her appointment has generated minimal discussion, sources said. 

One employee, nodding to how many current Twitter employees remain there because visa issues prevent them from easily leaving, jokingly wondered whether Yaccarino was having visa issues of her own. (She’s an American citizen.)

In December, after Musk lost a poll about whether he should remain as CEO, he said he would resign “as soon as I find someone foolish enough to take the job!” 

What kind of person steps into such a job? We’re about to find out.