Twitter encrypted DMs to use Signal protocol

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Almost all private messaging services use encryption, but there are two major forms. Standard encryption uses a key held by the messaging service. This means that anyone in the company with the necessary access could read any message.

End-to-end (E2E) encryption is different, as only the message participants have the encryption key. The messaging service itself has no access to the unencrypted content, making it far more secure.

Twitter DMs currently use the weaker form of encryption.
Reverse-engineer maestro Jane Manchun Wong spotted references to the Signal protocol in the iOS Twitter app. This strongly suggests that the company plans to use the same E2E encryption used by secure messaging app Signal.

She had previously spotted E2E encryption pointers in the Android app, though not references to Signal.

This code is open-source, which provides two benefits. First, anyone is free to use it. Second, anyone can examine the code to ensure that it does what is claimed, and to try to spot weaknesses in it.

As for Twitter’s implementation, software engineer Brandon Carpenter said that he wrote the code back in 2018 while at Twitter.

He says the reason Twitter didn’t implement it at the time was difficulty in providing the same DM features as the standard version.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top