Under Elon Musk, Twitter may be reviving a project that would bring end-to-end encryption to its Direct Messaging system. Work appears to have resumed on the feature in the latest version of the Android app, according to independent researcher Jane Manchun Wong, who spotted the changes to Twitter’s code. While Musk himself recently expressed interest in making Twitter DMs more secure, Twitter itself abandoned its earlier efforts in this space after prototyping an encrypted “secret conversations” feature back in 2018.
Had the encrypted DM’s feature launched, it would have allowed Twitter to better challenge other secure messaging platforms like Signal or WhatsApp. But work on the project stopped and Twitter never publicly explained why — nor had it commented on the prototype Wong also found being developed in the app years ago.
Now, Wong says she’s seen work on encrypted DM’s resume, tweeting out a screenshot of Twitter’s code, which references encryption keys and their use in end-to-end encrypted conversations. Another screenshot shows a “Conversation key,” which the app explains is a number generated by the user’s encryption keys from the conversation. “If it matches the number in the recipient’s phone, end-to-end encryption is guaranteed,” the message reads.
In response to Wong’s tweets, Musk replied with a winking face emoji — an apparent confirmation, or at least what stands in for one these days, given that Twitter laid off its communications staff and no longer responds to reporters’ requests for comment.
Unlike the other projects Musk’s Twitter has in the works, like a relaunch of the Twitter Blue subscription now due out later this month, end-to-end encryption is something that cannot — and should not — be rushed out the gate.
Meta, for example, took years to fully roll out end-to-end encryption (E2EE) in Messenger, after having first tested the features in 2016. It wasn’t until this summer that Meta announced it would finally expand its E2EE test to individual Messenger chats. The company explained the delay to launch was, in part, due to the need to address concerns from child safety advocates who had warned the changes could shield abusers from detection. Meta also intended to use AI and machine learning to scan non-encrypted parts of its platform, like user profiles and photos, for other signals that could indicate malicious activity. Plus, it needed to ensure that its abuse-reporting features would continue to work in an E2EE environment.
In short, beyond the technical work required to introduce E2EE itself, there are complicating factors that should be taken into consideration. If Musk announces encrypted DMs in a compressed time frame, it would raise concerns about how secure and well-built the feature may be.
Plus, with Twitter’s 50% workforce reduction and the departure of key staff — including chief information security officer Lea Kissner, who would understand the cryptological challenges of such a project — it’s unclear if the remaining team has the expertise to tackle such a complex feature in the first place.
Musk, however, seems to believe encryption is the right direction for Twitter’s DM product, having recently tweeted “the goal of Twitter DMs is to superset Signal.” And, in response to a user’s question about whether Twitter would merge with telecommunication or become a WhatsApp replacement, Musk responded simply that “X will be the everything app.”
“X” here refers to Musk’s plan to transform Twitter into a “super app” that would combine payments, social networking, entertainment and more into one singular experience. Last week, he spoke in more detail about his plans for the payments portion, suggesting Twitter could one day allow users to hold cash balances, send money to one another and even offer high-yield money market accounts.
Want to talk to TechCrunch? You can reach us at firstname.lastname@example.org or here to stay anonymous. SecureDrop is also available. Sarah Perez can be reached at 415.234.3994 on Signal.