- By Zoe Kleinman and Tom Gerken
- Technology editor and reporter
May 10, 2023
Updated 16 minutes ago
Image source: Getty Images
Twitter is the latest social media platform to introduce an encrypted messaging service.
Direct messages sent on Twitter are end-to-end encrypted — meaning private messages can only be read by the sender and recipient.
CEO Elon Musk said that means he can’t see users’ messages “even if I put a gun to my head.”
However, he warned that this is an early version and people should “try but not trust just yet”.
The feature isn’t open to everyone yet and can only be used by people who pay for Twitter Blue or are connected to a verified Twitter account.
It is also not yet possible to send media in the messages – users can only send texts and links.
“While messages themselves are encrypted, metadata (recipients, creation time, etc.) is not encrypted, and neither is linked content,” it said.
“If someone — say, a malicious insider, or Twitter itself under mandatory legal process — compromised an encrypted conversation, neither the sender nor the recipient would know.”
Online safety law criticized
When he bought Twitter in 2022, Mr Musk hinted at plans to turn it into a “super app” with multiple features. In China, super app WeChat can be used for everything from social media to meal ordering to payments and messaging, but there’s really no comparable platform in the West.
Since then, he’s made a series of dramatic changes to the social network, including the launch of a subscription service and the removal of old blue tick badges that Twitter had previously used as a tool in the fight against the spread of disinformation.
Many Twitter users have long been calling for the private messaging service to be made more secure. However, Mr Musk’s timing could prove awkward for him in the UK, where the government’s Online Safety Act requires such messages to be accessible at the request of law enforcement. It says this will help protect children from abuse.
Messaging platforms WhatsApp and Signal have both criticized this part of the online safety bill, which is currently nearing the end of its hearing in Parliament.
In April, they expressed concern that the legislation could undermine end-to-end encryption, which privacy advocates and advocates see as an invaluable tool.
They were two of several intelligence agencies whose heads signed a letter calling for a rethink, saying the bill as it stands opens the door to “routine, widespread and indiscriminate surveillance” of personal messages.
With a few exceptions, including Marketplace chats, Facebook’s parent company Meta has introduced encryption for its messenger platform.
Mr Musk said he expects encrypted messages on Twitter to “rapidly increase in complexity”.
ESET cybersecurity expert Jake Moore said Twitter is responding to demand from privacy-conscious users.
“Without using end-to-end encrypted messages, Twitter employees and the company itself have the ability to read people’s messages,” he told the BBC.
“While this can bring tremendous benefits to the platform by allowing advertisers to micro-target users, it poses a major security risk for those communicating without such privacy protections.”
Skip Twitter content, 1Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded as cookies and other technologies may be used. You might want to read Twitter Cookie Policy And Privacy Policy before acceptance. To view this content, select “Accept and continue”.
Accept and continue
End of Twitter content, 1
A Home Office spokesman told the BBC: “The Online Safety Act applies to all platforms, regardless of their design and functionality. Therefore, end-to-end encrypted services are in scope and need to fulfill their duty of care towards users.”
“We have made it clear that companies should only implement end-to-end encryption if they can also ensure public safety at the same time. We continue to work with the technology industry to work together on mutually agreeable solutions that protect public safety without compromising security.”