Twitter Encrypted Direct Messages

A new form of communication on Twitter called the Encrypted Direct Message has been made available by Twitter. It will appear in your inbox and regular Direct Messages as distinct conversations.

It’s important to remember that the feature is now only accessible to verified Twitter users, which includes Twitter Blue subscribers and anyone who is part of a “Verified Organization.”

“We employ a combination of strong cryptographic schemes to encrypt every single message, link, and reaction that are part of an encrypted conversation before they leave the sender’s device, and remain encrypted while stored on Twitter’s infrastructure”, Twitter.

User Requirements To Send And Receive Encrypted Messages:

  • Both sender and recipient are on the latest Twitter apps (iOS, Android, Web);
  • Both sender and recipient are verified users or affiliates of a verified organization; and
  • The recipient follows the sender or has sent a message to the sender previously, or has accepted a Direct Message request from the sender before.

Like sending a typical, unencrypted message, sending an encrypted one is simple. A toggle to enable “encrypted” mode will appear when you click on the message icon. An encrypted message will be sent after choosing a qualified recipient, writing your message, and pressing Send.

Also, you can send an encrypted message through the conversation settings page of an unencrypted conversation. Tap into an unencrypted conversation from your inbox, select the information icon, and choose “Start an encrypted message.”

“Encrypted conversations are visually differentiated from unencrypted conversations through a lock icon badge on the avatar of the user you are talking to. The badged avatar shows up in both the inbox and conversation views”, Twitter explains.

The conversation info page also lets you see if the conversation is encrypted. For encrypted conversations, the top of the discussion info page displays the label: “Messages are encrypted.”

Encryption

Limitations

Currently, only one recipient can receive encrypted messages. This function will soon be extended to group conversations on Twitter.

Only text and links can be included in an encrypted message; media and other files are not yet supported. Reactions to encrypted messages are also encrypted.

Furthermore, while messages are encrypted, metadata (recipient, creation time, etc.) are not, and neither is any linked content (only links themselves, not any content they refer to, is encrypted).

New devices cannot join current encrypted conversations. Existing encrypted communications and the messages in the conversation will be filtered out on new devices you log into.

Twitter now limits encrypted messages to ten devices per user. Once you’ve reached the cap, no additional devices signed into Twitter will allow you to send or receive encrypted messages.

Additionally, they do not allow a user’s ability to de-register a registered device or view a list of registered devices.

“Currently, we do not offer protections against man-in-the-middle attacks,” Twitter said.

Due to the conversation’s encryption, reporting an encrypted message to Twitter is currently not feasible. It is crucial to emphasize that media cannot be sent through direct encrypted messages now.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.