What Even Is E2E Encryption, Then?
Jay Peters, writing for The Verge:
Encrypted DMs currently have a few limitations and a very big flaw. […] Twitter warns that it doesn’t have protections against man-in-the-middle attacks. “As a result, if someone — for example, a malicious insider, or Twitter itself as a result of a compulsory legal process — were to compromise an encrypted conversation, neither the sender or receiver would know,” Twitter says.
I’m no expert, sure, but that… doesn’t sound like end-to-end encryption to me.
UPDATE: It doesn’t sound like E2E encryption because it’s not. I read “encrypted message” and hallucinated “end-to-end encrypted” the whole time, even though The Verge’s article was correct. From Twitter’s support document:
Twitter seeks to be the most trusted platform on the internet, and encrypted Direct Messages are an important part of that. As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it. Until then, here is the Encrypted Direct Message we are releasing - a new way of communicating on Twitter that will appear as separate conversations, alongside your existing Direct Messages in your inbox.
My bad. However, I do wonder how many people will use Encrypted Direct Messages mistakenly assuming it’s E2E, since that’s the gold standard and all the buzz these days. Should Twitter have waited until they could deliver the good stuff?