About Encrypted Direct Messages
Twitter seeks to be the most trusted platform on the internet, and encrypted Direct Messages are an important part of that. As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it. Until then, here is the Encrypted Direct Message we are releasing - a new way of communicating on Twitter that will appear as separate conversations, alongside your existing Direct Messages in your inbox.
How does it work?
The latest version of Twitter apps (iOS, Android, Web) generate a pair of device specific keys, called private and public key pair. The public key is automatically registered when a user logs into Twitter on a new device or browser; the private key never leaves the device and therefore is never communicated to Twitter. In addition to the private-public key pairs, there is a per conversation key that is used to encrypt the content of messages. The private-public key pairs are used to exchange the conversation key securely between participating devices.
We employ a combination of strong cryptographic schemes to encrypt every single message, link, and reaction that are part of an encrypted conversation before they leave the sender’s device, and remain encrypted while stored on Twitter’s infrastructure. Once messages are received by the recipient devices, they are decrypted so that they can be read by the user.
We aim to open source our implementation and describe the technology in depth through a technical whitepaper later this year.
Who is eligible to send and receive encrypted messages?
Users need to satisfy the following conditions in order to send and receive encrypted messages:
- both sender and recipient are on the latest Twitter apps (iOS, Android, Web);
- both sender and recipient are verified users or affiliates to a verified organization; and
- the recipient follows sender, or has sent a message to sender previously, or has accepted a Direct Message request from the sender before
How to send encrypted messages?
Sending an encrypted message is similar to sending a regular unencrypted message. If you are eligible to send encrypted messages, you will see a toggle after clicking on the message icon
to enable “encrypted” mode. Selecting an eligible recipient, composing a message and clicking send will send an encrypted message.
Alternatively, you can send an encrypted message through the conversation settings page of an unencrypted conversation
- Tap into an unencrypted conversation from inbox
- Tap on the information icon
- Select “Start an encrypted message”
Differentiating between encrypted and unencrypted conversations
Encrypted conversations are visually differentiated from unencrypted conversations through a lock icon badge on the avatar of the user you are talking to. The badged avatar shows up in both the inbox and conversation views.
You can also check if a conversation is encrypted from the conversation info page. The conversation info page displays the following label at the top for encrypted conversations: “Messages are encrypted.”
We welcome feedback and are actively working on improving every aspect of the product, from user experience to the protocol security by removing most of the following limitations.
For now, encrypted messages can only be sent to a single recipient. We’ll soon be expanding this feature to group conversations.
An encrypted message can only include text and links; media and other attachments are not supported yet. When users attempt to send media via an encrypted conversation, this action will not be completed. Reactions to encrypted messages are also encrypted. Also, while messages themselves are encrypted, metadata (recipient, creation time, etc.) are not, and neither is any linked content (only links themselves, not any content they refer to, is encrypted).
Currently, new devices cannot join existing encrypted conversations. Existing encrypted conversations and the messages in the conversation will be filtered out on new devices that you log into. If you try to access an existing encrypted conversation on a new device via new message flow, it will show an error message indicating that the conversation is inaccessible on that device.
Note: a device will be considered a new device in the context of encrypted messages, if the Twitter app is re-installed on the device.
Device registration / de-registration
We currently allow a maximum of ten devices per user for encrypted messages. After you have reached the limit, you will not be able to send and receive encrypted messages on any new devices that are logged into Twitter. Also, we don’t support the ability for users to see a list of registered devices or to de-register a registered device.
Verify integrity of conversations
Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process--were to compromise an encrypted conversation, neither the sender or receiver would know. We are, however, working on mechanisms for a future release that will:
allow devices to verify the authenticity of the content and origin of the message (via “signature checks”); and
allow a pair of users to verify the devices that have access to their encrypted conversation (via “safety numbers”)
When signature checks and safety numbers are implemented, man-in-the-middle attacks should be difficult, if not impossible, and both senders and recipients should be alerted in the event of an attack.
Currently, it is not possible to report an encrypted message to Twitter due to the encrypted nature of the conversation. It is important to highlight that at this phase encrypted DMs do not allow for media. If you encounter an issue with an encrypted conversation participant, we suggest you file a report about the account itself and our team will take a look.
To stop someone from sending you encrypted messages:
open the encrypted conversation between you and the participant you wish to block;
tap the information icon to open your Conversation info; and
at the bottom of the screen you have the option to block the account.
Logout and Key backup
If at any time you log out from Twitter, all messages including encrypted messages on your current device will be deleted; this will not impact your other devices.
Currently, we don’t erase the private key from the device on logout. After logging in back on the same device, your device will be able to re-fetch and decrypt the encrypted conversations using the private key that the device had access to before logout. Once we offer the key backup feature, we will start erasing keys on logout. Until then users should exercise caution while using the product on a shared device such as public computers.
If the private key of a registered device was compromised, an attacker would be able to decrypt all of the encrypted messages that were sent and received by that device. In other words, this implementation is not “forward secure”. Our customers expect their (unencrypted) DM history to be stored in the cloud and downloadable on any device that they are logged into. Unfortunately, this user experience doesn’t work well with forward secure messaging protocols. In order to preserve and extend this user experience to encrypted messages, we decided to forgo forward secrecy. We don’t plan to address this limitation.
Encrypted message deletion
Just like a Direct Message, when you delete an encrypted message, it is deleted from your account only, not from the other participant’s inbox. Deleting or leaving an encrypted conversation will not prevent the other person from sending you a Direct Message in the future.
When you delete an encrypted message or conversation (sent or received), the data will be instantly deleted from your device (and soon after from all your other devices). You then will no longer be able to view it. Note that the recipient may still be able to see the encrypted message or conversation you have deleted.
Tweet us @TwitterEng!