We welcome feedback and are actively working on improving every aspect of the product, from user experience to the protocol security by removing most of the following limitations.
For now, encrypted messages can only be sent to a single recipient. We’ll soon be expanding this feature to group conversations.
An encrypted message can only include text and links; media and other attachments are not supported yet. When users attempt to send media via an encrypted conversation, this action will not be completed. Reactions to encrypted messages are also encrypted. Also, while messages themselves are encrypted, metadata (recipient, creation time, etc.) are not, and neither is any linked content (only links themselves, not any content they refer to, is encrypted).
Currently, new devices cannot join existing encrypted conversations. Existing encrypted conversations and the messages in the conversation will be filtered out on new devices that you log into. If you try to access an existing encrypted conversation on a new device via new message flow, it will show an error message indicating that the conversation is inaccessible on that device.
Note: a device will be considered a new device in the context of encrypted messages, if the X app is re-installed on the device.
Verify integrity of conversations
Currently, we do not offer protections against man-in-the-middle attacks. As a result, if someone–for example, a malicious insider, or X itself as a result of a compulsory legal process--were to compromise an encrypted conversation, neither the sender or receiver would know. We are, however, working on mechanisms for a future release that will:
allow devices to verify the authenticity of the content and origin of the message (via “signature checks”); and
allow a pair of users to verify the devices that have access to their encrypted conversation (via “safety numbers”)
When signature checks and safety numbers are implemented, man-in-the-middle attacks should be difficult, if not impossible, and both senders and recipients should be alerted in the event of an attack.
Currently, it is not possible to report an encrypted message to X due to the encrypted nature of the conversation. It is important to highlight that at this phase encrypted DMs do not allow for media. If you encounter an issue with an encrypted conversation participant, we suggest you file a report about the account itself and our team will take a look.
To stop someone from sending you encrypted messages:
open the encrypted conversation between you and the participant you wish to block;
tap the information icon to open your Conversation info; and
at the bottom of the screen you have the option to block the account.
Logout and Key backup
If at any time you log out from X, all messages including encrypted messages on your current device will be deleted; this will not impact your other devices.
Currently, we don’t erase the private key from the device on logout. After logging in back on the same device, your device will be able to re-fetch and decrypt the encrypted conversations using the private key that the device had access to before logout. Once we offer the key backup feature, we will start erasing keys on logout. Until then users should exercise caution while using the product on a shared device such as public computers.
If the private key of a registered device was compromised, an attacker would be able to decrypt all of the encrypted messages that were sent and received by that device. In other words, this implementation is not “forward secure”. Our customers expect their (unencrypted) DM history to be stored in the cloud and downloadable on any device that they are logged into. Unfortunately, this user experience doesn’t work well with forward secure messaging protocols. In order to preserve and extend this user experience to encrypted messages, we decided to forgo forward secrecy. We don’t plan to address this limitation.