Elon Musk recently hinted that Twitter encrypted DMs were on the way, using full end-to-end encryption – and code spotted in the iOS app suggests that it will use the same E2E encryption standard as Signal.
Plans for E2E encryption of Twitter direct messages date back to at least 2018, and it appears that the company has resuscitated code written back then …
Background
Almost all private messaging services use encryption, but there are two major forms. Standard encryption uses a key held by the messaging service. This means that anyone in the company with the necessary access could read any message.
End-to-end (E2E) encryption is different, as only the message participants have the encryption key. The messaging service itself has no access to the unencrypted content, making it far more secure.
Twitter DMs currently use the weaker form of encryption.
Twitter encrypted DMs to use Signal protocol
Reverse-engineer maestro Jane Manchun Wong spotted references to the Signal protocol in the iOS Twitter app. This strongly suggests that the company plans to use the same E2E encryption used by secure messaging app Signal.
Twitter will adopt the Signal Protocol for Encrypted DMs. Seeing code references of the Signal Protocol inside Twitter’s iOS app.
She had previously spotted E2E encryption pointers in the Android app, though not references to Signal.
This code is open-source, which provides two benefits. First, anyone is free to use it. Second, anyone can examine the code to ensure that it does what is claimed, and to try to spot weaknesses in it.
As for Twitter’s implementation, software engineer Brandon Carpenter said that he wrote the code back in 2018 while at Twitter.
Oh look! Some code I wrote four years ago. Wonder if someone is emailing snippets of it to elnos goons for their weekly code reviews or whatever.
You have my full blessing to do so. But I’m not responsible if you’re fired for it “not being up to standards” […]
I wrote most of the TwitterSignalProtocol library, which wraps libsignal with an Objective-C interface, implements the storage interfaces, and hooks it up to Apples built-in cryptographic routines.
He says the reason Twitter didn’t implement it at the time was difficulty in providing the same DM features as the standard version.
WhatsApp makes it easier to message yourself
On the subject of encrypted messaging, TechCrunch spotted that WhatsApp has rolled out a feature that makes it easier to message yourself.
While that may seem a bizarre thing to do, some people use the app as a way to store notes and reminders. It’s something I’ve done on occasion when an app’s Share sheet doesn’t include the ability to AirDrop a link, nor a way to copy it to the clipboard.
Author: Ben Lovejoy
Source: 9TO5Google