Twitter is beginning to roll out its long promised encrypted direct messaging feature, Engadget reported. However, the initial rollout comes with some major limitations that could make it less than ideal for privacy-conscious Twitter users.
According to Engadget, the feature is currently only available to verified Twitter users, which includes Twitter Blue subscribers and those part of a “Verified Organization.” It’s not clear if this is just for the early rollout or if encryption will be added to the growing list of exclusive features for users with a checkmark. For now, encrypted chat requires both users to be verified, according to the company.
Engadget also reported that the level of encryption appears to be less secure than what other apps offer. For one, message metadata is not encrypted. Furthermore, Twitter notes that “currently, we do not offer protections against man-in-the-middle attacks” and suggests that the company itself is still able to access encrypted DMs without the participants knowing.
Twitter’s Help Center posted information titled: “About Encrypted Direct Messages”. Here are some things to know:
Users need to satisfy the following conditions in order to send and receive encrypted messages:
- Both sender and recipient are on the latest Twitter apps (iOS, Android, Web);
- Both sender and recipient are verified users or affiliates to a verified organization; and
- The recipient follows the sender, or has a message to sender previously, or has accepted a Direct Message request from the sender before.
There are also some limitations to be aware of:
Groups: For now, encrypted messages can only be sent to a single recipient. We’ll soon be expanding this feature to group conversations.
Content: An encrypted message can only include text and links; media and other attachments are not supported yet.
New Devices: Currently, new devices cannot join existing encrypted conversations. Existing encrypted conversations and the message in the conversation will be filtered out on the new devices that you log into.
The Verge provided some clarifications about encrypted messages.
According to the document, encrypted DMs are only available if you are a verified user (somebody who pays for Twitter Blue), a verified organization (an organization that pays $1,000 per month), or an affiliate of a verified organization (which costs $50 per month per person). Both the sender and the recipient must be on the latest version of the Twitter app (on mobile and web). And an encrypted DM recipient must follow the sender, have sent a message to the sender in the past, or accept a DM request from the sender at some point.
The Verge also reported that Platforms like WhatsApp, Messenger, Signal, and iMessage already offer encrypted messaging for free, so having to pay for the feature on Twitter might be a hard pill to swallow.
Overall, I think this encrypted messages feature might attract people who are already paying for Twitter Blue. That said, I doubt the majority of people on Twitter, who don’t spend money to use new features, will be at all interested in paying for encrypted DM, especially because the message metadata is not encrypted.