Twitter launches encrypted DMs behind a paywall
In a new supporting document, Twitter has detailed what to expect from the first version of the platform’s encrypted instant messaging. Perhaps most notably, to be able to send and receive encrypted messages, you have to pay Twitter for the ability to do so. Platforms like WhatsApp, Messenger, Signal and iMessage already offer encrypted messages for free, so having to pay for the feature on Twitter can be a tough pill to swallow.
According to the document, encrypted DMs are only available if you’re a verified user (someone like paying for Twitter Blue), a verified organization (an organization which pays $1000 per month), or an affiliate of a confirmed organization (which costs $50 per month per person). Both sender and recipient must be on the latest version of the Twitter app (on mobile and online). And an encrypted DM recipient must be following the sender, have messaged the sender in the past, or accepted a DM request from the sender at some point.
If you are a person who can send encrypted messages to someone who can receive them, you will see a lock switch while creating a message. In an encrypted conversation, you will also see a small lock icon next to the avatar of the person you are chatting with. Encrypted DMs will be separate from unencrypted.
Encrypted DMs currently have a few limitations and a very large bug. You can only send them in one-on-one conversations; Twitter says it will “soon” bring the feature to groups. You can only send text and links. And Twitter warns that it has no protection against man-in-the-middle attacks. “As a result, if someone — such as a malicious insider or Twitter itself as a result of a mandatory legal process — were to compromise an encrypted conversation, neither the sender nor the recipient would know,” Twitter says.
The company is planning mechanisms to make man-in-the-middle attacks more difficult and notify users if they occur. “As Elon Musk said, when it comes to instant messaging, the default should be if someone puts a gun to our head, we still don’t have access to your messages,” the company wrote. – We are not quite there yet, but we are working on it.
Twitter also notes that while messages and reactions to encrypted DMs are encrypted, metadata (recipient, creation time, etc.) is not, nor is any linked content (only the links themselves, not any content they refer to, are encrypted). “
Encrypted DMs seem to be a priority for Musk; it’s a feature he outlined as part of “Twitter 2.0” for employees in November. But blue ticks are already unpopular enough, and I doubt that forcing you to pay for an important feature you can easily get for free elsewhere is going to improve their reputation.