X launches E2E encrypted Chat
Technology
55
Beiträge
23
Kommentatoren
248
Aufrufe
-
That’s a 4 digits password behind your account password and 2FA lol.
I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn't of any help here given it's kinda random with shared seed). I, however, doubt it's done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn't be stored in plaintext after you've entered it), and, secondly, that'll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.
Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter's servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.
-
The guy who champions free speech?
I prefer to judge people by their actions, not by the bullshit they spew. If you really think he champions free speech you are not at all paying attention to his actions.
-
What are you basing your doubts on? When has X under Musk had anything happen to doubt their encryption? You think the guy fighting for free speech and ending people getting in trouble for what they say is going to lie about this?
Twitter suspends journalists who have been covering Elon Musk and the company
Twitter on Thursday evening suddenly suspended several high-profile journalists who cover the platform and Elon Musk, one of the richest people in the world,
NBC News (www.nbcnews.com)
-
“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
Someones afraid of their dealer getting caught…
-
“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
I don't think I'm going to trust them. Besides 4 digit pass is very easy to crack.
-
“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
there's no way for anyone, including X, to read your messages.
That defeats the purpose of a messaging platform.
I know what they meant, but the phrasing is so, so stupid. Anyone who is considering this platform, should think twice before doing so. If they get the phrasing of such a simple sentiment this, incoherently wrong, what does their code look like and what do the encryption protocols look like? If I'd have to guess... AI slop.
-
What are you basing your doubts on? When has X under Musk had anything happen to doubt their encryption? You think the guy fighting for free speech and ending people getting in trouble for what they say is going to lie about this?
When has X under Musk had anything happen to doubt their encryption?
Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.
There's plenty of other stories out there of Musk's ego interfering with his staff's ability to do their jobs properly.
Most recently, the new DOGE has suffered substantial security lapses, associated with under-hiring and under-provisioning against cyber security threats, under Musk's leadership.
Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter's own staff, training, technology or processes. This was arguably not a huge problem for an almost fully public messaging platform, but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.
The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff. X arguably has little to none of that going for it, today.
There's very little reason to assume that X, under Musk's current leadership, has correctly securely implemented end-to-end encryption, and there are reasonable reasons for people to fear that E2EE developed at X may have serious security flaws.
-
The guy who champions free speech?
Were you being serious with that or sarcastic?
-
“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
Dude, even X’s AI, Grok, distrusts the CEO.
-
Were you being serious with that or sarcastic?
Are you? Because X is the only platform that's legally fighting against government ordered censorship. X is the only social media platform that pretty much only bans you if you break the law, instead of banning you the second you question the echo chambers preferred message.
-
When has X under Musk had anything happen to doubt their encryption?
Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.
There's plenty of other stories out there of Musk's ego interfering with his staff's ability to do their jobs properly.
Most recently, the new DOGE has suffered substantial security lapses, associated with under-hiring and under-provisioning against cyber security threats, under Musk's leadership.
Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter's own staff, training, technology or processes. This was arguably not a huge problem for an almost fully public messaging platform, but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.
The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff. X arguably has little to none of that going for it, today.
There's very little reason to assume that X, under Musk's current leadership, has correctly securely implemented end-to-end encryption, and there are reasonable reasons for people to fear that E2EE developed at X may have serious security flaws.
Most recently, the new DOGE has suffered substantial security lapses,
Did they? What? The made up ones where people claimed that DOGE gave russian hackers access to databases despite DOGE never even requesting access to their systems?
Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter’s own staff, training, technology or processes.
Funny that you say this after you said this:
Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.
So twitters staff, training, technology and processes were the source of these embarrassing incidents.......but then Musk shouldn't have gotten rid of them?
but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.
And there's nothing to say that it is incorrectly implemented other than hopes and dreams by people who want it to be.
The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff.
Absolutely not true lol. Secure end to end encryption is a solved problem. It's not hard to implement.
-
there's no way for anyone, including X, to read your messages.
That defeats the purpose of a messaging platform.
I know what they meant, but the phrasing is so, so stupid. Anyone who is considering this platform, should think twice before doing so. If they get the phrasing of such a simple sentiment this, incoherently wrong, what does their code look like and what do the encryption protocols look like? If I'd have to guess... AI slop.
The phrasing is only stupid if you are trying to have an issue with it. Obviously you and the person you're chatting to can read your messages. That doesn't need to be said, it's inferred.
End to End Encryption is easy. Why do you guys all seem to think it's hard?
-
Twitter suspends journalists who have been covering Elon Musk and the company
Twitter on Thursday evening suddenly suspended several high-profile journalists who cover the platform and Elon Musk, one of the richest people in the world,
NBC News (www.nbcnews.com)
Rules were put in place to stop trackers like that as they are massive security risks, borderline doxing.
-
I don't think I'm going to trust them. Besides 4 digit pass is very easy to crack.
You don't just log in to their new chat with a 4 digit pass key lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be "hacked" in order to even get to the 4 digit password.
-
I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn't of any help here given it's kinda random with shared seed). I, however, doubt it's done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn't be stored in plaintext after you've entered it), and, secondly, that'll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.
Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter's servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.
They specifically say they can not decrypt your messages.
Why does everyone in here think that E2E encryption is some insanely hard new thing? It's been "solved" for years lol. It's not hard to do.
-
Are you? Because X is the only platform that's legally fighting against government ordered censorship. X is the only social media platform that pretty much only bans you if you break the law, instead of banning you the second you question the echo chambers preferred message.
It’s not. They have been caught steering traffic over and over again. If you say anything Elon dislikes and it starts getting attention, their algorithm will hide your posts once Elon tells it to. Elon LOVES censorship so long as he’s in control of it.
-
It’s not. They have been caught steering traffic over and over again. If you say anything Elon dislikes and it starts getting attention, their algorithm will hide your posts once Elon tells it to. Elon LOVES censorship so long as he’s in control of it.
You've got zero evidence of that lol. Their algorithm is open source btw.
-
Most recently, the new DOGE has suffered substantial security lapses,
Did they? What? The made up ones where people claimed that DOGE gave russian hackers access to databases despite DOGE never even requesting access to their systems?
Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter’s own staff, training, technology or processes.
Funny that you say this after you said this:
Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.
So twitters staff, training, technology and processes were the source of these embarrassing incidents.......but then Musk shouldn't have gotten rid of them?
but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.
And there's nothing to say that it is incorrectly implemented other than hopes and dreams by people who want it to be.
The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff.
Absolutely not true lol. Secure end to end encryption is a solved problem. It's not hard to implement.
It's not hard to implement.
Oh sweet summer child.
-
It's not hard to implement.
Oh sweet summer child.
Software developer with 20+ years of experience here, but go on, tell me all about how it's hard
-
You don't just log in to their new chat with a 4 digit pass key lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be "hacked" in order to even get to the 4 digit password.
I was thinking about X employees accessing the chat..
