“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.

“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.

“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.

What are you basing your doubts on? When has X under Musk had anything happen to doubt their encryption? You think the guy fighting for free speech and ending people getting in trouble for what they say is going to lie about this?

The guy who champions free speech?

“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.

Were you being serious with that or sarcastic?

When has X under Musk had anything happen to doubt their encryption?

Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.

There's plenty of other stories out there of Musk's ego interfering with his staff's ability to do their jobs properly.

Most recently, the new DOGE has suffered substantial security lapses, associated with under-hiring and under-provisioning against cyber security threats, under Musk's leadership.

Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter's own staff, training, technology or processes. This was arguably not a huge problem for an almost fully public messaging platform, but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.

The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff. X arguably has little to none of that going for it, today.

There's very little reason to assume that X, under Musk's current leadership, has correctly securely implemented end-to-end encryption, and there are reasonable reasons for people to fear that E2EE developed at X may have serious security flaws.

there's no way for anyone, including X, to read your messages.

That defeats the purpose of a messaging platform.

I know what they meant, but the phrasing is so, so stupid. Anyone who is considering this platform, should think twice before doing so. If they get the phrasing of such a simple sentiment this, incoherently wrong, what does their code look like and what do the encryption protocols look like? If I'd have to guess... AI slop.

I don't think I'm going to trust them. Besides 4 digit pass is very easy to crack.

I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn't of any help here given it's kinda random with shared seed). I, however, doubt it's done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn't be stored in plaintext after you've entered it), and, secondly, that'll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.

Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter's servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.

Are you? Because X is the only platform that's legally fighting against government ordered censorship. X is the only social media platform that pretty much only bans you if you break the law, instead of banning you the second you question the echo chambers preferred message.

It’s not. They have been caught steering traffic over and over again. If you say anything Elon dislikes and it starts getting attention, their algorithm will hide your posts once Elon tells it to. Elon LOVES censorship so long as he’s in control of it.

Most recently, the new DOGE has suffered substantial security lapses,

Did they? What? The made up ones where people claimed that DOGE gave russian hackers access to databases despite DOGE never even requesting access to their systems?

Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter’s own staff, training, technology or processes.

Funny that you say this after you said this:

Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.

So twitters staff, training, technology and processes were the source of these embarrassing incidents.......but then Musk shouldn't have gotten rid of them?

but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.

And there's nothing to say that it is incorrectly implemented other than hopes and dreams by people who want it to be.

The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff.

Absolutely not true lol. Secure end to end encryption is a solved problem. It's not hard to implement.

It's not hard to implement.

Oh sweet summer child.

You don't just log in to their new chat with a 4 digit pass key lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be "hacked" in order to even get to the 4 digit password.

The phrasing is only stupid if you are trying to have an issue with it. Obviously you and the person you're chatting to can read your messages. That doesn't need to be said, it's inferred.

End to End Encryption is easy. Why do you guys all seem to think it's hard?

They specifically say they can not decrypt your messages.

Why does everyone in here think that E2E encryption is some insanely hard new thing? It's been "solved" for years lol. It's not hard to do.

Rules were put in place to stop trackers like that as they are massive security risks, borderline doxing.