I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn't of any help here given it's kinda random with shared seed). I, however, doubt it's done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn't be stored in plaintext after you've entered it), and, secondly, that'll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.

Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter's servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.

Are you? Because X is the only platform that's legally fighting against government ordered censorship. X is the only social media platform that pretty much only bans you if you break the law, instead of banning you the second you question the echo chambers preferred message.

It’s not. They have been caught steering traffic over and over again. If you say anything Elon dislikes and it starts getting attention, their algorithm will hide your posts once Elon tells it to. Elon LOVES censorship so long as he’s in control of it.

Most recently, the new DOGE has suffered substantial security lapses,

Did they? What? The made up ones where people claimed that DOGE gave russian hackers access to databases despite DOGE never even requesting access to their systems?

Even before Twitter was aquired, Twitter had an embarrassing memorable history with public figures suffering from security incidents caused by Twitter’s own staff, training, technology or processes.

Funny that you say this after you said this:

Musk routinely hires young unqualified technicians, and abused, laid off, or otherwise alienated much of the top talent at Twitter, in the name of cost savings.

So twitters staff, training, technology and processes were the source of these embarrassing incidents.......but then Musk shouldn't have gotten rid of them?

but could be disasterous for anyone relying on this new E2EE solution, if it is incorrectly implemented.

And there's nothing to say that it is incorrectly implemented other than hopes and dreams by people who want it to be.

The talent needed to correctly implement secure end to end encryption is rare, on a good day, for a good employer with a strong history of loyalty to their staff.

Absolutely not true lol. Secure end to end encryption is a solved problem. It's not hard to implement.

It's not hard to implement.

Oh sweet summer child.

You don't just log in to their new chat with a 4 digit pass key lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be "hacked" in order to even get to the 4 digit password.

The phrasing is only stupid if you are trying to have an issue with it. Obviously you and the person you're chatting to can read your messages. That doesn't need to be said, it's inferred.

End to End Encryption is easy. Why do you guys all seem to think it's hard?

They specifically say they can not decrypt your messages.

Why does everyone in here think that E2E encryption is some insanely hard new thing? It's been "solved" for years lol. It's not hard to do.

Rules were put in place to stop trackers like that as they are massive security risks, borderline doxing.

You've got zero evidence of that lol. Their algorithm is open source btw.

See the “lol” everyone? It means he’s trying make my assertion sound ridiculous because he didn’t have a way to counter it and doesn’t want believe it. People do this on the internet so they can pretend they are winning.