In a new support document, Twitter detailed what to expect from the first version of the platform’s encrypted direct messages. Perhaps most notably, in order to send and receive encrypted messages, you have to pay Twitter for the ability to do so. Platforms like WhatsApp, Messenger, Signal, and iMessage already offer encrypted messages for free, so having to pay for the feature on Twitter can be a tough pill to swallow.
According to the document, encrypted DMs are only available if you’re an authenticated user (someone who has pays for Twitter Blue), a verified organization (an organization that pays $1,000 per month), or an affiliate of a verified organization (which costs $50 per month per person). Both the sender and recipient must be using the latest version of the Twitter app (on mobile and web). And an encrypted DM recipient must track the sender, have sent a message to the sender in the past, or accept a DM request from the sender at some point.
If you’re a person who can send encrypted messages to someone who can receive them, you’ll see a lock while composing a message. In an encrypted conversation, you will also see a small lock next to the avatar of the person you are chatting with. Encrypted DMs are separate from unencrypted DMs.
Encrypted DMs currently have some limitations and a very big flaw. You can only send them in one-to-one conversations; Twitter says it will bring the feature to groups “soon”. You can only send text and links. And Twitter warns that it offers no protection against man-in-the-middle attacks. “If someone — say, a malicious insider, or Twitter itself as a result of a mandatory legal process — were to compromise an encrypted conversation, neither the sender nor the recipient would know about it,” Twitter says.
The company is planning mechanisms to make man-in-the-middle attacks more difficult and alert users if one happens. “As Elon Musk said, when it comes to direct messages, the norm should be that if someone puts a gun to our head, we still can’t access your messages,” the company wrote. “We’re not quite there yet, but we’re working on it.”
Twitter also notes that while posts and responses to encrypted DMs are encrypted, “metadata (recipient, creation time, etc.) are not, and neither is any linked content (only the links themselves, not the content they point to, are encrypted) .”
Encrypted DMs seem to be a priority for Musk; it’s a feature he outlined in November as part of “Twitter 2.0” for employees. But blue ticks aren’t popular enough already, and I doubt it will improve their reputation if they force you to pay for an important feature that you can easily get for free elsewhere.