Twitter's new encrypted DMs aren't better than the old ones

Original Article ↗ Hacker News Discussion ↗

Meaning of “Bitcoin-style encryption”

  • Many see the phrase as vague marketing meant to sound advanced rather than technically precise.
  • Some speculate it might refer to Merkle trees or blockchain-style public key registries, but others note this would be huge/complex to implement properly at Twitter scale.
  • Clarification: in a real Merkle-tree design you only ship a small root hash and short proofs, not a giant key database, but this still relies on trusting whoever sets that root.

Security Model and Key Distribution

  • Core criticism from the article is echoed: X’s encrypted DMs lack forward secrecy; compromise of keys allows decryption of all past traffic.
  • Users note you still rely on X’s servers to get the other party’s public key, with no robust out-of-band verification, making MITM attacks possible.
  • A prior HN thread is cited where the same author concluded this is “nowhere near” meaningful E2EE.

Comparisons to Signal and Other Messengers

  • Signal is presented as a better alternative due to forward secrecy, open-source code, reproducible builds (on Android), and community audits.
  • Others push back that any auto-updating client can be backdoored in theory, especially on platforms like iOS where binary verification is hard.
  • Discussion touches on targeted malicious updates, binary transparency logs, and the fact that even open ecosystems (e.g., OpenSSH/xz incident) can be compromised.
  • Briar is praised for tying identity directly to cryptographic keys (not phone numbers) and avoiding misleading abstractions.

Trust in Big Platforms and Governments

  • Some argue large platforms’ crypto is inherently suspect due to legal/secret pressure (FBI/FISA, historical backdoors like Crypto AG).
  • Others correct or narrow claims about FISA court powers but agree coercion and secrecy are real issues.

App Quality vs. Encryption

  • A few commenters express indifference to E2EE on X, prioritizing usability and basic DM quality.
  • Skepticism appears about any closed-source “E2EE” marketing, especially when X’s chosen crypto wrapper library labels itself experimental.

Branding, Naming, and Platform Direction

  • Several insist on still calling it “Twitter” for political, practical (searchability), or anti-rebrand reasons; “X” is widely viewed as a confusing, weak name.
  • Large subthread debates whether X is now a “free speech” venue vs. a hate-speech-dominated platform with inconsistent, personality-driven moderation.