X launches E2E encrypted Chat

Submitted ⁨⁨9⁩ ⁨months⁩ ago⁩ by ⁨FreedomAdvocate@lemmy.net.au⁩ to ⁨technology@lemmy.world⁩

https://lemmy.net.au/pictrs/image/fa68c2ab-8ae2-4803-8943-5266a7f11fa0.jpeg

“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.

source

Comments

Sort:hotnew top

muusemuuse@lemm.ee ⁨9⁩ ⁨months⁩ ago
Dude, even X’s AI, Grok, distrusts the CEO.

source
01189998819991197253@infosec.pub ⁨9⁩ ⁨months⁩ ago

there’s no way for anyone, including X, to read your messages.

That defeats the purpose of a messaging platform.

I know what they meant, but the phrasing is so, so stupid. Anyone who is considering this platform, should think twice before doing so. If they get the phrasing of such a simple sentiment this, incoherently wrong, what does their code look like and what do the encryption protocols look like? If I’d have to guess… AI slop.

source
- FreedomAdvocate@lemmy.net.au ⁨9⁩ ⁨months⁩ ago
  The phrasing is only stupid if you are trying to have an issue with it. Obviously you and the person you’re chatting to can read your messages.
  
  source
  - rottingleaf@lemmy.world ⁨9⁩ ⁨months⁩ ago
    Encryption is easy, safe key exchange and extension (or whatever it’s called) for messages longer than the key is harder to make right. If every pair of people on the planet had a common ethereal endless source of entropy, then all they’d have to do is encrypt messages with it and provide address in that source.
    
    OK, I should go offline for some time
    
    source
mitexleo@buddyverse.one ⁨9⁩ ⁨months⁩ ago
I don’t think I’m going to trust them. Besides 4 digit pass is very easy to crack.

source
- FreedomAdvocate@lemmy.net.au ⁨9⁩ ⁨months⁩ ago
  You don’t just log in to their new chat with a 4 digit pass lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be “hacked” in order to even get to the 4 digit password.
  
  source
  - mitexleo@buddyverse.one ⁨9⁩ ⁨months⁩ ago
    I was thinking about X employees accessing the chat…
    
    source
punkcoder@lemmy.world ⁨9⁩ ⁨months⁩ ago
Someones afraid of their dealer getting caught…

source
reivilo@lemmy.world ⁨9⁩ ⁨months⁩ ago
Like every news from X I’ll pretend I did nazi it

source
UnfortunateShort@lemmy.world ⁨9⁩ ⁨months⁩ ago
Platform from a whiny, fascist asshole for whiny, fascist assholes. Not that everyone on that platform is one, some might just have a high tolerance for bs

source
HyperfocusSurfer@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
Lmfao, 4 digit password? That’s like 1 femtosecond to bruteforce given whoever tries to access your messages isn’t rate-limited *ahem, feds*

source
- FreedomAdvocate@lemmy.net.au ⁨9⁩ ⁨months⁩ ago
  That’s a 4 digits password behind your account password and 2FA lol.
  
  source
  - HyperfocusSurfer@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
    I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn’t of any help here given it’s kinda random with shared seed). I, however, doubt it’s done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn’t be stored in plaintext after you’ve entered it), and, secondly, that’ll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.
    
    Then, if it works how I assume it does, i.e. the actual encryption key is stored on the sitter’s servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.
    
    source
    -> View More Comments
carrion0409@lemm.ee ⁨9⁩ ⁨months⁩ ago
I dont buy the security of that shit for a second.

source
gravistar@lemmy.world ⁨9⁩ ⁨months⁩ ago
Image

source
kipo@lemm.ee ⁨9⁩ ⁨months⁩ ago
Who holds the encryption keys? If it’s X/Twiiter, I wouldn’t trust it at all, especially considering who owns it.

source
- FreedomAdvocate@lemmy.net.au ⁨9⁩ ⁨months⁩ ago
  The guy who champions free speech?
  
  source
  - muusemuuse@lemm.ee ⁨9⁩ ⁨months⁩ ago
    Were you being serious with that or sarcastic?
    
    source
    -> View More Comments
  - roofuskit@lemmy.world ⁨9⁩ ⁨months⁩ ago
    I prefer to judge people by their actions, not by the bullshit they spew. If you really think he champions free speech you are not at all paying attention to his actions.
    
    source
  - DarkDarkHouse@lemmy.sdf.org ⁨9⁩ ⁨months⁩ ago
    Elon Musk says he champions free speech. He does not.
    
    source
wwb4itcgas@lemm.ee ⁨9⁩ ⁨months⁩ ago
Haha! Yeah, sure it is.

source
FreedomAdvocate@lemmy.net.au ⁨9⁩ ⁨months⁩ ago
Maybe the mods should add another rule to the sidebar saying only negative X posts are allowed, since that’s clearly all the “community” wants lol

source
- yoshisaur@lemm.ee ⁨9⁩ ⁨months⁩ ago
  I think it’s because many people (including me) doubt it’s actually private and secure. The last thing you should ever trust xitter with is your piracy and security. If it actually is private and secure, that’s great
  
  source
  - FreedomAdvocate@lemmy.net.au ⁨9⁩ ⁨months⁩ ago
    What are you basing your doubts on? When has X under Musk had anything happen to doubt their encryption? You think the guy fighting for free speech and ending people getting in trouble for what they say is going to lie about this?
    
    source
    -> View More Comments
StrawberryPigtails@lemmy.sdf.org ⁨9⁩ ⁨months⁩ ago
Somehow I don’t believe them.

source
Blemgo@lemmy.world ⁨9⁩ ⁨months⁩ ago
The question is whether this actually is E2EE, as it’s easy to fake by using a man in the middle attack and hard to prove. The only real way to prove it for sure is to run a third party security audit, like Signal does.

Taking down the old system doesn’t inspire confidence either, as this downtime could easily been used to interrupt old conversations in order to implement a way to decrypt the messages on the servers before passing it on to the actual recipient, as all keys would have to be re-issued.

source
just_another_person@lemmy.world ⁨9⁩ ⁨months⁩ ago
Sure as hell wouldn’t trust it unless they publish their trust system docs and verification tools.

source
- thedruid@lemmy.world ⁨9⁩ ⁨months⁩ ago
  With recent advances, there is nothing released online that can be believed. A. I fakes are everywhere and in everything
  
  So I wouldn’t trust them even then.
  
  source
  - just_another_person@lemmy.world ⁨9⁩ ⁨months⁩ ago
    Untrue. Many Zero-Trust platforms out there that give you the tools to confirm when you are in fact e2e encrypted. They publish their docs, open source their tools, and give verification tools to check.
    
    source
    -> View More Comments
- skankhunt42@lemmy.ca ⁨9⁩ ⁨months⁩ ago
  Even then, lots of other options…
  
  source
tal@lemmy.today ⁨9⁩ ⁨months⁩ ago
zdnet.com/…/twitter-rolls-out-encryption-for-dire…

Twitter rolls out encryption for direct messages but with key limitations

Both the sender and recipient must be verified, while group conversations and attached media aren’t supported by the encryption.

For an existing chat, tap the Info icon. If the option is available, you’ll see a button for Start an encrypted message that you can just click. For a new chat, turn on the switch to enable encrypted mode. Write your message, and then send it.

So what is the difference between what they’re rolling out and what they added in 2023? Support for more users, maybe?

source