Submitted 4 days ago by FreedomAdvocate@lemmy.net.au to technology@lemmy.world
https://lemmy.net.au/pictrs/image/fa68c2ab-8ae2-4803-8943-5266a7f11fa0.jpeg
“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
Who holds the encryption keys? If it’s X/Twiiter, I wouldn’t trust it at all, especially considering who owns it.
The guy who champions free speech?
Elon Musk says he champions free speech. He does not.
Were you being serious with that or sarcastic?
I prefer to judge people by their actions, not by the bullshit they spew. If you really think he champions free speech you are not at all paying attention to his actions.
Like every news from X I’ll pretend I did nazi it
Somehow I don’t believe them.
there’s no way for anyone, including X, to read your messages.
That defeats the purpose of a messaging platform.
I know what they meant, but the phrasing is so, so stupid. Anyone who is considering this platform, should think twice before doing so. If they get the phrasing of such a simple sentiment this, incoherently wrong, what does their code look like and what do the encryption protocols look like? If I’d have to guess… AI slop.
The phrasing is only stupid if you are trying to have an issue with it. Obviously you and the person you’re chatting to can read your messages.
Encryption is easy, safe key exchange and extension (or whatever it’s called) for messages longer than the key is harder to make right. If every pair of people on the planet had a common ethereal endless source of entropy, then all they’d have to do is encrypt messages with it and provide address in that source.
OK, I should go offline for some time
The question is whether this actually is E2EE, as it’s easy to fake by using a man in the middle attack and hard to prove. The only real way to prove it for sure is to run a third party security audit, like Signal does.
Taking down the old system doesn’t inspire confidence either, as this downtime could easily been used to interrupt old conversations in order to implement a way to decrypt the messages on the servers before passing it on to the actual recipient, as all keys would have to be re-issued.
I don’t think I’m going to trust them. Besides 4 digit pass is very easy to crack.
You don’t just log in to their new chat with a 4 digit pass lol. You need to be logged in to X, meaning password and (hopefully) 2FA would need to be “hacked” in order to even get to the 4 digit password.
I was thinking about X employees accessing the chat…
Dude, even X’s AI, Grok, distrusts the CEO.
Haha! Yeah, sure it is.
Lmfao, 4 digit password? That’s like 1 femtosecond to bruteforce given whoever tries to access your messages isn’t rate-limited *ahem, feds*
That’s a 4 digits password behind your account password and 2FA lol.
I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn’t of any help here given it’s kinda random with shared seed). I, however, doubt it’s done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn’t be stored in plaintext after you’ve entered it), and, secondly, that’ll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.
Then, if it works how I assume it does, i.e. the actual encryption key is stored on the sitter’s servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.
Platform from a whiny, fascist asshole for whiny, fascist assholes. Not that everyone on that platform is one, some might just have a high tolerance for bs
Someones afraid of their dealer getting caught…
zdnet.com/…/twitter-rolls-out-encryption-for-dire…
Twitter rolls out encryption for direct messages but with key limitations
Both the sender and recipient must be verified, while group conversations and attached media aren’t supported by the encryption.
For an existing chat, tap the Info icon. If the option is available, you’ll see a button for Start an encrypted message that you can just click. For a new chat, turn on the switch to enable encrypted mode. Write your message, and then send it.
So what is the difference between what they’re rolling out and what they added in 2023? Support for more users, maybe?
Maybe the mods should add another rule to the sidebar saying only negative X posts are allowed, since that’s clearly all the “community” wants lol
I think it’s because many people (including me) doubt it’s actually private and secure. The last thing you should ever trust xitter with is your piracy and security. If it actually is private and secure, that’s great
What are you basing your doubts on? When has X under Musk had anything happen to doubt their encryption? You think the guy fighting for free speech and ending people getting in trouble for what they say is going to lie about this?
I dont buy the security of that shit for a second.
just_another_person@lemmy.world 4 days ago
Sure as hell wouldn’t trust it unless they publish their trust system docs and verification tools.
skankhunt42@lemmy.ca 4 days ago
Even then, lots of other options…
thedruid@lemmy.world 4 days ago
With recent advances, there is nothing released online that can be believed. A. I fakes are everywhere and in everything
So I wouldn’t trust them even then.
just_another_person@lemmy.world 4 days ago
Untrue. Many Zero-Trust platforms out there that give you the tools to confirm when you are in fact e2e encrypted. They publish their docs, open source their tools, and give verification tools to check.