from the it’s-not-as-easy-as-he-thinks dept
We’ve been somewhat critical of Elon Musk‘s tenure as Twitter owner and CEO (I think for fairly good reasons), but he does have a few good ideas. Lead among them, wanting to enable encrypted direct messages (DMs). He’s mentioned it before, but also had this slide in a recent internal presentation he gave:
There’s not much to go on with that slide, given that… it just says “Encrypted DMs” and appears to have an image of… existing, unencrypted DMs.
However, Jane Manchun Wong, who is basically a wizard in sniffing out new features and new code being tested on Twitter (and elsewhere) notes that she’s seen snippets of code referencing Signal Protocol for encrypted DMs already showing up inside the Twitter iOS app.
Of course, it appears that’s old code. Like so many things that Elon trots out, these were ideas that Twitter was already exploring, though it did appear that encrypted DMs was shelved. Jane had also spotted encrypted DM testing all the way back in early 2018 as well.
That said, it looks like the new code… is just the old code that Twitter had worked on being dusted off. Former Twitter engineer Brandon Carpenter notes that the code that Jane spotted was really his own code from that 2018 test, quote tweeting Jane and noting “Oh look! Some code I wrote four years ago.”
For what it’s worth, Brandon also laid out one of the issues they had back in 2018, which was in the process of trying to obtain a license from Signal, Moxie Marlinspike, Signal’s founder, ghosted them for weeks when he just decided to go sailing without telling anyone. I’ve seen some people question why anyone would need a license from Signal, considering that Signal Protocol is an open protocol that anyone can use. But, it’s not easy to do it right, and there are many, many reasons to get Signal’s seal of approval before trusting the encryption.
On a… let’s say related note… Twitter’s former Chief Information Security Officer, Lea Kissner wrote out a very interesting and useful thread about the general pitfalls of trying to implement end-to-end encryption, especially in a web app. Suffice it to say it is not easy, and is not something you rush through or things are going to go very, very badly. There are big questions to consider, including how do you handle lost keys, how do you handle stolen keys, how do you handle abuse, and much, much more.
This has all proven challenging for others as well, including Facebook’s very slow efforts to roll out more end-to-end encryption among its various messaging products with a much larger team.
Still, it’s good that Elon considers this important, and one hopes that he can actually get it done, and at least implement less bad answers to some of the many questions that have stymied other teams looking to implement end-to-end encryption. Of course, it may also mean being willing to stand up against government demands and threats regarding encryption, something that we don’t know if Elon is actually willing to do.
On the whole, though, even as he’s made many other mistakes, it’s worth celebrating his stated support for more encrypted messaging.
Filed Under: e2ee, elon musk, encryption, end to end encryption, signal protocol
Companies: signal, twitter
