Like many other social media apps these days, X (Twitter) offers an encrypted messaging option for users. However, the way it was implemented has some major limitations and barriers, making it a lot less useful than other apps with encrypted messaging.
The stated goal of X in implementing encrypted messaging is to increase the security of messages, with the Help Center post about it quoting X owner Elon Musk saying that “the standard should be, if someone puts a gun to our heads, we still can’t access your messages.” But notably, not all messages can be encrypted, and only certain people can send them. Here’s everything you need to know about X’s end-to-end encryption and how it falls short of other examples.
What Is Encrypted Messaging?
Encryption is the process of scrambling data so that only authorized people with the right cryptographic key can read the data. In the case of messaging, that means that only the sender and intended recipient of the message can read the message, and nobody else can, including the server of the app the message is being sent on. This is known as end-to-end encryption, meaning only the two people on each end of the message can see it because they hold the cryptographic keys, while anyone in the middle—be it anyone with access to the servers or hackers—can’t.
This secure messaging is important for people who don’t want their messages being intercepted, such as people sending sensitive information to journalists, activists engaging in organizing, anyone wanting to share sensitive information like passwords or documents, and the list goes on. Most popular messaging apps allow for encrypted messaging or use it as a default, like WhatsApp, Facebook Messenger, Instagram, Signal, Telegram, and iMessage.
How You Can Have Encrypted Conversations on X
To enable encrypted messaging on X, you have to be subscribed to X Premium, and the person you’re sending a message has to be too. You both have to be using the latest version of the X app, and you have to have sent at least one message to the other person prior. So you can’t send an encrypted message request to someone else; you need to have that message request accepted first.
From the conversation window, if you press the information icon in the corner, you’ll see text that says “Start an encrypted message” underneath their user information. After you send the message, you’ll see at the top of the conversation that it says, “Messages are encrypted.”
The Limitations of X’s Encryption
While having the option of encrypted messaging on X is great, there are a few caveats to its implementation. In fact, there are enough caveats that it begs the question of why X even implemented encrypted messaging in the first place with so many limitations and why users wouldn’t just opt to use another service that doesn’t have the same limitations in place.
First, both the sender and recipient need to be paying X users. This means both people have to shell out at least $8 per month, and while X Premium does have other features, the actual worth of those features is subjective. So, if you’re primarily interested in encrypted messaging, $8 is a lot to pay for something you can do for free on a ton of other widely used platforms.
X’s encrypted messaging also only applies to text, meaning media isn’t encrypted. So, any video or picture you send in a supposedly encrypted conversation on X isn’t going to be encrypted. This means that, for example, if you wanted to share photos of confidential documents with someone, those pictures would be relatively easy to intercept. This could have major professional or legal ramifications for whistleblowers using direct messages on X to communicate with journalists.
Moreover, the metadata of each encrypted message is not actually encrypted. So, if a bad actor were to intercept a conversation, they may not see the message itself, but they can see who is sending it and the time it was sent. This can be a major security risk for anyone who is intercepted while talking to someone they don’t want anyone knowing they’re talking to, such as in the previous example of whistleblowers and journalists, activists, or even people in dangerous situations communicating with people who can help them. Linked content is also not encrypted, which can open even more doors for potential problems.
Group messages also aren’t able to be encrypted. No matter what, any message you send in a group chat, regardless of whether everyone in the chat pays for X Premium, won’t be encrypted. As such, you should never share any private or confidential information that you wouldn’t want to be intercepted in an X group chat because it’s unclear if or when group chat messages will be eligible for encryption.
Knowing all of this about X’s encrypted messaging, it really doesn’t seem that secure. If the stated standard is that nobody at X can access your messages even with a gun to their heads, they’re not exactly doing a great job of that. If you want to send a message to someone that you absolutely don’t want to be intercepted, go with a trusted app that will always encrypt your messages no matter what.
Which app should you use instead for secure messaging?
The most trusted option for secure messaging with end-to-end encryption is Signal. Signal is free and open-source, so anybody can inspect the source code to find potential issues and vulnerabilities and report or fix them. Being open-source provides transparency to users so they can be sure that the app is working as it should. Signal is widely used by investigative journalists, cybersecurity experts, activists, and government officials.
Telegram is another app frequently used for encrypted conversations, but it’s worth noting that Telegram conversations are not encrypted by default. You have to initiate a secret chat in order to send encrypted messages. Additionally, Telegram can always hand over information to law enforcement agencies, so it’s not the safest way to communicate.
Another really popular option is WhatsApp, which also employs end-to-end encryption. However, a lot of people don’t trust WhatsApp as much as Signal because Meta owns it. The metadata of WhatsApp messages is unencrypted and stored by Meta, is used within the company itself, and can be handed over to law enforcement agencies if requested. For the same reason, using encrypted messaging on Instagram or Facebook Messenger isn’t as secure as it could be.
Now that you know about X’s shortcomings when it comes to secure encrypted messaging, you can better make an informed decision about where and how you send messages. It’s always better to be safe than sorry, so I recommend sticking to a free app that will encrypt your messages no matter what.
