[HN Gopher] Twitter's new encrypted DMs aren't better than the o...
___________________________________________________________________
Twitter's new encrypted DMs aren't better than the old ones
Author : tabletcorry
Score : 171 points
Date : 2025-06-05 13:37 UTC (9 hours ago)
(HTM) web link (mjg59.dreamwidth.org)
(TXT) w3m dump (mjg59.dreamwidth.org)
| diggan wrote:
| > All new XChat is rolling out with encryption [...] This is
| built on Rust with (Bitcoin style) encryption
|
| What does "Bitcoin style encryption" mean? Isn't Bitcoin mostly
| relying on cryptographic signatures rather than "encryption" as
| we commonly know it?
| 77pt77 wrote:
| It's just a buzzword meant to add perceived value.
| nicce wrote:
| For me it feels like that after sending messages over 5
| years, you need 1TB storage just for the Twitter app.
| thewarpaint wrote:
| The source of that comment is provably not someone with deep
| technical expertise so take that with a grain of salt.
| londons_explore wrote:
| e2e encryption is easy if everyone knows public keys for
| everyone else. This is how GPG works for example.
|
| However, the challenge is distributing those keys in a
| trustworthy way - because if someone can tamper with the keys
| during distribution, they can MITM any connection.
|
| I assume this "bitcoin style" encryption is a blockchain or
| blocktree of every users public key now and throughout history.
| Ship the tree root hash inside the client app, and then every
| user can verify that their own entry in the tree is correct,
| and any user can use the same verified tree to fetch a private
| key for any other user.
| kstrauser wrote:
| I'm not sure you appreciate how large that data structure
| would be if you had to ship it inside the app.
| JustFinishedBSG wrote:
| I'm sure shipping a >150GB file to every user is perfectly
| fine and sound engineering.
| VWWHFSfQ wrote:
| It's not _that_ far off from shipping a 3GB chrome webapp
| disguised as a desktop app (cough electron)
| kstrauser wrote:
| What's a couple orders of magnitude between friends?
| NicolaiS wrote:
| Parent comment writes: "ship[ing] the tree root hash",
| for a merkle tree ("bitcoin style") this would just be a
| single (small) hash no matter the tree size, i.e. 32
| bytes is enough.
| CodesInChaos wrote:
| The idea is to only distribute the root of the tree to a
| client, query the server for the username you want to look
| up, which then returns the key and a short proof that this
| username maps to that key within the hash tree identified
| by the known root.
| kstrauser wrote:
| How is that substantially better than an API that returns
| a user's key?
| londons_explore wrote:
| If the service provider (ie. the X.com servers) are evil,
| then the API can return false data and the client has no
| way to know.
|
| However, with a merkle tree, the root hash is embedded
| into the app, and the servers return the data together
| with info chaining to the merkle root (typically a few
| kilobytes, even if the whole tree is hundreds of
| gigabytes).
|
| With that info, the app can verify the chain to the root
| and be sure that the servers aren't returning false data.
| londons_explore wrote:
| It can be done with Merkel trees. You just ship the root
| hash.
|
| Merkel trees are snapshot/read only though - so you then
| use a bitcoin style Blockchain to ship refreshed versions
| of the root tree hash (you can even ship it in the actual
| bitcoin Blockchain if you like, piggybacking on its proof
| of work to ensure different people don't see different root
| hashes)
| viraptor wrote:
| We pretty much know this can't be practically done in a
| distributed way. Even the public federated stores for gpg
| keys have been flooded so much they stopped being usable.
| paxys wrote:
| It doesn't mean anything, just sounds cool to people who don't
| know the tech well enough. Same reason why your HDMI cable is
| "gold plated for 10x speed!"
| jsheard wrote:
| Gold plating electrical contacts does at least do _something_
| useful though, it helps to prevent oxidization /corrosion. A
| better analogy would be gold plated TOSLINK cables, which
| unfortunately do exist.
| kees99 wrote:
| A lot of quack tech is technically somewhat useful. Oxygen-
| free copper, occasionally used in "audiophile" cables -
| _technically_ is a better electrical conductor (compared to
| regular copper), by a whooping low single-digit %.
|
| Exact same effect could be achieved by making conductor
| that very same single-digit % thicker. Which is an order of
| magnitude cheaper. And ohmic resistance is not _that_
| important for audio-cables anyway.
| jsheard wrote:
| Sure, but we were talking about high-speed digital
| cables, not audio cables. When you're pushing 48gbps over
| copper (as in HDMI 2.1) the cable construction and
| connection integrity absolutely does matter, older HDMI
| cables don't work reliably at those speeds (if at all)
| despite having exactly the same pinout as the newer ones.
| kees99 wrote:
| Gold-plating of contact surface of electric _connectors_
| is indeed genuinely useful, on account of preventing
| contact oxidation.
|
| Assuming good contact in connector(s) is achieved, gold-
| plating does not further help with high-speed signals.
| What matters here - is wire/cable itself, specifically,
| tight control over where conductors are relative to each
| other and insulation, so that impedance is well matched
| throughout, cross-talk is minimized, etc, etc...
| __alexs wrote:
| True audiophiles hold out for Low-background steel
| enclosures.
|
| https://en.wikipedia.org/wiki/Low-background_steel
| seanhunter wrote:
| I can tell you're no connoisseur. Gold-plating a digital
| connector like HDMI makes sure the zeros are really round and
| the ones are really pointy. If you have the right setup you
| can definitely tell the difference.
| 1oooqooq wrote:
| why people keep giving it the good press connotation by calling
| it by the old name?
| jasonlotito wrote:
| It's not a good press connotation. Quite the opposite. As for
| why? The answer is in the article.
|
| > [1] I'll respect their name change once Elon respects his
| daughter
| owebmaster wrote:
| That is an interesting concept as it seems that Elon Musk's
| main battle is against people's right to not be called by an
| old name. Xitter transition have not been very successful.
| jeffhuys wrote:
| It's still running fine for me with actual interesting
| content. I don't get this take, feels like only people who
| don't use it at all (anymore) say it's been a bad transition
| or "X sucks now" but they're not using it.
|
| It's still just Twitter, but you're not being banned anymore.
| So ACTUAL discussions can take place without having the
| thought police running around with a banhammer.
| paulryanrogers wrote:
| "ACTUAL discussions" like what?
|
| Because it would seem hate speech has had quite a surge:
|
| https://journals.plos.org/plosone/article?id=10.1371/journa
| l...
| righthand wrote:
| That's a pretty damning study, post-purchase hate speech
| is nearly half the Twitter content. Sounds like hate
| speech is the "actual discussions".
| jeffhuys wrote:
| That seems like a weird take. If 80% of the internet is
| spam (which it very well could be), is spam the internet?
|
| I guess censorship is a popular thing now on HN. Never
| thought I would see all you people advocating FOR
| censorship. I'm happy Elon seems unmoving in his stance
| on this. We need to progress.
| righthand wrote:
| The internet isn't Twitter, people aren't advocating for
| censoring the internet, they're advocating for censoring
| a person on a digital service platform. If you don't
| think you'd see people advocating for censorship on
| HackerNews then you don't understand what HN platform is,
| because bans, downvotes, flagging, etc are all types of
| censorship.
|
| If you don't like the platform censoring you, go
| somewhere else or do what Elon did and buy the platform
| and change the rules for yourself.
| jeffhuys wrote:
| Of course it surges when you re-instate complete free
| speech. But now you could interact with them, discuss
| with them, maybe sway them another way. Or you just
| ignore them and scroll away, or even block them, so the
| algorithm knows you don't want that content.
|
| They're already being pulled down by the alg. It's just
| allowed now, and why shouldn't it be? I think it's better
| for humanity overall if these people are not pushed into
| a small echo-chamber but instead can speak freely and
| openly.
|
| We should go back to sticks & stones. Let hate flow off
| you and instead look for love, which is also still there.
| bananapub wrote:
| > Of course it surges when you re-instate complete free
| speech.
|
| what? Elon routinely complies with random countries
| asking him to ban users, and routinely bans people he
| personally doesn't like. he even banned someone who was
| just reposting public flight data!
|
| what on earth does "complete free speech" mean to you??!
| jeffhuys wrote:
| Routinely? I doubt that. Of course I don't agree with
| everything he does, but I agree with his vision.
| paulryanrogers wrote:
| His vision seems to be "freedom for me, not for thee"
| jeffhuys wrote:
| Nice. Good discussion.
| Vortigaunt wrote:
| First thing that pops up on google:
|
| https://www.washingtonpost.com/technology/2024/09/25/elon
| -mu...
|
| Anyone still swayed by his vision is painfully naive
| righthand wrote:
| And when all the hate speech proponents flood the
| platform with bots? What happens when pushing down is not
| enough because there is too much? What happens when there
| are so many new accounts posting hate speech you can't
| block them either. Free speech and word detection
| algorithms are not good moderation they are lazy
| moderation that refuses to address the problem most
| people have with Twitter.
|
| Twitter is not the US and does not guarantee free speech.
| To insist that it must because it's a US company is
| entirely missing the point. Banning people is essentially
| ignoring people. Which is what the text of "sticks and
| stones" is instructing.
| jeffhuys wrote:
| I've never mentioned "because it's a US company" so I'll
| ignore that part of the message.
|
| Sticks & stones is a general thing that's missing in a
| lot of people nowadays. Trying to protect everyone from
| bad words will only make them react more when they
| inevitably will encounter said bad words.
|
| As for the rest of the "what if"s, I guess we'll see what
| happens when it happens. As of right now, my For You page
| is filled with science, discussions, tech, friends, well-
| known people having normal discussions with "plebs", etc.
|
| If you don't find value in the platform, simply don't use
| it. Use Bluesky if you want.
| wildpeaks wrote:
| As much as I hoped Blue Sky might succeed where Mastodon
| didn't, it's by far the platform where I've gotten the
| most unwanted dickpics and thirst traps, and the general
| vibe feels so shallow and performative.
|
| The signal to noise ratio is so low even when curating
| feeds, it feels pointless to post anything meaningful
| anymore, it just gets drowned in the noise and bots.
| jeffhuys wrote:
| Oh wow, didn't know that. I never left X but saw a lot of
| talk about BS when the transition happened. I just
| assumed it was a clone of Twitter with mostly the people
| who left.
|
| That sucks tho. I'm not against other places existing if
| it makes people feel better.
| righthand wrote:
| The purpose of Bluesky isn't to make people feel better
| it's to stave people off from being indebted to an
| advertising heavy society. Software like Twitter that's
| designed to keep you engaged and defending it regardless
| how harmful it's been in the last decade is the reason
| Bluesky exists.
| righthand wrote:
| Correct I mentioned it. If Twitter wasn't a US company
| we'd never be having a conversation about freedom of
| speech so be ignorant about that all you want. However
| it's silly you choose that reasoning.
|
| Isn't your suggestion to remember the words of "sticks
| and stones" the same as you advocating for how everyone
| should protect themselves from bad words?
|
| I don't use either platform because I find short form
| writing utterly valueless for anything than marketing
| purposes. You may say "but I read a lot of good
| discussions on there". Great for you but the discussions
| are still mostly short form rhetoric with little value
| other than "talking out loud". The other half of
| discussions is split between jobless comedians and hate-
| speech-as-freedom-of-speech advocates. I will never get
| my science, news, etc from a quote box. There's a reason
| I deleted my account 10 years ago.
| nilamo wrote:
| I won't speak for others, but I refuse to use a service
| that doesnt work if I'm not signed in. But when it did
| work, there didn't appear to be overzealous banning, and
| all the banning conversation appeared to be coming from
| sources that deserved to be banned, imo.
|
| So when you say "it's still good" while also mentioning
| thought police, I take what you're saying with a huge grain
| of salt, as I never noticed thought police to begin with,
| so less of something unnoticable sounds very close to
| "complete anarchy, nazis, and that's how we like it". Like
| 4chan put on a business suit.
| jeffhuys wrote:
| If you never noticed the thought police, you were of the
| kind of people that Twitter wanted there to exclusively
| be. That's okay, but not a realistic view of the world.
| However, people with differing ideologies were pushed
| away. Yes, that includes literal nazis. But that also
| includes people who don't agree with the status-quo and
| want to see something different. The old twitter gave the
| impression of a world where 99% of the people agree with
| the current state of things, which is just not reality.
|
| X is the only platform where you can see the real state
| of the world, raw, unedited. That's INCREDIBLY valuable
| and I'm absolutely baffled by how everyone here seems to
| celebrate censorship. We fought wars over this.
| i80and wrote:
| Yeah the censorship is overbearing now. I've since
| deleted my account of a decade but just using the word
| "cis" got a post of mine immediately auto-moderated.
|
| I think people talking about how new-Twitter is somehow a
| bastion of free speech or whatever are just telling on
| themselves about what they think speech is.
| jeffhuys wrote:
| Are you banned? Is your post deleted? No? Then it's not
| censorship.
|
| Again, if you don't match with the vision, don't use the
| platform. But you have to accept that the platform
| exists, is very popular, and allows free speech, and you
| can't change that.
| rstat1 wrote:
| *allows free speech Elon agrees with
|
| which isn't really all that free after all.
| drdeca wrote:
| I don't think Elon is particularly principled on the
| topic of free speech, seeing the way he blocked those
| outgoing links to competitors a while ago.
|
| Regarding the auto moderation of that word, what does
| happen when a post gets auto moderated? Does it get like,
| semi-hidden or something?
| jeffhuys wrote:
| They go to the bottom, behind a button you have to press
| to reveal them.
| nilamo wrote:
| I recognize the benefits of open communication, while
| also not wanting to participate in something so gross.
| I'm absolutely baffled by people claiming censorship free
| is the only option, and that any moderation at all is
| bad. A free for all is not what I want, in any platform
| or space I participate in.
| jeffhuys wrote:
| I think this might be a reaction to the previous
| moderation which seemed to be extremely biased. The
| moderation that's currently in place seems much less so,
| however some people seem to argue it's now the same, just
| the other way around.
|
| In my opinion a free-for-all is what the online world
| needs. But it's just that, an opinion. Feel free to not
| participate. I'm interested in what you do participate
| in, except for HN, though - is there something better
| that doesn't ban me for defending Elon, for instance? To
| put question marks by global policy? etc etc. That's at
| least as popular as X is? We can just talk to huge names
| there, and call them out on their bullshit, if they spew
| it. That's unbeatable.
| happosai wrote:
| The Amazing actual discussions:
|
| https://x.com/elonmusk/status/1876168991330439314
|
| Yeah I'm not going to return to a website that doesn't ban
| people unable to have a civilized conversation.
| jeffhuys wrote:
| > I'm not going to return to a website that doesn't ban
| people unable to have a civilized conversation
|
| That's your choice! Perfectly fine. For me, I don't want
| to close my eyes for what the world is actually thinking,
| even when they're in rage-mode. I think that makes your
| own thinking very narrow.
|
| Also, it's a conscious choice they made - they're the
| only platform I know of that allows you saying anything
| with no penalty except for maybe a algorithmic one. That
| doesn't mean it sucks, or is a bad platform, or the
| transition failed.
| hobs wrote:
| Except for criticizing musk in the papers, as he's banned
| journalists, people "doxing" him by publishing his plane,
| etc
|
| There's a million things you cant say, its now you are
| happy that the right wing nutjobs get to have their peace
| in public - that's the only part of the conversation
| that's "now allowed"
| jeffhuys wrote:
| I've already addressed the first part of your comment in
| another comment.
|
| I don't think there's a million things you can't say. I
| see tons of posts criticizing Elon. But I also see tons
| of people defending him in replies. This is what we
| should want. Discussion. Open talking. And that includes
| "right wing nutjobs".
|
| If the vision you're seemingly okay with censoring is so
| damaging that you can't fight it with words, is the
| opposing vision strong enough?
| happosai wrote:
| Twitter won't open my eyes to the "world is actually
| thinking". It is a rather minor social media in the big
| picture:
|
| https://www.statista.com/statistics/272014/global-social-
| net...
|
| There are certainly much better ways to learn what the
| world is thinking than a website without effective
| moderation. The problem was never "censorship" or "people
| are not allowed to say everything". The problem is the
| quantity of garbage the information supersewer generates
| and finding what is true and relevant.
| jeffhuys wrote:
| It's interesting to me that we can have such different
| views of the same platform.
|
| "Garbage". "Supersewer". I simply don't see what you
| mean. Of course there IS garbage, but you'd actively have
| to seek it out. You'd have to scroll down all the replies
| to get to the shit. If you want to see that, it's there,
| but if it doesn't have value, it stays there. Up top are
| the sensible replies and discussion threads.
|
| We can keep talking, but if you don't want to see it,
| you'll never see it.
| regularjack wrote:
| Every time I open a Twitter link, most of the comments
| will be garbage.
| kemotep wrote:
| Well 2 years ago Elon completely broke twitter for me by
| requiring an account. 10 years of using twitter then poof
| no more twitter access.
|
| I don't know why an account is necessary to read updates
| from government agencies and local organizations after 10
| years of not needing to do that.
| sergiotapia wrote:
| I only see bluesky types keep calling it twitter fwiw.
| bigstrat2003 wrote:
| I am by no means a bluesky person. I hate Twitter and all its
| clone sites, because I think they're tearing apart the social
| fabric by training people to interact in bite-sized hot takes
| in a cycle of outrage. I will still call it Twitter until the
| end of time, because I refuse to respect corporate rebrands.
| Whether it's Twitter, Facebook, Comcast, or anything else,
| I'm not going to play along with their silly name games.
| tzs wrote:
| I keep calling it Twitter, and urge everyone else to do so,
| because "twitter" is a better search term than "x", especially
| if you are using a search that doesn't let you specify word
| match.
| rsynnott wrote:
| "X" is a _terrible_ name; in a headline it looks like someone
| forgot to fill out a template.
|
| Twitter wouldn't be the first rebrand where people just decide
| they're not going to bother with this. Notably, there the odd
| year or so where the Royal Mail attempted to rebrand to
| 'Consignia' (in the alternate universe where the Iraq War
| didn't happen, this would be what everyone remembered about the
| Blair era), and Netflix's attempt, some years before scrapping
| it entirely, to rename its DVD delivery business to 'Quikster'.
| owebmaster wrote:
| It is probably better for Xitter/Elon's plans.
| romaaeterna wrote:
| Given that Signal is pushing new code updates all the time, isn't
| it trivial for them to push new binaries that harvest
| messages/keys/whatever-they-want?
| yifanl wrote:
| Sure. If you don't trust Signal to not do that, then you likely
| aren't using Signal.
| JustFinishedBSG wrote:
| Yes but an app that never pushes update can also do that
| thrance wrote:
| Signal is open-source [1]. You can compile the code yourself
| and review each PR if you're _that_ paranoid.
|
| [1] https://github.com/signalapp/Signal-Android
| Pesthuf wrote:
| Looks like the build is even reproducible. That makes me
| trust Signal even more.
|
| https://github.com/signalapp/Signal-
| Android/blob/main/reprod...
| paxys wrote:
| Their client is open source and is routinely audited. Their
| Android builds are fully reproducible. You can also build and
| run the app yourself if you want instead of downloading it from
| the app stores. It is virtually impossible for them to ship a
| backdoor, at least on Android, without the security community
| noticing.
| romaaeterna wrote:
| What exactly prevents them from doing a Windows build with an
| non-published change, signing it with the keys they control,
| and pushing it to an individual client through the upgrade
| servers which they control?
| tabletcorry wrote:
| Desktop clients communicate through mobile clients, so they
| don't have access to the key material.
| romaaeterna wrote:
| I don't believe that is the case. You can turn your phone
| off and the Signal desktop client will continue to work
| just fine.
| VWWHFSfQ wrote:
| > It is virtually impossible for them to ship a backdoor [..]
| without the security community noticing.
|
| OpenSSH was trivially backdoor'd [1] and distributed in
| several major distributions and the security community _did
| not_ notice until after it was already wild.
|
| [1] https://www.ssh.com/blog/a-recap-of-the-openssh-and-xz-
| liblz...
| xmodem wrote:
| That was an attack targeting an optional dependency that
| receives significantly less scrutiny than OpenSSH proper.
| Which to be fair, is probably also the most plausible path
| if you wanted to attack Signal.
|
| I would quibble with calling it "trivial" though.
| qualeed wrote:
| 1) That was not "trivial", by any stretch of the
| definition. It was a 3-year long campaign by a (suspected
| to be) nation-state (or similarly resourced) actor! I don't
| think you can get any farther away from "trivial" if you
| tried.
|
| 2) From your link, it says: " _Ubuntu 24.04LTS was a month
| away from being shipped with this backdoor, with other
| distros being on the same boat. Maybe the best way to
| describe it is this: had it gone undetected, Linux servers
| would have been running with a bomb waiting to be activated
| remotely._ " and " _Luckily this backdoor was discovered in
| an early stage, and most of the Linux user community stays
| safe_ "
|
| So, the security community _did_ notice.
| e44858 wrote:
| How easy would it be for them to ship a backdoor on iOS? With
| Apple's DRM it should be difficult to decrypt the IPA and
| compare it to the source code.
| paxys wrote:
| If you are in the EU you can build the app from source and
| sideload it on your phone. Everyone else is out of luck. So
| yeah, either Signal or Apple can insert a backdoor into the
| app.
| dingaling wrote:
| There is a window of vulnerability between a theoretically
| malicious update being pushed and the security community
| noticing that it doesn't correspond to a build of the
| published source. That might only be a few hours, or even
| minutes - but milliseconds would be enough to do most of its
| work.
| paxys wrote:
| Sure, but only if you are blindly auto installing every
| update as soon as it is pushed. All you have to do to
| protect yourself is download the bundle, run a checksum and
| then install it.
| perching_aix wrote:
| Then you audit and build it on your own? Or implement your
| own client?
|
| No free lunch. If comms security is that critical for you,
| outsourcing its assurance via trust is never going to cut
| it.
| romaaeterna wrote:
| They control the update servers. So it's possible to target
| a single user with a single build that no one else ever
| sees. What percentage of users verify every release?
| comex wrote:
| In theory, Binary Transparency
| (https://binary.transparency.dev/) solves that among
| other things. To pass verification, an update has to
| prove that it's included in a public log of releases.
|
| But I guess Signal doesn't implement it?
| NoThisIsMe wrote:
| It's distributed in the Play Store, so Google controls
| the update servers, no?
|
| Edit: or Apple, whathaveyou
| jzb wrote:
| Correct me if I'm wrong here -- let's say the Signal folks
| are breached or have been secretly waiting for just the
| right moment to push out some malicious code. How would
| they coordinate rolling it out to client devices to take
| advantage of that gap? I mean, depending on what the
| exploit was, they might be able to whack some percentage of
| users -- but it would be caught fairly quickly. I'm curious
| what sort of attack you're theorizing that would be
| worthwhile here.
| regularjack wrote:
| Which one do you trust more?
| yndoendo wrote:
| Would the real XChat be able to sue X-Twitter for name
| infringement?
|
| http://xchat.org/
| nadermx wrote:
| Maybe? XChat would have to show an established market in
| commerce in each market that x is infringing that they have an
| established commercial precense in. Also it's harder if xchat
| doesn't have a trademark in each of those regions.
| pityJuke wrote:
| Man, I remember being an IRC regular during the transition from
| XChat to HexChat. Now I learn HexChat is also dead :( [0]
|
| [0]: https://hexchat.github.io/news/2.16.2.html
| ChrisArchitect wrote:
| Earlier discussion:
|
| _X 's new "encrypted" XChat feature doesn't seem to be any more
| secure_
|
| https://news.ycombinator.com/item?id=44178008
| consumer451 wrote:
| Thanks. The top comment there gets pretty technical and ends
| with:
|
| > ... As noted in the help doc, this isn't forward secure, so
| the moment they have the key they can decrypt everything. This
| is so far from being a meaningful e2ee platform it's
| ridiculous.
|
| https://news.ycombinator.com/item?id=44178544
| michaelg7x wrote:
| Username matches the current URL
| jeroenhd wrote:
| The top comment is written by the person who wrote the blog
| post this thread is discussing.
| consumer451 wrote:
| Ah, thanks. I try not to be guilty of just comment surfing,
| but this was not one of those times. :/
| b0a04gl wrote:
| if this's using ephemeral keys with no forward secrecy and no
| ledger of interactions, what part of it's actually bitcoin style
| besides the name?
| shiandow wrote:
| Bitcoin isn't a secure communication channel either?
| masklinn wrote:
| Having no actual use?
| jeroenhd wrote:
| Bitcoin is great for prospecting, laundering money across
| borders, and scamming gullible people. It's also easier to
| hide a stash of stolen bitcoins from the authorities for
| after you get released from jail than it is to hide a stash
| of actual money. Bitcoin is certainly no alternative to
| actual money but it's not entirely useless.
|
| I think these Twitter DMs only does the scamming the gullible
| part, as you need to pay to use the feature and this is
| scamming people into thinking they're paying for secure
| messaging.
| deciduously wrote:
| They use a hash function.
| mjg59 wrote:
| Key derivation from a PIN? Although that's an implementation
| detail of the key backup rather than anything inherent in the
| actual messaging so who knows.
| gizmo686 wrote:
| He didn't say it was Bitcoin style, just that it used "(Bitcoin
| style) encryption".
|
| I was going to point out that Bitcoin does not use encryption;
| but technically I think it's signature algorithm (ecdsa) can be
| thought of as a hashing step, followed by a public-key based
| encryption step.
|
| So, in the most charitable reading, it using ecliptic curve
| asymmetric encryption. Presumably for the purpose of exchanging
| a symmetric key, as asymmetric encryption is very slow. In
| other words, what basically everything written this decade
| does. Older stuff would use non EC algorithms, that are still
| totally fine, but need larger keys and would be vulnerable to
| quantum computers is those ever become big enough.
| varjag wrote:
| _I was going to point out that Bitcoin does not use
| encryption_
|
| Yeah Musk as not very technical person would hardly know the
| difference.
| SAI_Peregrinus wrote:
| > but technically I think it's signature algorithm (ecdsa)
| can be thought of as a hashing step, followed by a public-key
| based encryption step.
|
| It really can't. If you're extremely drunk you can think of
| it as similar to hashing followed by a public-key based
| decryption step (signing uses the private key, as does
| decryption) but that's about as good an analogy as calling a
| tractor-trailer a container ship because both haul cargo. The
| actual elliptic-curve part of the operation isn't encryption
| or decryption, and thinking of it as such will lead to error.
|
| RSA _does_ have a simpler correspondence in that the
| fundamental modular multiplication operation is shared
| between decryption and signing (or between encryption and
| verification). But modular multiplication alone isn 't
| secure, it's the "padding" that turns modular multiplication
| with a particularly-chosen modulus from some basic math into
| a secure encryption/signature system. And the padding
| differs, and the correspondence doesn't hold in real systems.
| RSA without padding is just sparkling multiplication.
| brobinson wrote:
| Bitcoin does use encryption for messaging, but I don't know
| if this is what Musk was referencing:
| https://bitcoinops.org/en/topics/v2-p2p-transport/
| cobbal wrote:
| It uses cryptography (a little-known and mostly-useless
| offshoot of Crypto)
| anon7000 wrote:
| Plus, one of the simplest forms of cryptography is a basic
| SHA, so the words is practically meaningless without more
| details
| lenerdenator wrote:
| I'm hard-pressed to think of why I'd trust anything I sent over
| Twitter (or any other social media app) to be secure.
|
| With regard to Twitter, though, it's time to get off the site.
| Seriously. It's a cesspool of bots, predatory, adult, edgelord,
| and actually hateful content, operated by a bad-faith actor.
|
| EDIT:
|
| Downvote all you want, it's true. Social media, in general, is
| built with the idea of harvesting data, and you can't audit its
| codebase to ensure it's _actually_ encrypted. You _must_ assume
| everything sent over it is compromised. Given Elon 's financial
| backers, you can assume that access to data was given to those
| groups in exchange for more leniency in financial performance.
|
| And yeah, Twitter's a hell-hole. The "don't eat lunch with Nazis"
| rule applies here. It's not 2011 anymore.
| shiandow wrote:
| The moderation here is pretty effective, I wonder how much of it
| is automated.
| upofadown wrote:
| >...you're still relying on the Twitter server to give you the
| public key of the other party and there's no out of band
| mechanism to do that or verify the authenticity of that public
| key at present.
|
| ...
|
| >Signal doesn't have these shortcomings. Use Signal.
|
| Dunno that Signal is a really good counterexample for this
| particular aspect of E2EE messaging. The option exists to compare
| a 60 digit decimal number but the usability of this feature is
| such that most users don't even know that this is something they
| have to do. Just having a feature is not valuable if no one knows
| that feature exists and have no idea what any of it means.
|
| I like the approach used by Briar Messenger. They just have the
| user use the number that represents identity in the system. There
| is no misleading feature that maps a phone number to the actual
| cryptographic identity. This makes it much harder for the user to
| unknowingly use the system in an unsafe way. A Briar identity
| looks like this:
| briar://bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarci
| baby wrote:
| At this point i don't care if it's encrypted, just make it
| better.
| dehrmann wrote:
| I don't get most of the hype around end-to-end encrypted
| messages when the app's source code isn't available for audit.
| pityJuke wrote:
| I do find it funny that the library Twitter is using (according
| to TFA anyway) self-describes itself as:
|
| > Caution
|
| > Experimental library!
|
| and
|
| > While this library is just a wrapper around the well known
| Libsodium library it still comes with high potential of
| introducing new attack surfaces, bugs and other issues and you
| shouldn't use it in production until it has been reviewed by
| community.
|
| [0]: https://github.com/ionspin/kotlin-multiplatform-libsodium
| lifeinthevoid wrote:
| Move fast and break encryption.
| pier25 wrote:
| The Twitter brand is so strong it survives even after a rebrand.
| ashleyn wrote:
| The footnote elaborates on why the author used the old name.
| jhardy54 wrote:
| > I'll respect their name change once Elon respects his
| daughter
| Marsymars wrote:
| It's going to get confusing when trademark offices start
| getting submissions to expunge the "Twitter" trademark for
| lack of use.
| tptacek wrote:
| I like everything Matthew Garrett writes but I can't resist being
| annoying about this:
|
| Signal has had forward secrecy forever, right? The modern
| practice of secure messaging was established by OTR (Borisov and
| Goldberg), which practically introduced the notions of "perfect
| forward secrecy" and repudiability (as opposed to non-
| repudiability) in the messaging security model. Signal was an
| evolution both of those ideas and of the engineering realization
| of those ideas (better cryptography, better code, better
| packaging).
|
| What's so galling about this state of affairs is that people are
| launching new messaging systems that take us backwards, not just
| to "pre-Signal" levels, but to _pre-modern_ levels; like, to
| 2001.
| nickpsecurity wrote:
| Let's not forget three things from prior leaks:
|
| 1. Core Secrets said the FBI "compelled" companies to secretly
| backdoor their products. Another leak mentioned fines by FISA
| court that would kill a company. I dont know if you can be
| charged or not.
|
| 2. They paid the big companies tens of millions to $100+
| million to backdoor their stuff. Historically, we know they can
| also pressure them about government contracts or export
| licenses. Between 1 and 2, it looks like a Pablo Escobar-like
| policy of "silver or lead."
|
| 3. In the Lavabit trial, the defendant said giving them the
| keys would destroy the business since the market would know all
| their conversations were in FBI's hands. The FBI said they
| could hide it, basically lying given Lavabit's advertising,
| which would prevent damage to the business. IIRC, the judge
| went for that argument. That implies the FBI and some courts
| tell crypto-using companies to give them access but lie to
| their users.
|
| Just these three facts make me wonder how often crypto in big
| platforms is intentionally weak by governemnt demand or sloppy
| because they dont care. So, I consider all crypto use in a
| police state subverted at least for Five Eyes use. I'll change
| my mind once the Patriot Act, FISC, secret interpretations of
| law, etc are all revoked and violators get prosecuted.
| tptacek wrote:
| There is no such thing as "fines by FISA court". FISA doesn't
| hear adversarial cases and doesn't have statutory authority
| or even subject matter jurisdiction to enforce compliance on
| private actors. FISA is an authorizer for other government
| bodies, who then use ordinary Article III courts to enforce
| compliance. Other than the fact that they're staffed by
| Article III judges and not _directly_ overseen by Article III
| courts, the FISA court functions like a magistrate court, not
| a normal court. So: I immediately distrust the source.
|
| People are going to come back and say "well yeah that's just
| what they tell you about FISA court, but I bet FISA courts
| fine people all the time", but no, it's deeper than that:
| private actors aren't parties to FISA cases. It's best to
| think of them as exclusively resolving conflicts between
| government bodies.
| zzo38computer wrote:
| It would be better to use separate software for encryption, and
| to get the public keys by meeting with them in place.
___________________________________________________________________
(page generated 2025-06-05 23:00 UTC)