Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
X is now offering end-to-end encrypted chat -- you probably shouldn't trust it yet (TechCrunch) [View all]
https://techcrunch.com/2025/09/05/x-is-now-offering-me-end-to-end-encrypted-chat-you-probably-shouldnt-trust-it-yet/X, formerly Twitter, has started rolling out its new encrypted messaging feature called “Chat” or “XChat.”
The company claims the new communication feature is end-to-end encrypted, meaning messages exchanged on it can only be read by the sender and their receiver, and — in theory — no one else, including X, can access them.
Cryptography experts, however, are warning that X’s current implementation of encryption in XChat should not be trusted. They’re saying it’s far worse than Signal, a technology widely considered the state of the art when it comes to end-to-end encrypted chat.
-snip-
Matthew Garrett, a security researcher who published a blog post about XChat in June, when X announced the new service and slowly started rolling it out, wrote that if the company doesn’t use hardware security modules, or HSMs, to store the keys, then the company could tamper with the keys — brute-forcing them for example since they are only four digits — and potentially decrypt messages. HSMs are servers made specifically to make it harder for the company that owns them to access the data inside.
-snip-
The company claims the new communication feature is end-to-end encrypted, meaning messages exchanged on it can only be read by the sender and their receiver, and — in theory — no one else, including X, can access them.
Cryptography experts, however, are warning that X’s current implementation of encryption in XChat should not be trusted. They’re saying it’s far worse than Signal, a technology widely considered the state of the art when it comes to end-to-end encrypted chat.
-snip-
Matthew Garrett, a security researcher who published a blog post about XChat in June, when X announced the new service and slowly started rolling it out, wrote that if the company doesn’t use hardware security modules, or HSMs, to store the keys, then the company could tamper with the keys — brute-forcing them for example since they are only four digits — and potentially decrypt messages. HSMs are servers made specifically to make it harder for the company that owns them to access the data inside.
-snip-
3 replies
= new reply since forum marked as read
= new reply since forum marked as read