Twitter adds encrypted DMs for verified users

Twitter has started rolling out encrypted direct messages (DMs), providing users.

The Elon Musk-owned social media site said it aimed to be the most trusted platform on the Internet and that DMs formed an important part of this.

“As Elon Musk said, when it comes to DMs, the standard should be, if someone puts a gun to our heads, we still can’t access your messages,” Twitter said.

“We’re not quite there yet, but we’re working on it.”

The first phase of the rollout is fairly limited, with users having to meet a very specific set of conditions to send and receive encrypted DMs, including:

• both sender and recipient must be on the latest Twitter apps on iOS, Android, or the web;
• both sender and recipient must be verified users or affiliates of a verified organisation; and
• the recipient must follow the sender, or have sent a message to the sender previously, or accepted a DM request from the sender before

Encrypted DMs will appear as separate conversations alongside non-encrypted DMs.

The screenshots below show how eligible users can start an encrypted conversation, how they will know they are in an encrypted conservation, and how users can distinguish between encrypted and non-encrypted messages.

Twitter briefly explained how its encryption worked.

“The latest version of Twitter apps generate a pair of device-specific keys, called private and public key pair,” it stated.

“The public key is automatically registered when a user logs into Twitter on a new device or browser.

“The private key never leaves the device and therefore is never communicated to Twitter.

“In addition to the private-public key pairs, there is a per-conversation key that is used to encrypt the content of messages.

“The private-public key pairs are used to exchange the conversation key securely between participating devices.”

Twitter said it used a combination of strong cryptographic schemes to encrypt every message, link, and reaction that is part of an encrypted conversation before they leave the sender’s device, and remain encrypted while stored on Twitter’s infrastructure.

The company plans to open-source its implementation and provide an in-depth explanation of its technology in a technical whitepaper later in 2023.

How to send an encrypted DM

Users that are eligible to send encrypted messages will see an “encrypted” toggle after clicking on the message icon.

“Selecting an eligible recipient, composing a message and clicking send will send an encrypted message,” Twitter explained.

Alternatively, users can send an encrypted message through the conversation settings page of an unencrypted conversation by following the steps below:

• Tap into an unencrypted conversation from the DM inbox
• Tap on the information icon
• Select “Start an encrypted message”

Now read: Fraudulent SIM swaps formed basis of massive Twitter hack

Subscribe to our daily newsletter

Twitter adds encrypted DMs for verified users