Twitter has announced its new feature – encrypted direct messages (DMs). However, the new feature comes with a catch. To access the feature, Twitter users will need to pay for it. This is unlike other messaging platforms such as WhatsApp, Signal, iMessage, and Messenger, which offer the feature for free.
The new feature is only available to verified users. Verified users are those who pay for Twitter Blue, verified organizations, or affiliates of verified organizations. Encrypted DMs are only available to users on the latest version of the Twitter app and website. Additionally, the sender and recipient must follow each other, have sent a message to each other before, or the recipient must accept a DM request from the sender.
When sending an encrypted message, users will see a lock toggle. In an encrypted conversation, a small lock icon will appear next to the avatar of the person being messaged. Encrypted DMs will be separate from unencrypted ones.
However, the encrypted DM feature has a few limitations. One can only send encrypted messages in a one-on-one conversation. Twitter plans to bring the feature to groups soon. Users can only send text and links. Twitter warns that the feature does not have protection against man-in-the-middle attacks. If someone, such as a malicious insider, or Twitter itself, were to compromise an encrypted conversation, neither the sender nor the receiver would know.
Twitter is planning to make man-in-the-middle attacks more difficult and alert users if they happen. Twitter also notes that while messages and reactions to encrypted DMs are encrypted, metadata and linked content are not. Only the links themselves are encrypted, not the content they refer to.
Encrypted DMs are a priority for Twitter CEO Elon Musk. He spelled out the feature in November as part of “Twitter 2.0” for employees. However, forcing users to pay for an important feature that is readily available for free on other platforms may not improve Twitter’s reputation. The company will need to find a solution to this issue before rolling out the feature to more users.