Elon Musk wants end-to-end encryption for Twitter DMs. It may not be that simple

Read Time:4 Minute, 43 Second

“Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” he wrote.

With that statement, Musk waded into a long-running debate among technologists and privacy advocates around the level of encryption apps and platforms should provide to their users. Growing concerns about privacy have led to questions about how much user data tech companies collect, and many platforms — including the Signal messaging app Musk referred to — have begun to tout end-to-end encryption as a key feature.

That capability means communications can only be seen by the senders and recipients, without the platform being able to access them. While some apps, such as Signal and WhatsApp, have end-to-end encryption by default, others including Telegram, Instagram and Facebook Messenger allow users to opt into encrypted messaging.

Videoconferencing platform Zoom quickly introduced end-to-end encryption in 2020, soon after the pandemic caused a surge in users, putting a spotlight on its security practices.
Meta, which owns WhatsApp, Instagram and Facebook Messenger, has said it plans to roll out default end-to-end encryption for all its apps globally by 2023.
Why WhatsApp wants to convince Americans to stop sending text messages
Twitter, on the other hand, has not yet outlined a plan to offer end-to-end encryption for its direct messages, despite calls from industry experts and advocates for years. Those calls intensified in mid-2020, after a massive hack of the platform that compromised the accounts of several prominent individuals, including former US President Barack Obama and Musk himself. (End-to-end encryption may not have prevented that attack, since hackers directly accessed the accounts, but experts say it would reduce the scope of the information attackers could target in the future.)

Twitter did not respond to a request for comment.

“It would be a significant move in favor of user privacy if Twitter were to turn on [end-to-end encryption] for DMs, as it would keep the company from reading its users’ conversations or disclosing them to anyone else,” Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory whose work focuses on encryption, told CNN Business. “For the company to tie its own hands in this way would prevent a bad actor within the company from abusing the access they have as an employee to user data.”

In November 2019, the Justice Department accused two former Twitter employees of spying on users on behalf of Saudi Arabia when they were at the company.

And the fact that the influential platform will now be under new ownership is raising fresh questions about what data it has access to.

Hours after Musk announced he would take over Twitter, Oregon Sen. Ron Wyden — a longtime advocate for digital privacy — issued another warning.

“If the US had a privacy law with teeth, or if Twitter encrypted DMs like I urged years ago, Americans wouldn’t be left wondering what today’s sale means for their private information,” he tweeted. “The protection of Americans’ privacy must be a condition of any sale.”
Twitter’s relatively smaller size — its global user base is a fraction of Facebook, Instagram and WhatsApp — and the fact that it is not seen primarily as a messaging platform, may have allowed it to fly slightly under the radar, according to Bruce Schneier, a security technologist and fellow at Harvard University’s Berkman Center for Internet and Society.

“Twitter is used less for that kind of direct conversation than Signal, SMS, WhatsApp and Telegram,” he said. “It’s more semi-public.”

Elon Musk wants to 'authenticate all real humans' on Twitter. Here's what that could mean

Also, Twitter’s architecture — a single platform that includes public tweets and DMs, and is accessed on its website as well as mobile apps across multiple operating systems — could make full encryption more complicated than mobile-first messaging platforms such as Signal, according to Deirdre Connolly, a cryptographic engineer.

“No web service has slapped end-to-end encrypted messaging onto it — after its initial deployment — successfully,” Connolly said, adding that most apps offering it have either started from a mobile platform and expanded, or “have designed their web and mobile apps for [end-to-end encrypted] messaging from the get-go.”

“Building a secure web application that runs in a modern, patched web browser is a fundamentally different and more difficult task than doing the same on desktop or especially mobile,” she said. “They haven’t done it yet because it’s hard. Really hard.”

But experts say giving Twitter DMs end-to-end encryption by default is an important and worthy goal. Jack Dorsey, Twitter’s co-founder and former CEO, has hinted in the past that he would be open to adding the capability (Wyden also cited Dorsey as saying in 2018 that Twitter was working on it), but the company hasn’t made any commitments.

Twitter and other companies often have policies and controls in place to prevent unauthorized access to private messages. But encrypting those messages “goes beyond policy or access controls by making access impossible in the first place [and] would also limit what information a malicious outsider could obtain about a particular user, whether that’s a hacker or someone posing as law enforcement,” said Pfefferkorn.

One caveat, she added, is that fully encrypting DMs could make it harder to crack down on malicious content and cooperate with law enforcement on investigations, issues that companies such as WhatsApp and Apple have dealt with in the past. But those companies have repeatedly cited a need to protect their users.

“In total, [end-to-end encryption] for DMs would be a net gain for user privacy and security,” Pfefferkorn said.

Source link
You have to be inform about what is happening in USA go to united states news to see more.

0 %
0 %
0 %
0 %
0 %
0 %
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Who we are

Suggested text: Our website address is: https://updatednews24.com.


Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings