Twitter source code which would bring an end-to-end encrypted messages
Twitter is reportedly working to eventually add end-to-end encryption (E2EE) to direct messages that users exchange on the social media platform. This is a highly requested feature that helps protect private communications from anybody watching the conversations in-between or even legal requests.
Twitter had already tried to prototype an end-to-end encryption system in 2018 and called it "Secret Conversation", but it never launched as the finished product and was later abandoned.
A mobile researcher noted that recent work has been put in place to bring end-to-end encryption to Twitter message. There were some discovery of new additions to Twitter's Android source code which is referred to as the platform's "encryption keys." This number is generated from individual encryption keys. If it matches the number on the recipient's phone, end-to-end encryption is guaranteed.
Twitter's current owner, Elon Musk, responded to the researcher tweet with a winking emoji, suggesting that the feature is indeed in the works
Why Twitter needs End-to-End Encryption (E2EE)
End-to-end - Encryption ensures that messages leave the sender in encrypted form and are decrypted at the receiver's end so they can be read. In order for this to work, both parties must use an encryption key pair to encrypt and decrypt the contents of their messages.
In most end-to-end encryption applications, the sender uses the receiver's digitally signed public key to encrypt the message and the receiver uses his private key to decipher.
For Twitter, the researcher mentioned a "conversation key", which implies that the E2EE method implemented can be "symmetric". A symmetric end-to-end encryption means that both people in the conversation use the same key for encryption and decryption.
The sender's message is turned into unreadable ciphertext and remains in that state during transmission so that no intermediary such as internet service providers or cyber attackers or even Twitter itself can read the contents of the message.
When Twitter introduces end-to-end encryption in messages, users will feel more comfortable about the security and privacy of their communications, even in unfortunate situations such as hacks affecting the platform.
In July 2020, Twitter admitted that hackers who breached employee accounts and accessed dashboards were able to read the message inbox of 36 high-level users and download accessible content from seven of them. Other messaging platforms/applications using end-to-end encryption include Signal, Threema, iMessage, Viber, Element/Matrix, Tox, Keybase, XMPP, Skype and Wire.
If Twitter had an end-to-end encryption at the time, all hackers would have access to an unreadable cipher, reducing the impact on vulnerable users.