How did Elon Musk manage to stay with Twitter?
2:13
(CNN Business) --
Just two days after announcing that he was buying Twitter, Elon Musk sent out a flood of tweets about his plans for the social media platform.
One stood out because of the broad appeal of him.
"Twitter direct messages should have end-to-end encryption like Signal, so no one can spy on or hack your messages," he wrote.
With that statement, Musk entered a long debate between technologists and privacy advocates over the level of encryption apps and platforms should provide to their users.
Growing privacy concerns have raised questions about how much user data tech companies collect, and many platforms — including the Signal messaging app Musk referenced — have begun touting end-to-end encryption. as a key feature.
Elon Musk wants to "authenticate all real humans" on Twitter.
This is what it could mean
That capability means that communications can only be seen by the senders and recipients, without being accessed by the platform.
While some apps, like Signal and WhatsApp, have end-to-end encryption by default, others, like Telegram, Instagram, and Facebook Messenger, allow users to opt out of encrypted messaging.
Video conferencing platform Zoom quickly introduced end-to-end encryption in 2020, shortly after the pandemic caused a surge in users, highlighting its security practices.
advertising
Meta, which owns WhatsApp, Instagram and Facebook Messenger, has said it plans to implement end-to-end encryption by default for all its apps globally by 2023.
Twitter, on the other hand, has yet to outline a plan to offer end-to-end encryption for its direct messages (DMs), despite calls from industry experts and advocates for years.
Those calls intensified in mid-2020, following a massive hack of the platform that compromised the accounts of several prominent individuals, including former US President Barack Obama and Musk himself.
(End-to-end encryption may not have prevented that attack, since the hackers accessed the accounts directly, but experts say it would reduce the scope of information attackers could have in the future.)
Twitter did not respond to a request for comment.
"It would be a significant move for user privacy if Twitter turned on [end-to-end encryption] for direct messages, as it would prevent the company from reading its users' conversations or revealing them to anyone else," he said. to CNN Riana Pfefferkorn, a researcher at the Stanford Internet Observatory whose work focuses on encryption.
"The company's hands being tied in this way would prevent a bad actor within the company from abusing the access it has as an employee to user data."
Top 5 most downloaded mobile apps in 2022 1:09
In November 2019, the Justice Department charged two former Twitter employees with spying on users on behalf of Saudi Arabia while at the company.
And the fact that the influential platform now has new owners raises new questions about what data it has access to.
Hours after Musk announced he was taking over Twitter, Oregon Sen. Ron Wyden—a longtime advocate of digital privacy—issued another warning.
"If the US had a strong privacy law, or if Twitter encrypted direct messages like I urged years ago, Americans wouldn't be left wondering what today's sale means for their private information," he tweeted.
"Protecting the privacy of Americans must be a condition of any sale."
Twitter's relatively smaller size — its global user base is a fraction of Facebook, Instagram and WhatsApp — and the fact that it isn't seen primarily as a messaging platform may have allowed it to fly under the radar a bit, according to Bruce Schneier. a security technologist and fellow at the Berkman Center for Internet and Society at Harvard University.
"Twitter is used less for that type of direct conversation than Signal, SMS, WhatsApp and Telegram," he said.
"It's more semi-public."
In addition, Twitter's architecture—a single platform that includes public tweets and direct messages and is accessed on its website as well as mobile apps on multiple operating systems—could make full encryption more difficult than traditional platforms. mobile messaging like Signal, according to Deirdre Connolly, a cryptographic engineer.
ANALYSIS |
Why is Elon Musk buying Twitter so important?
"No web service has ever included end-to-end encrypted messages on it — after its initial deployment — successfully," Connolly said, adding that most apps that offer it started from a mobile platform and expanded, or " They designed their web and mobile apps for [end-to-end encrypted] messaging from the ground up."
"Building a secure web application that runs in a modern, patched web browser is a fundamentally different and more difficult task than doing the same thing on a desktop or especially a mobile device," he said.
"They haven't done it yet because it's hard. Really hard."
But experts say providing end-to-end encryption to Twitter direct messages by default is an important and worthwhile goal.
Jack Dorsey, co-founder and former CEO of Twitter, hinted in the past that he would be open to adding this capability (Wyden also quoted Dorsey as saying in 2018 that Twitter was working on it), but the company has made no commitment.
Twitter and other companies often have policies and controls in place to prevent unauthorized access to private messages.
But encrypting those messages "goes beyond policy or access controls by making access impossible in the first place [and] would also limit the information a malicious attacker could obtain about a particular user, be it a hacker or someone pretending to be the police," Pfefferkorn said.
One caveat, he added, is that fully encrypting direct messages could make it harder to crack down on malicious content and cooperate with law enforcement in investigations, issues that companies like WhatsApp and Apple have dealt with in the past.
But those companies have repeatedly mentioned the need to protect their users.
"Overall, [end-to-end encryption] for MDs would be a net gain for user privacy and security," Pfefferkorn said.
Elon MuskTwitter