In a new support document, Twitter has detailed what you can expect from the first version of the platform’s encrypted direct messages. Perhaps most notably, to be able to send and receive encrypted messages, you’ll have to pay Twitter for the ability to do so. Platforms like WhatsApp, Messenger, Signal, and iMessage already offer encrypted messaging for free, so having to pay for the feature on Twitter might be a hard pill to swallow.
According to the document, encrypted DMs are only available if you are a verified user (somebody who pays for Twitter Blue), a verified organization (an organization that pays $1,000 per month), or an affiliate of a verified organization (which costs $50 per month per person). Both the sender and recipient must be on the latest version of the Twitter app (on mobile and web). And an encrypted DM recipient must follow the sender, have sent a message to the sender in the past, or accept a DM request from the sender at some point.
If you are a person who can send encrypted messages to somebody who can receive them, you’ll see a lock toggle while you’re drafting a message. In an encrypted conversation, you’ll also see a small lock icon next to the avatar of the person you’re chatting with. Encrypted DMs will be separate from unencrypted ones.
Encrypted DMs currently have a few limitations and a very big flaw. You can only send them in one-on-one conversations; Twitter says it will “soon” bring the feature to groups. You can only send text and links. And Twitter warns that it doesn’t have protections against man-in-the-middle attacks. “As a result, if someone — for example, a malicious insider, or Twitter itself as a result of a compulsory legal process — were to compromise an encrypted conversation, neither the sender or receiver would know,” Twitter says.
The company is planning mechanisms to make man-in-the-middle attacks more difficult and alert users if one happens. “As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages,” the company wrote. “We’re not quite there yet, but we’re working on it.”
Twitter also notes that while messages and reactions to encrypted DMs are encrypted, “metadata (recipient, creation time, etc.) are not, and neither is any linked content (only links themselves, not any content they refer to, is encrypted).”
Encrypted DMs seem to be a priority for Musk; it’s a feature he spelled out as part of “Twitter 2.0” for employees in November. But blue checkmarks are already unpopular enough, and I doubt that forcing you to pay for an important feature you can easily get for free elsewhere is going to improve their reputation.