Security researcher and reverse engineering blogger Jane Manchun Wong discovered evidence that Twitter may be bringing end to end encryption to Twitter, plus two more possible changes that are fairly useful.
She made the information public via a series of tweets that leaked details of the new features still under development..
Trivial But Useful Change
The first change that’s coming is the removal of the source field.
The source field is the section beneath every tweet that tells what kind of device was used to post the tweet.
There must be a purpose for that feature but it’s not immediately apparent.
Ultimately this is a trivial change but probably useful in that it reduces clutter.
Yup. The source field is gone from the Tweet details view in this prototype https://t.co/ZTFOnfdXvP pic.twitter.com/KaCOFmKzLE
— Jane Manchun Wong (@wongmjane) November 16, 2022
End to End Encryption
End-to-end Encryption (E2EE) is a secure communication protocol that is completely private, with zero access from any other party other than those who are participating in the messaging.
In general this is a good idea. But there are also some who raise legitimate concerns about adding E2EE to messaging that might not necessarily be tied to a phone in the same way that WhatsApp and Telegram are.
Jane Manchun Wong Discovers Evidence
Jane Manchun Wong is notable reverse engineering expert who has been interviewed and profiled on sites like BBC News and MIT Technology Review.
According to the BBC profile on her:
“She discovered that Airbnb was testing a new flight integration feature that alerted hosts on the website when their guests’ planes landed safely.
And she sounded the horn when Instagram began experimenting with augmented reality profile pictures.”
MIT Technology Review wrote this about her:
“Wong, 27, has a preternatural ability to crack difficult code—along with a sizable Twitter following that includes some of the biggest names in tech and journalism.
As she gets into the back end of websites’ code to see what software engineers are tinkering with, they await her discoveries with interest. “
Exploring the Twitter Android app she recently discovered that the E2EE feature might be coming to Twitter’s Direct Messaging (DM) service.
She tweeted and posted a screenshot of the evidence:
“Twitter is bringing back end-to-end encrypted DMs
Seeing signs of the feature being worked on in Twitter for Android:”
Twitter is bringing back end-to-end encrypted DMs
Seeing signs of the feature being worked on in Twitter for Android: https://t.co/YtOPHH3ntD pic.twitter.com/5VODYt3ChK
— Jane Manchun Wong (@wongmjane) November 16, 2022
Jane also posted another bit of evidence:
Early prototype of Twitter’s upcoming end-to-end encrypted DMs “Encryption keys” screen: https://t.co/rcnd7h68lO pic.twitter.com/EMXSlI188j
— Jane Manchun Wong (@wongmjane) November 16, 2022
Jane Requested End to End Encryption
Back in November 9, 2022, she responded to a tweet from Elon Musk who was requesting suggestions for Twitter.
She tweeted:
“Revive end-to-end encrypted DMs!”
Revive end-to-end encrypted DMs! https://t.co/pBEQro3E4e
— Jane Manchun Wong (@wongmjane) November 9, 2022
Is Twitter DM End to End Encryption a Good Idea?
Lea Kissner, the former Twitter Chief Information Security Officer shared her observations about possible pitfalls.
She tweeted:
“For context: I have a PhD in cryptography, my thesis is on privacy-preserving cryptographic protocols, and I’m publicly known to have worked on several novel E2EE systems (from Zoom and Google).
So: 1) YMMV because every system is a bit different 2) this is not my first rodeo”
Among her concerns was the possibility of abuse.
She explained in a follow-up tweet:
“Note that just looking at WhatsApp or Signal doesn’t give you nearly enough understanding about what abuse will be like on a non-phone-number-based network. They have a *much* easier time and it’s still not solved.”
She also noted the complexity involved when rolling it out to multiple devices:
“5. Multiple devices. All of this gets more annoying (though still tractable) when users have more than one device, *especially* if you don’t want the server to be able to just willy nilly add devices (because that compromises security).”
But in the end she affirmed that end-to-end Encryption is doable for Twitter.
I'm sure I'm forgetting something and all of this is doable, but note:
1) like all cryptographic systems E2EE is subtle and quick to anger and must be done carefully
2) note that nowhere in this list did I include the actual part that does the encryption/decryption stuff— Lea Kissner (@LeaKissner) November 16, 2022
Block for Illegal Content in South Korea
The third feature Jane discovered is actually a good one because it works to defeat cyberstalking and the publication of illegal videos uploaded by cyberstalkers and creeps.
She tweeted:
“Twitter is working on a media warning for users in South Korea
“If you upload any Illegally Filmed Content, Twitter may delete or block access to the content and the uploader may be sanctioned.””
Apparently this is aimed at the issue of illegally filmed videos of people and cyberstalking.
Twitter is working on a media warning for users in South Korea
“If you upload any Illegally Filmed Content, Twitter may delete or block access to the content and the uploader may be sanctioned.” pic.twitter.com/GUW1XGIaPY
— Jane Manchun Wong (@wongmjane) November 16, 2022
This is actually a very useful feature that hopefully will help combat spycam videos and similar media that was taken without a person’s knowledge or agreement.
Will Features Actually Roll Out?
It looks like the Twitter team may be actively working on these useful features. It will be interesting to see how fast they can roll it out with the reduced workforce.
Featured image by Shutterstock/RealPeopleStudio