Skip to main content

Twitter encrypted DMs will adopt open-source Signal protocol, suggests iOS code

Elon Musk recently hinted that Twitter encrypted DMs were on the way, using full end-to-end encryption – and code spotted in the iOS app suggests that it will use the same E2E encryption standard as Signal.

Plans for E2E encryption of Twitter direct messages date back to at least 2018, and it appears that the company has resuscitated code written back then …

Background

Almost all private messaging services use encryption, but there are two major forms. Standard encryption uses a key held by the messaging service. This means that anyone in the company with the necessary access could read any message.

End-to-end (E2E) encryption is different, as only the message participants have the encryption key. The messaging service itself has no access to the unencrypted content, making it far more secure.

Twitter DMs currently use the weaker form of encryption.

Twitter encrypted DMs to use Signal protocol

Reverse-engineer maestro Jane Manchun Wong spotted references to the Signal protocol in the iOS Twitter app. This strongly suggests that the company plans to use the same E2E encryption used by secure messaging app Signal.

Twitter will adopt the Signal Protocol for Encrypted DMs. Seeing code references of the Signal Protocol inside Twitter’s iOS app.

She had previously spotted E2E encryption pointers in the Android app, though not references to Signal.

This code is open-source, which provides two benefits. First, anyone is free to use it. Second, anyone can examine the code to ensure that it does what is claimed, and to try to spot weaknesses in it.

As for Twitter’s implementation, software engineer Brandon Carpenter said that he wrote the code back in 2018 while at Twitter.

Oh look! Some code I wrote four years ago. Wonder if someone is emailing snippets of it to elnos goons for their weekly code reviews or whatever.

You have my full blessing to do so. But I’m not responsible if you’re fired for it “not being up to standards” […]

I wrote most of the TwitterSignalProtocol library, which wraps libsignal with an Objective-C interface, implements the storage interfaces, and hooks it up to Apples built-in cryptographic routines.

He says the reason Twitter didn’t implement it at the time was difficulty in providing the same DM features as the standard version.

WhatsApp makes it easier to message yourself

On the subject of encrypted messaging, TechCrunch spotted that WhatsApp has rolled out a feature that makes it easier to message yourself.

While that may seem a bizarre thing to do, some people use the app as a way to store notes and reminders. It’s something I’ve done on occasion when an app’s Share sheet doesn’t include the ability to AirDrop a link, nor a way to copy it to the clipboard.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear