X's new 'encrypted' XChat feature seems no more secure than the failure that came before it
Elon Musk's X social media platform is rolling out a new version of its direct messaging feature that the platform owner said had a "whole new architecture," but as with many a Muskian proclamation, there's reason to doubt what's been said.
Dubbed "XChat" (not to be confused with the venerable Linux/Windows IRC app of the same name), Musk informally
announced the feature on Sunday, a few days after the company formerly known as Twitter
paused encryption on messaging to make "some improvements.".
Musk's declaration, however, didn't reveal much about the nature of the changes, and has been enough to cause some encryption experts to doubt what was stated by the world's richest man.
"All new XChat is rolling out with encryption, vanishing messages and the ability to send any kind of file," Musk said in a tweet. "Also, audio/video calling.
"This is built on Rust with (Bitcoin style) encryption, whole new architecture," Musk added. And here's where the skeptics and cryptocurrency fans in the digital town square pounced: There ain't no encryption on the Bitcoin blockchain.
As reported by crypto news site
Coindesk, experts have been quick to point out that, while there's plenty of cryptography and digital signing involved in Bitcoin, the blockchain itself isn't encrypted, and there really isn't such a thing as "Bitcoin style encryption."
In other words, it's worth questioning whether XChat is going to be encrypted in a way that most people think of encrypted chat: End-to-end encryption (E2EE) that renders messages completely unreadable by anyone who might happen to snoop in them, be it an illicit intermediary or the platform that hosts the messages itself. That's how Signal and Meta-owned WhatsApp work.
As was the case
in 2023, when then-Twitter first announced encrypted messages under owner Elon Musk, it doesn't appear that XChat will offer true E2EE. The
help page, which was updated with the launch of the service, still warns "currently, we do not offer protections against man-in-the-middle attacks" and says that Twitter itself, "as a result of a compulsory legal process," could compromise so-called encrypted DMs on the platform without the sender or receiver being aware.