Musk made the statement only a few days after entering into the agreement to buy the popular social media platform. Implementing end-to-end encryption (E2EE) supports Musk’s goals for the platform, which include improving Twitter with “…new features, making algorithms open-source to increase trust, defeating the spam bots, and authenticating all humans.” In its current state, any direct message sent between Twitter users is viewable by the sender, the recipient, and any Twitter administrators with the required level of system access. What does this mean to the average user? Your direct messages, which are typically intended to be private between parties, are not private at all. They can be pulled and viewed at any time by the 3rd party (in this case, Twitter’s admins). The ability to access these messages means they are accessible for anything from replies to law enforcement requests to hackers and malicious actors wishing to exploit or cause harm to the senders, recipients, and other parties referenced in the messages.
E2EE helps to prevent these 3rd parties from inappropriately accessing private messages. Instead, messages are converted to ciphertext, making them useless to anyone accessing or intercepting the message. The ciphertext can only be decrypted when the sender and receiver have the right cryptographic keys to decrypt the original message. This encryption is intended to keep the data’s confidentiality, integrity, and availability, known as the CIA triad. Proponents of online privacy welcome E2EE and the protections that it provides. Other users, ranging from world governments to charity and special interest groups, feel that E2EE goes too far and helps to hide criminal activity and protect those engaged in it. The only certainty today is that the lines around online privacy are, and will likely continue to be, anything but clear. Image credit: What is E2EE courtesy of Heimdal Security