Twitter’s early efforts at securing direct messages with encryption appear to be riddled with caveats, flaws and risks that may endanger users, the experts said after the company rolled out its initial release. With the first iteration of the feature, only users who are paying subscribers to Twitter Blue or whose organizations have paid to be verified with the company may use encrypted messages. In addition, encrypted messages may only be sent between two individuals, not groups.
“The standard should be, if someone puts a gun to our heads, we still can’t access your messages,” the blog post said. “We’re not quite there yet, but we’re working on it.” But the company also acknowledged the feature’s limitations, including the fact that the new encryption option does “not offer protections against man-in-the-middle attacks.