X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet
X, formerly known as Twitter, has started rolling out its new messaging feature called XChat, marketed as fully end-to-end encrypted chat. At first glance, this sounds like a major step forward for user privacy. But security experts are already sounding alarms, warning that X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet.
The company claims only senders and receivers can read messages, leaving no room for X itself to snoop. Yet cryptographers argue the implementation is weak, especially compared to trusted apps like Signal.
Why Experts Don’t Trust X’s Encrypted Chat
On paper, XChat works like most encrypted messengers: users exchange messages with the help of private and public keys. But unlike Signal, which stores private keys securely on user devices, X stores these keys on its own servers.
That’s a massive red flag. If private keys live on X’s infrastructure, the company potentially holds the power to tamper with or brute-force them. This directly undermines the promise of true end-to-end encryption.
The Four-Digit PIN Problem
Setting up XChat prompts users to create a simple four-digit PIN. That PIN protects the private key — but only just. With only 10,000 possible combinations, such a weak PIN could be brute-forced in seconds if security controls aren’t ironclad.
Signal, by contrast, uses far more robust safeguards. That’s why experts stress that X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet without stronger cryptographic protections.
Hardware Security Modules: Fact or Fiction?
Matthew Garrett, a well-known security researcher, pointed out that unless X uses hardware security modules (HSMs), its encryption system is fundamentally flawed. HSMs are designed to safeguard cryptographic keys, making it much harder for even the service provider to access them.
An X engineer claimed the company does use HSMs, but so far, no proof has been shared. As Garrett put it, this leaves us squarely in “trust us, bro” territory.
What This Means for Users
Privacy-focused users should take caution. If you’re considering XChat as a secure alternative to Signal, WhatsApp, or iMessage, you may want to hold off. Experts agree the technology isn’t mature enough to guarantee the privacy it promises.
Until X provides transparent proof of its encryption methods and independent audits confirm its claims, X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet.
Post a Comment