What are encrypted messages, and why does any of this matter? If you’re verified, are Twitter DMs encrypted enough to safeguard your privacy? Let’s take a look at X’s latest updates and how these changes might affect your digital privacy.
X Announces Voice & Video Calls
As per Elon’s recent announcement, X will soon feature voice and video calls. The call feature will work on all popular operating systems, including iOS, Android, macOS, and Windows. You won’t need to use your phone number because Musk says X already gives you access to a worldwide “address book.” The company will probably change X’s DM function (which only allows texting and attachments) to add voice and video calls.
Voice calls aren’t an entirely new concept to the app. X currently features Spaces, an audio chat room function for live group chats. It’s a similar concept to the popular app Clubhouse. On Spaces, you can host “live audio conversations” but only if you have 600+ followers. Other Twitter users can join to listen in or actively participate in conversations.
At present, Spaces doesn’t let you make direct one-on-one calls, a gap the new call feature is set to fill. Musk claims the coming call capabilities will be unique, but these features have long been available on rival platforms including Facebook, Instagram, and Snapchat.
Will X Calls Be Encrypted?
Of course, everyone’s wondering the same thing — will Twitter calls be encrypted? They’re encrypted on WhatsApp, Signal, Telegram, and Messenger. In response to a query about this, Musk clarified that encryption wasn’t a priority. When asked if calls would be encrypted, he said “not at first” but added that you’ll have the option “to turn encryption on or off dynamically.”
What’s he up to? Is it suspicious that he’s updating the privacy policy to allow the collection of biometric data at the same time as introducing unencrypted calls?
Does X Encrypt Messages?
You can start an encrypted conversation on X if both you and the recipient are verified. X states in a blog post that DMs are encrypted when they’re sent and decrypted once they reach the recipient. This sounds like end-to-end encryption, but the company avoids saying that, and instead states that X can’t protect against man-in-the-middle attacks, which is concerning. With true end-to-end encryption, no-one would be able to intercept your messages. Even more worrisome, X doesn’t support forward secrecy and doesn’t plan to implement it.
Most popular social media platforms offer true end-to-end encryption on direct messages — X doesn’t. This leaves room for cybercriminals or even Twitter to intercept your DMs, which obviously isn’t optimal for your privacy or security. Forward secrecy also helps protect your privacy by generating new cryptographic keys for every conversation. Without it, a third party would be able to read all your past conversations if it gets hold of the private key that decrypts your messages.
In a Tweet earlier this year, Elon spoke about X’s DM encryption, saying “The acid test is that I could not see your DMs even if there was a gun to my head. We’re not quite there yet, but we’re working on it.” However, it’s left us wondering why X wouldn’t just go the full mile and offer end-to-end encryption from the start. Why does it seem like X is choosing inferior encryption compared to other platforms?
The move is especially baffling considering that only verified users can send and receive encrypted DMs, and that the platform won’t even encrypt attachments. This leaves X lagging behind competitors that offer end-to-end encryption as a standard feature to all users. When Musk took over Twitter, he introduced a verification badge for paid users. It costs $8 per month, and without it, you miss out on a growing list of features.
What Are Encrypted Messages?
Encryption converts plain text (like in text messages) into unreadable ciphertext. The ciphertext can only be decrypted with a key, which, in end-to-end encryption, both the recipient and the sender have. This way, only the sender and recipient can see the plain text version. If someone happens to intercept your traffic, they’ll only see scrambled gibberish.
The Risk of Not Encrypting Online Conversations
If someone intercepts an unencrypted conversation, any sensitive information in your calls or messages is at risk. You should avoid including any financial information, passwords, or identifying information when communicating over unencrypted services. Encryption acts as a gatekeeper and prevents the wrong people from getting into your private matters.
How to Protect Yourself
If privacy is a major concern for you, you may not want to use X’s DM and upcoming call feature when sharing sensitive information — or at all. It’s worth remembering that X’s DMs aren’t 100% private even if they’re encrypted, and that when calls launch, they won’t be encrypted by default. If you haven’t manually enabled encryption and someone intercepts your calls, they’ll overhear your conversation.
We’d recommend taking steps to protect your data. One easy step you can take is always using a VPN when you browse the web or go on social media. VPNs make it more challenging for cybercriminals to intercept your traffic by encrypting your data and rerouting it through secure private servers.
CyberGhost VPN uses impenetrable encryption to safeguard your private data against threats like Man-in-the-Middle attacks. Our encryption scrambles your data into ciphertext that absolutely nobody can understand. A single subscription gives you access to a massive global server network which lets you mask your IP address with one from any location.
Update to Privacy Policy: Biometric Data
X updated its privacy policy to allow the collection of users’ biometric data collection. The update didn’t mention which collection methods X specifically plans on using.
X says the change is aimed at enhancing safety and security on the platform, particularly for premium users. You’ll be able to provide a government ID, along with a picture for biometric verification. The update also allows the collection of users’ employment and educational history, which the platform says will help with job matching and recommendation.
Despite being portrayed as a move toward greater security, not everyone is convinced. According to Stephen Wicker, Professor of Computer Engineering at Cornell University, “X’s announcement is an expansion of the ongoing farming of social network users for personal data that can be used for directed advertising.” He also added that data collection “continues to be a problem for the individuals that provide the data, while a source of wealth for those that take it.”
If Twitter happens to have a data leak, your biometric data could be at risk, including your voice, facial features, and iris pattern. Biometric data is one of the last lines of defense when it comes to security and authorization. Unlike passwords, which you can change as often as you like, you’re stuck with your biometrics for life!
The idea of a social media platform taking advantage of biometric data feels unnecessary and intrusive, but it’s not a new concept. In fact, we have to give Elon credit where it’s due — at least X is being forthcoming about it. Other social media platforms don’t mention it explicitly in their policy, but relentlessly harvest biometric data illegally — even in the face of legal trouble.
Biometric Data Misuse on Other Platforms
Unlawful biometric data harvesting is a continuous problem with big social media platforms like Facebook and Instagram. Despite not outlining it explicitly in their privacy policies, they continue to do it. They don’t even show remorse after lawsuits. In spite of heavy fines, they’ve proven themselves to be repeat offenders, which makes you wonder how much these big tech companies’ privacy policies are worth in the first place.
In January 2020, Facebook paid $550 million to settle a lawsuit about biometric facial recognition. This didn’t stop them from facing another similar lawsuit in 2021 for unauthorized facial recognition tagging in Illinois courts. They say three makes a pattern, and in 2022, Facebook faced another lawsuit launched by Attorney General Paxton for illegal use of biometric data.
Similarly, Instagram paid $650 million to settle a class-action lawsuit for illegal biometric data collection in 2020. This didn’t stop them from committing similar offenses in 2023, paying $68.5 million to settle another class-action lawsuit.
These ongoing repeat offenses make it seem like Meta is more than happy to pay the fines. Despite the lawsuits and settlements, Meta must be making enough from your data to justify it.
As X Grows, So Do Privacy Concerns
As X transforms itself into a multifaceted platform, privacy concerns grow. The absence of automatic encryption on the new call feature may put X behind alternatives. Its DM encryption is also limited and only available to paid users.
X’s CEO emphasizes the goal for the platform is to become an “everything app,” an expansion that’s caused many worrisome changes to X’s practices and privacy policy.
While X claims this is for security purposes, some argue it’s another move for targeted advertising. It’s worth noting that X is more transparent about biometric data collection than other platforms, and that Facebook and Instagram repeatedly face lawsuits for unauthorized biometric data use without stopping. As social media platforms expand their reach, user data privacy remains a critical concern.
FAQs
No, X’s voice and video calls will not be encrypted by default. Elon Musk mentioned that encryption is not a priority for these features, although you may have the option to enable encryption dynamically when the option is added. Read more on X’s announcement about voice and video calls.
Not yet — but soon. X (formerly Twitter) has announced plans to introduce voice and video calls on its platform in the near future. While voice and video calls will be possible, they won’t be automatically encrypted like on Facebook, Instagram, WhatsApp, Signal, and Telegram. This may put your privacy at risk as cybercriminals could intercept your calls.
X is working on introducing video calls as one of its new features but hasn’t specified when it will become available. Musk posted several tweets promising to add a calls feature that includes voice and video calls.
Twitter Direct Messages (DMs) are encrypted for verified users, but not with end-to-end encryption. While messages are encrypted during transmission and storage, they’re decrypted once they reach the recipient. Only verified users can enjoy encrypted DMs, leaving X behind competitors who offer free — and better — encryption to all users. Check out our list of the best private messaging apps.
Encrypted messages are messages where plain text is transformed into unreadable code, known as ciphertext. This transformation ensures only the sender and recipient can see the original content. If intercepted, encrypted messages appear as gibberish to unauthorized parties. Secure your online communication with the best messaging VPN — our encryption is unbreakable.