Fri. Dec 27th, 2024

A top Twitter staffer said its new encrypted DM feature was tested by a cybersecurity firm, but insiders say the company never signed a formal deal due to layoffs – report says<!-- wp:html --><p>Twitter logo displayed on a cell phone with Elon Musk and the Twitter bird in the background.</p> <p class="copyright">Jonathan Raa/NurPhoto via Getty Images</p> <p>Twitter announced its new encrypted DMs feature last week.<br /> Elon Musk and the company both warned that it wasn't fully secure yet so shouldn't be trusted.<br /> The project's lead said it had been audited by a cybersecurity firm; company sources disputed this, per Platformer.</p> <p>A Twitter engineer leading the platform's new encrypted messaging feature for paid users appeared to falsely claim that it had been audited by a top cybersecurity firm, <a href="https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted" target="_blank" rel="noopener">Platformer</a> reported.</p> <p>When Twitter released the feature last week, it came with several disclaimers that it wasn't yet fully secure.</p> <p>"The acid test is that I could not see your DMs even if there was a gun to my head," Elon Musk <a href="https://twitter.com/elonmusk/status/1656084243905384449" target="_blank" rel="noopener">wrote</a> on Twitter – adding that the company wasn't quite at that level. "Try it, but don't trust it yet," he later <a href="https://twitter.com/elonmusk/status/1656570790039678976?s=20" target="_blank" rel="noopener">said</a>.</p> <p><a href="https://www.businessinsider.com/guides/tech/end-to-end-encryption">The idea is that by having DMs encrypted,</a> text can only be read by participants of that conversation – as is the case on platforms such as WhatsApp. </p> <p><a href="https://help.twitter.com/en/using-twitter/encrypted-direct-messages" target="_blank" rel="noopener">Twitter said</a> in a blog post that this new feature could be vulnerable to "man-in-the-middle attacks" which would let "a malicious insider, or Twitter itself as a result of a compulsory legal process" access users' DMs.</p> <p>According to Platformer, Christopher Stanley – a former SpaceX staffer who now runs Twitter's security engineering and the <a href="https://www.businessinsider.com/elon-musk-says-twitter-add-video-voice-call-secure-dms-2022-11">encrypted DMs project</a> – said that this new feature had been audited by a cybersecurity firm called Trail of Bits in a now-deleted tweet.</p> <p>"A white paper will be published soon," Stanley reportedly Tweeted. "I had [cybersecurity firm] Trail of Bits audit our implementation. Dan Guido and those folks are badass" – referring to its CEO who has also <a href="https://www.cftc.gov/PressRoom/PressReleases/8674-23" target="_blank" rel="noopener">advised</a> the Commodity Futures Trading Committee.</p> <p>But Twitter hadn't even signed a contract with the firm yet, unnamed company sources told Platformer.</p> <p>According to the tech newsletter, that's because Twitter keeps laying off the procurement staff who would handle such deals.</p> <p>Since Musk took over the company last October, <a href="https://www.businessinsider.com/elon-musk-chops-twitter-down-1000-employees-2023-5">Twitter's workforce has fallen roughly 90%</a> to around 1,000 employees, Insider's Kali Hays reported. These layoffs have caused <a href="https://www.businessinsider.com/twitter-went-down-because-employee-accidentally-deleted-data-report-2023-2">at least one major outage on Twitter</a>. </p> <p>Insider contacted Twitter for comment. The company responded with an automated message that didn't address the inquiry.</p> <p>Trail of Bits did not immediately respond to Insider's request for comment which was sent outside US working hours.</p> <div class="read-original">Read the original article on <a href="https://www.businessinsider.com/twitter-encrypted-dms-head-appeared-to-falsely-claim-security-audit-2023-5">Business Insider</a></div><!-- /wp:html -->

Twitter logo displayed on a cell phone with Elon Musk and the Twitter bird in the background.

Twitter announced its new encrypted DMs feature last week.
Elon Musk and the company both warned that it wasn’t fully secure yet so shouldn’t be trusted.
The project’s lead said it had been audited by a cybersecurity firm; company sources disputed this, per Platformer.

A Twitter engineer leading the platform’s new encrypted messaging feature for paid users appeared to falsely claim that it had been audited by a top cybersecurity firm, Platformer reported.

When Twitter released the feature last week, it came with several disclaimers that it wasn’t yet fully secure.

“The acid test is that I could not see your DMs even if there was a gun to my head,” Elon Musk wrote on Twitter – adding that the company wasn’t quite at that level. “Try it, but don’t trust it yet,” he later said.

The idea is that by having DMs encrypted, text can only be read by participants of that conversation – as is the case on platforms such as WhatsApp. 

Twitter said in a blog post that this new feature could be vulnerable to “man-in-the-middle attacks” which would let “a malicious insider, or Twitter itself as a result of a compulsory legal process” access users’ DMs.

According to Platformer, Christopher Stanley – a former SpaceX staffer who now runs Twitter’s security engineering and the encrypted DMs project – said that this new feature had been audited by a cybersecurity firm called Trail of Bits in a now-deleted tweet.

“A white paper will be published soon,” Stanley reportedly Tweeted. “I had [cybersecurity firm] Trail of Bits audit our implementation. Dan Guido and those folks are badass” – referring to its CEO who has also advised the Commodity Futures Trading Committee.

But Twitter hadn’t even signed a contract with the firm yet, unnamed company sources told Platformer.

According to the tech newsletter, that’s because Twitter keeps laying off the procurement staff who would handle such deals.

Since Musk took over the company last October, Twitter’s workforce has fallen roughly 90% to around 1,000 employees, Insider’s Kali Hays reported. These layoffs have caused at least one major outage on Twitter

Insider contacted Twitter for comment. The company responded with an automated message that didn’t address the inquiry.

Trail of Bits did not immediately respond to Insider’s request for comment which was sent outside US working hours.

Read the original article on Business Insider

By