Security researcher leaks details of end-to-end DM encryption and anti-cyberstalking measures possibly coming to Twitter
Security researcher and reverse engineering blogger Jane Manchun Wong discovered evidence that Twitter may be bringing end to end encryption to Twitter, plus two more possible changes that are fairly useful.
She made the information public via a series of tweets that leaked details of the new features still under development..
Trivial But Useful Change
The first change that’s coming is the removal of the source field.
The source field is the section beneath every tweet that tells what kind of device was used to post the tweet.
There must be a purpose for that feature but it’s not immediately apparent.
Ultimately this is a trivial change but probably useful in that it reduces clutter.
End to End Encryption
End-to-end Encryption (E2EE) is a secure communication protocol that is completely private, with zero access from any other party other than those who are participating in the messaging.
In general this is a good idea. But there are also some who raise legitimate concerns about adding E2EE to messaging that might not necessarily be tied to a phone in the same way that WhatsApp and Telegram are.
Jane Manchun Wong Discovers Evidence
Jane Manchun Wong is notable reverse engineering expert who has been interviewed and profiled on sites like BBC News and MIT Technology Review.
According to the BBC profile on her:
“She discovered that Airbnb was testing a new flight integration feature that alerted hosts on the website when their guests’ planes landed safely.
And she sounded the horn when Instagram began experimenting with augmented reality profile pictures.”
MIT Technology Review wrote this about her:
“Wong, 27, has a preternatural ability to crack difficult code—along with a sizable Twitter following that includes some of the biggest names in tech and journalism.
As she gets into the back end of websites’ code to see what software engineers are tinkering with, they await her discoveries with interest. “
Exploring the Twitter Android app she recently discovered that the E2EE feature might be coming to Twitter’s Direct Messaging (DM) service.
She tweeted and posted a screenshot of the evidence:
“Twitter is bringing back end-to-end encrypted DMs
Seeing signs of the feature being worked on in Twitter for Android:”
Is Twitter DM End to End Encryption a Good Idea?
Lea Kissner, the former Twitter Chief Information Security Officer shared her observations about possible pitfalls.
“For context: I have a PhD in cryptography, my thesis is on privacy-preserving cryptographic protocols, and I’m publicly known to have worked on several novel E2EE systems (from Zoom and Google).
So: 1) YMMV because every system is a bit different 2) this is not my first rodeo”
Among her concerns was the possibility of abuse.
She explained in a follow-up tweet:
“Note that just looking at WhatsApp or Signal doesn’t give you nearly enough understanding about what abuse will be like on a non-phone-number-based network. They have a *much* easier time and it’s still not solved.”
She also noted the complexity involved when rolling it out to multiple devices:
“5. Multiple devices. All of this gets more annoying (though still tractable) when users have more than one device, *especially* if you don’t want the server to be able to just willy nilly add devices (because that compromises security).”
But in the end she affirmed that end-to-end Encryption is doable for Twitter.
Block for Illegal Content in South Korea
The third feature Jane discovered is actually a good one because it works to defeat cyberstalking and the publication of illegal videos uploaded by cyberstalkers and creeps.
“Twitter is working on a media warning for users in South Korea
“If you upload any Illegally Filmed Content, Twitter may delete or block access to the content and the uploader may be sanctioned.””
Apparently this is aimed at the issue of illegally filmed videos of people and cyberstalking.
This is actually a very useful feature that hopefully will help combat spycam videos and similar media that was taken without a person’s knowledge or agreement.
Will Features Actually Roll Out?
It looks like the Twitter team may be actively working on these useful features. It will be interesting to see how fast they can roll it out with the reduced workforce.
If you are interested in original article by Roger Montti you can find it here