I mean fair, but when Encrypted DM went live, Twitter was just starting to get into the AI field, and it was amidst a very uncertain state at that time, so I wouldn’t be surprised if they haden’t even thought of it.
untakenusername@sh.itjust.works
on 30 May 17:19
collapse
I think there was a once a time in which he did some smart stuff (although he gets a ton a credit for stuff his employies do), but since he starting taking all those drugs he became actually insane and stupid
like theres actually no benefit of any sort to do a fucking Nazi salute
HyperfocusSurfer@lemmy.dbzer0.com
on 29 May 19:55
nextcollapse
Do people really use DMs there?
UnderpantsWeevil@lemmy.world
on 30 May 14:20
collapse
I doubt this is news to most folks on the Fediverse, but don’t trust Twitter, Facebook, or any company whose business model is advertising to secure your private conversations.
Even if they aren’t up to no good today, it is only a matter of time until they come for your messages.
sparky@lemmy.federate.cc
on 29 May 23:26
nextcollapse
As it happens, you shouldn’t trust Lemmy DMs either, as they’re not encrypted and can be read by instance administrators. So don’t use them to say anything that you wouldn’t be okay making public.
ferrule@sh.itjust.works
on 30 May 02:21
nextcollapse
this should be the default stance when using any built in encryption. always separate the mode of encryption from the mode of transmission.
NotMyOldRedditName@lemmy.world
on 30 May 02:43
collapse
Someone told me they are public some months ago? Like if someone wanted to look up your lemmy DMs they could.
Robust_Mirror@aussie.zone
on 30 May 10:31
collapse
There was an exploit in version 0.17.0 through 0.19.0 (fixed in 0.19.1) that, from what I understand, allowed people to view DMs of anyone by reporting them, but as you can’t know the ID of a given DM you’re not part of, they couldn’t really target a specific user, but rather would just send reports to a range of potential IDs and see what comes back.
FreedomAdvocate@lemmy.net.au
on 30 May 00:58
nextcollapse
You’re saying this on a platform that has no business model for making money and basically has no security or privacy because you’re trusting whichever random people run the instances.
iconic_admin@lemmy.world
on 30 May 00:10
nextcollapse
So… they’re definitely adding some spying capabilities.
neukenindekeuken@sh.itjust.works
on 30 May 13:13
collapse
100%. If it was purely a migration, it wouldn’t need to have downtime. There’s ways to replay events and eventually catch a system up (eventual consistency models).
This feels more like they’re adding backdoor into their encryption algorithms for government agencies.
Given who musk is, and what he’s done the last year and who he’s hanging out with in this admin, that’s a near sure thing.
FreedomAdvocate@lemmy.net.au
on 30 May 01:03
nextcollapse
Before too many more conspiracy theorists jump in - it looks like they’re replacing encrypted DMs with “chat” where EVERYTHING is encrypted:
The fact that he tried to make it like there is a reasonable reason is delightful.
neukenindekeuken@sh.itjust.works
on 30 May 13:12
collapse
“Improvements” = Adding backdoors to their encryption for agency spying networks.
This is how that works.
UnderpantsWeevil@lemmy.world
on 30 May 14:19
collapse
I’m more than confident that Twitter already had a backdoor for encrypted DMs.
However, I would bet cash money that the current administration has lost the institutional knowledge of how to use it. So they’re having to reinvent the wheel, most likely by injecting a bunch of new bugs and sloppily implemented hacks.
I just like the idea that previous administrations just delete all of the documentation on the way out, rather like a fired sysadmin worker deleting all their automation scripts. “Work it out for yourself”
MolecularCactus1324@lemmy.world
on 30 May 16:38
nextcollapse
I thought they disabled DMs when some influencer refused to have Elon Musk’s babies and shared her DMs with a friend
starkzarn@infosec.pub
on 30 May 18:23
nextcollapse
I would not trust any company/website to properly encrypt any important messages in the first place so I don’t care whether they add a backdoor (and I’ve never had a Twitter account anyway).
…but it sounds like a really shitty development/release process to me. Why would you disable something while whatever is to come in its place is not ready yet?
Why not do the development first and then migrate when it’s actually ready lol
threaded - newest
Three years later…
“We are excited to announce the new encrypted messaging feature that is going to be released soon™”
“With the latest update, you are now unable to read any encrypted PMs before may 2025. Sorry for the inconvenience.”
More like, “for your convenience, we have decrypted all of your encrypted PMs before May 2025 and included them in this plaintext document”
They need to add a backdoor
that is my first thought as well.
“Shoot we didn’t take into consideration that GROK will need to be able to see these somehow, so now we need to redo it”
Bold of you to assume they weren’t already able to do it
I mean fair, but when Encrypted DM went live, Twitter was just starting to get into the AI field, and it was amidst a very uncertain state at that time, so I wouldn’t be surprised if they haden’t even thought of it.
I just assumed it was elon trying decrypt old messages to make trump people happy so they go after individuals
People need to stop going on Twitter…
Lemmy instance admins don’t even need a backdoor to read your “private” messages btw.
Obviously…
Like, you understand someone has to monitor that shit, right?
Do people think social media DMs are supposed to be secure?
I mean, ones that are E2E encrypted are…
No, they don’t if they’re encrypted.
a? as in one?
every agency gets their own key.
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣤⣤⣤⣤⣤⣶⣦⣤⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⡿⠛⠉⠙⠛⠛⠛⠛⠻⢿⣿⣷⣤⡀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⣼⣿⠋⠀⠀⠀⠀⠀⠀⠀⢀⣀⣀⠈⢻⣿⣿⡄⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⣸⣿⡏⠀⠀⠀⣠⣶⣾⣿⣿⣿⠿⠿⠿⢿⣿⣿⣿⣄⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⣿⣿⠁⠀⠀⢰⣿⣿⣯⠁⠀⠀⠀⠀⠀⠀⠀⠈⠙⢿⣷⡄⠀ ⠀⠀⣀⣤⣴⣶⣶⣿⡟⠀⠀⠀⢸⣿⣿⣿⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣷⠀ ⠀⢰⣿⡟⠋⠉⣹⣿⡇⠀⠀⠀⠘⣿⣿⣿⣿⣷⣦⣤⣤⣤⣶⣶⣶⣶⣿⣿⣿⠀ ⠀⢸⣿⡇⠀⠀⣿⣿⡇⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠃⠀ ⠀⣸⣿⡇⠀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠉⠻⠿⣿⣿⣿⣿⡿⠿⠿⠛⢻⣿⡇⠀⠀ ⠀⣿⣿⠁⠀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣧⠀⠀ ⠀⣿⣿⠀⠀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿⠀⠀ ⠀⣿⣿⠀⠀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿⠀⠀ ⠀⢿⣿⡆⠀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ ⠀⠸⣿⣧⡀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠃⠀⠀ ⠀⠀⠛⢿⣿⣿⣿⣿⣇⠀⠀⠀⠀⠀⣰⣿⣿⣷⣶⣶⣶⣶⠶⠀⢠⣿⣿⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⣿⣿⡇⠀⣽⣿⡏⠁⠀⠀⢸⣿⡇⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⣿⣿⡇⠀⢹⣿⡆⠀⠀⠀⣸⣿⠇⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⢿⣿⣦⣄⣀⣠⣴⣿⣿⠁⠀⠈⠻⣿⣿⣿⣿⡿⠏⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠈⠛⠻⠿⠿⠿⠿⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀Oh man I may have to stop using this fascist propaganda service now.
elon is the dumbest “genius” ever 🤦♂️
he’s just rich but likes to pretend smart
I think there was a once a time in which he did some smart stuff (although he gets a ton a credit for stuff his employies do), but since he starting taking all those drugs he became actually insane and stupid
like theres actually no benefit of any sort to do a fucking Nazi salute
Do people really use DMs there?
For spamming ads and scams to people? Absolutely.
I doubt this is news to most folks on the Fediverse, but don’t trust Twitter, Facebook, or any company whose business model is advertising to secure your private conversations.
Even if they aren’t up to no good today, it is only a matter of time until they come for your messages.
As it happens, you shouldn’t trust Lemmy DMs either, as they’re not encrypted and can be read by instance administrators. So don’t use them to say anything that you wouldn’t be okay making public.
this should be the default stance when using any built in encryption. always separate the mode of encryption from the mode of transmission.
Someone told me they are public some months ago? Like if someone wanted to look up your lemmy DMs they could.
There was an exploit in version 0.17.0 through 0.19.0 (fixed in 0.19.1) that, from what I understand, allowed people to view DMs of anyone by reporting them, but as you can’t know the ID of a given DM you’re not part of, they couldn’t really target a specific user, but rather would just send reports to a range of potential IDs and see what comes back.
You’re saying this on a platform that has no business model for making money and basically has no security or privacy because you’re trusting whichever random people run the instances.
And I treat this platform accordingly. There is no expectation of privacy here. You are a private as you choose to be.
I’ve been hearing a lot of straight up adverts about WhatsApp recently, which I found interesting.
I saw a WhatsApp ad on Prime. And it was focused on the encryption aspect. “WhatsApp can’t even read your messages” or whatever. Was weird.
I’m hearing a lot of that on the radio.
So… they’re definitely adding some spying capabilities.
100%. If it was purely a migration, it wouldn’t need to have downtime. There’s ways to replay events and eventually catch a system up (eventual consistency models).
This feels more like they’re adding backdoor into their encryption algorithms for government agencies.
Given who musk is, and what he’s done the last year and who he’s hanging out with in this admin, that’s a near sure thing.
Before too many more conspiracy theorists jump in - it looks like they’re replacing encrypted DMs with “chat” where EVERYTHING is encrypted:
x.com/P4mui/status/1927829200599224624
<img alt="" src="https://lemmy.net.au/pictrs/image/8236f697-91b9-4a3a-a35f-9ff14ea96221.png">
They’re moving to IRC?
Haha yeh that person probably should have seen if XChat was already taken, but you know what they meant.
Last update 2010. Makes me sad. Good times using IRC, I should find a modern program and get back on there.
Damn. That’s probably the last time I used it, too.
irssi
Will they be using a modern encryption protocol this time?
They’re being rerouted to a more “secure” storage facility. I believe it’s Kaspersky’s.
Is not Kaspersky part of the US government embargo on Russian companies?
🤣
The fact that he tried to make it like there is a reasonable reason is delightful.
“Improvements” = Adding backdoors to their encryption for agency spying networks.
This is how that works.
I’m more than confident that Twitter already had a backdoor for encrypted DMs.
However, I would bet cash money that the current administration has lost the institutional knowledge of how to use it. So they’re having to reinvent the wheel, most likely by injecting a bunch of new bugs and sloppily implemented hacks.
I just like the idea that previous administrations just delete all of the documentation on the way out, rather like a fired sysadmin worker deleting all their automation scripts. “Work it out for yourself”
I thought they disabled DMs when some influencer refused to have Elon Musk’s babies and shared her DMs with a friend
They misspelled “backdoors.”
I would not trust any company/website to properly encrypt any important messages in the first place so I don’t care whether they add a backdoor (and I’ve never had a Twitter account anyway).
…but it sounds like a really shitty development/release process to me. Why would you disable something while whatever is to come in its place is not ready yet?
Why not do the development first and then migrate when it’s actually ready lol
There may be several reasons for this. If I had to guess, they found a critical flaw and had to shut it down for security reasons.
Just use PGP everywhere, it doesn’t matter where you chat then.
And there we have it - new fully encrypted chat launched on X.
<img alt="" src="https://lemmy.net.au/pictrs/image/69131bc9-aebb-44f9-9746-69c7aca7a49e.jpeg">