Security researcher and reverse-engineering blogger Jane Manchun Wong discovered evidence that Twitter may be bringing end-to-end encryption to Twitter, as well as two other potential changes that are pretty useful.
She made the information public via a series of tweets that leaked details of the new features that are still in development.
Trivial but useful change
The first upcoming change is the removal of the source field.
The source field is the section under each tweet that indicates what type of device was used to post the tweet.
There must be a purpose for this feature, but it’s not immediately apparent.
Ultimately, this is a trivial change, but probably useful as it reduces clutter.
Yes indeed. The source field has disappeared from the tweet detail view in this prototype https://t.co/ZTFOnfdXvP pic.twitter.com/KaCOFmKzLE
— Jane Manchun Wong (@wongmjane) November 16, 2022
End-to-End Encryption
End-to-End Encryption (E2EE) is a secure communication protocol that is completely private and has no access from parties other than those participating in the message delivery.
In general, this is a good idea. But there are also some who have valid concerns about adding E2EE to messaging, which may not necessarily be tied to a phone in the same way as WhatsApp and Telegram.
Jane Manchun Wong discovers evidence
Jane Manchun Wong is a notable reverse engineering expert who has been interviewed and profiled on sites such as BBC News and MIT Technology Review.
According to the BBC profile about her:
“She discovered that Airbnb was testing a new flight integration feature that notifies hosts on the site when their guests’ planes have landed safely.
And she blew the horn when Instagram started experimenting with augmented reality profile pictures.”
MIT Technology Review wrote the following about them:
“Wong, 27, has a supernatural ability to crack tough code — along with a sizeable Twitter following that includes some of the biggest names in tech and journalism.
As she gets into the back end of websites’ code to see what software developers are tinkering with, they eagerly await her discoveries. “
While exploring the Twitter Android app recently, she discovered that the E2EE feature might be available for Twitter’s Direct Messaging (DM) service.
She tweeted and posted a screenshot of the evidence:
“Twitter is bringing back end-to-end encrypted DMs
Seeing signs of the feature being worked on in Twitter for Android:”
Twitter is bringing back end-to-end encrypted DMs
Signs that the feature is being worked on in Twitter for Android: https://t.co/YtOPHH3ntD pic.twitter.com/5VODYt3ChK
— Jane Manchun Wong (@wongmjane) November 16, 2022
Jane also posted another proof:
Early prototype of Twitter’s upcoming end-to-end encrypted DMs “encryption key” screen: https://t.co/rcnd7h68lO pic.twitter.com/EMXSlI188j
— Jane Manchun Wong (@wongmjane) November 16, 2022
Jane has requested end-to-end encryption
Back on November 9, 2022, she responded to a tweet from Elon Musk asking for suggestions for Twitter.
she tweeted:
“Resurrect end-to-end encrypted DMs!”
Revive end-to-end encrypted DMs! https://t.co/pBEQro3E4e
— Jane Manchun Wong (@wongmjane) November 9, 2022
Is Twitter DM End-to-End Encryption a Good Idea?
Lea Kissner, Twitter’s former chief information security officer, shared her observations on potential pitfalls.
she tweeted:
“For context, I have a PhD in Cryptography, my PhD is on privacy-friendly cryptographic protocols, and I’m publicly known to have worked on several novel E2EE systems (from Zoom and Google).
So: 1) YMMV because every system is a little bit different 2) this is not my first rodeo”
Among their concerns was the possibility of abuse.
She explained in a follow-up tweet:
“Note that just looking at WhatsApp or Signal doesn’t give you nearly enough understanding of what abuse will look like on a non-phone number based network. They have it *much* easier and it’s still not resolved.”
She also noted the complexity involved in rolling out to multiple devices:
“5. Multiple devices. All of this becomes more annoying (but still controllable) when users have more than one device, *especially* if you don’t want the server to be able to easily add devices (because it breaks security).”
But in the end, she confirmed that end-to-end encryption was doable for Twitter.
I’m sure I forgot something and all of this is doable, but note:
1) Like all cryptographic schemes, E2EE is subtle and annoying quickly and needs to be done carefully
2) Note that nowhere in this list have I included the actual part that does the encryption/decryption– Lea Kissner (@LeaKissner) November 16, 2022
Ban on illegal content in South Korea
The third feature that Jane discovered is actually good because it prevents cyberstalking and the posting of illegal videos uploaded by cyberstalkers and creeps.
she tweeted:
“Twitter is working on a media alert for users in South Korea
“If you upload illegally filmed content, Twitter may delete or block access to the content and the uploader may be sanctioned.”
Apparently, this is aimed at the issue of illegally filmed videos of people and cyberstalking.
Twitter is working on a media alert for users in South Korea
“If you upload illegally filmed content, Twitter may delete or block access to the content and the uploader may be sanctioned.” pic.twitter.com/GUW1XGIaPY
— Jane Manchun Wong (@wongmjane) November 16, 2022
This is actually a very useful feature that will hopefully help combat spycam videos and similar media recorded without someone’s knowledge or consent.
Will features actually be introduced?
It looks like the Twitter team is actively working on these useful features. It will be interesting to see how quickly they can roll it out with the reduced workforce.
Featured image from Shutterstock/RealPeopleStudio
