Almost two years ago, Twitter launched encrypted direct messages. I wrote about their technical implementation at the time, and to the best of my knowledge nothing has changed. The short story is that the actual encryption primitives used are entirely normal and fine - messages are encrypted using AES, and the AES keys are exchanged via NIST P-256 elliptic curve asymmetric keys. The asymmetric keys are each associated with a specific device or browser owned by a user, so when you send a message to someone you encrypt the AES key with all of their asymmetric keys and then each device or browser can decrypt the message again. As long as the keys are managed appropriately, this is infeasible to break.

But how do you know what a user's keys are? I also wrote about this last year - key distribution is a hard problem. In the Twitter DM case, you ask Twitter's server, and if Twitter wants to intercept your messages they replace your key. The documentation for the feature basically admits this - if people with guns showed up there, they could very much compromise the protection in such a way that all future messages you sent were readable. It's also impossible to prove that they're not already doing this without every user verifying that the public keys Twitter hands out to other users correspond to the private keys they hold, something that Twitter provides no mechanism to do.

This isn't the only weakness in the implementation. Twitter may not be able read the messages, but every encrypted DM is sent through exactly the same infrastructure as the unencrypted ones, so Twitter can see the time a message was sent, who it was sent to, and roughly how big it was. And because pictures and other attachments in Twitter DMs aren't sent in-line but are instead replaced with links, the implementation would encrypt the links but not the attachments - this is "solved" by simply blocking attachments in encrypted DMs. There's no forward secrecy - if a key is compromised it allows access to not only all new messages created with that key, but also all previous messages. If you log out of Twitter the keys are still stored by the browser, so if you can potentially be extracted and used to decrypt your communications. And there's no group chat support at all, which is more a functional restriction than a conceptual one.

To be fair, these are hard problems to solve! Signal solves all of them, but Signal is the product of a large number of highly skilled experts in cryptography, and even so it's taken years to achieve all of this. When Elon announced the launch of encrypted DMs he indicated that new features would be developed quickly - he's since publicly mentioned the feature a grand total of once, in which he mentioned further feature development that just didn't happen. None of the limitations mentioned in the documentation have been addressed in the 22 months since the feature was launched.

Why? Well, it turns out that the feature was developed by a total of two engineers, neither of whom is still employed at Twitter. The tech lead for the feature was Christopher Stanley, who was actually a SpaceX employee at the time. Since then he's ended up at DOGE, where he apparently set off alarms when attempting to install Starlink, and who today is apparently being appointed to the board of Fannie Mae, a government-backed mortgage company.

Anyway. Use Signal.

comments

During COVID, I started working on a book called Permissionless.

It was born out of frustration—the kind that gnaws at you when you see how broken the systems are, how unnecessary the gatekeepers have become, how much red tape gets in the way of solving real problems.

The book was about taking the DIY ethos and applying it as a manifesto for problem-solving, social change, cutting through bureaucracy, pushing past institutional overreach. A manifesto for people who saw the world as something they could rebuild, rather than something they had to accept.

I self-published it this year. I was happy with the launch. It found its audience. People bought it, shared it, sent me messages saying it resonated.

You bought it.

Right here on Gumroad.

You supported me.

That meant a lot.

Recently, a publisher reached out. They wanted to release the book officially. Expand its reach. Give it legitimacy.

So I sat down to read it again.

And I realized I had to say no.

Not just say no—I had to delete the whole thing from my website. Remove it from Gumroad. Kill it completely. No matter how much money I was leaving on the table. No matter how many copies had already been sold.

Because the world had shifted under my feet.

Because Elon Musk and his acolytes—his billionaire cronies, his reactionary fanboys, the cult that believes burning everything down is the same thing as building something better—have twisted ideas like mine into weapons. They’ve taken concepts like regulatory bloat and institutional decay and rent-seeking and duplicitously turned them into blunt objects they’re currently using to destroy the world I love.

They don’t believe in permissionless the way folks like me meant it. They don’t want to create. They want to destroy. They want to gut expertise, dismantle institutions, break things just to watch them shatter, then call it innovation.

And I refuse to be useful to them in any way, shape or form.

There’s a version of Permissionless that exists in a better world—a world where breaking down barriers is about lifting people up, not tearing them down. A world where expertise isn’t the enemy, where knowledge isn’t discarded in favor of whoever yells the loudest. A world where being “permissionless” means solving problems, not creating chaos for the sake of it.

But that’s not the world we live in.

And I can’t pretend otherwise.

I believe in the ideas in my book. But I also believe in responsibility. I believe in knowing when something you create could do harm in the wrong hands. I believe in looking at a movement and asking, Who benefits? Who suffers? Who is using this, and for what?

And if the answer makes my stomach turn, I don’t get to look away.

I wrote Permissionless because I wanted to see a world where people took action instead of waiting for permission. But I won’t let my work become an excuse for dismantling what little stability we have left. I won’t let it be co-opted by people who see destruction as an end goal.

For now, the book is gone.

I want to write a new version. A better version. It might take weeks. It might months.

If you bought the book, please know - I love and appreciate you, and I do not regret writing and sharing it with you. And you’ll get the new version free, as soon as it’s ready.

But for now, I can’t keep putting it out there.

Don’t get me wrong. I stand by the premise. But I don’t stand with the people who are currently warping concepts like Permissionless to their own ends.

I refuse to be useful to people who could turn my work into something ugly.

Federal officials placed 1,300 employees at Voice of America on indefinite paid leave, while severing contracts with Radio Free Asia and other U.S.-funded networks.

(Image credit: Andrew Harnik)

every damn time

Emails submitted as part of new court filings in the case NTEU vs Vought reveal the breakneck speed at which Russell Vought and Elon Musk’s DOGE staffers sought to completely shutter the CFPB. They show how the administration had hoped to …

NEW: Emails Confirm What We Knew All Along: They Were Planning to Fire Us All Read More »

The post NEW: Emails Confirm What We Knew All Along: They Were Planning to Fire Us All appeared first on CFPB Union.