471 stories
·
0 followers

Failing upwards: the Twitter encrypted DM failure

1 Share
Almost two years ago, Twitter launched encrypted direct messages. I wrote about their technical implementation at the time, and to the best of my knowledge nothing has changed. The short story is that the actual encryption primitives used are entirely normal and fine - messages are encrypted using AES, and the AES keys are exchanged via NIST P-256 elliptic curve asymmetric keys. The asymmetric keys are each associated with a specific device or browser owned by a user, so when you send a message to someone you encrypt the AES key with all of their asymmetric keys and then each device or browser can decrypt the message again. As long as the keys are managed appropriately, this is infeasible to break.

But how do you know what a user's keys are? I also wrote about this last year - key distribution is a hard problem. In the Twitter DM case, you ask Twitter's server, and if Twitter wants to intercept your messages they replace your key. The documentation for the feature basically admits this - if people with guns showed up there, they could very much compromise the protection in such a way that all future messages you sent were readable. It's also impossible to prove that they're not already doing this without every user verifying that the public keys Twitter hands out to other users correspond to the private keys they hold, something that Twitter provides no mechanism to do.

This isn't the only weakness in the implementation. Twitter may not be able read the messages, but every encrypted DM is sent through exactly the same infrastructure as the unencrypted ones, so Twitter can see the time a message was sent, who it was sent to, and roughly how big it was. And because pictures and other attachments in Twitter DMs aren't sent in-line but are instead replaced with links, the implementation would encrypt the links but not the attachments - this is "solved" by simply blocking attachments in encrypted DMs. There's no forward secrecy - if a key is compromised it allows access to not only all new messages created with that key, but also all previous messages. If you log out of Twitter the keys are still stored by the browser, so if you can potentially be extracted and used to decrypt your communications. And there's no group chat support at all, which is more a functional restriction than a conceptual one.

To be fair, these are hard problems to solve! Signal solves all of them, but Signal is the product of a large number of highly skilled experts in cryptography, and even so it's taken years to achieve all of this. When Elon announced the launch of encrypted DMs he indicated that new features would be developed quickly - he's since publicly mentioned the feature a grand total of once, in which he mentioned further feature development that just didn't happen. None of the limitations mentioned in the documentation have been addressed in the 22 months since the feature was launched.

Why? Well, it turns out that the feature was developed by a total of two engineers, neither of whom is still employed at Twitter. The tech lead for the feature was Christopher Stanley, who was actually a SpaceX employee at the time. Since then he's ended up at DOGE, where he apparently set off alarms when attempting to install Starlink, and who today is apparently being appointed to the board of Fannie Mae, a government-backed mortgage company.

Anyway. Use Signal.

comment count unavailable comments
Read the whole story
rosskarchner
13 days ago
reply
Share this story
Delete

Why I Stopped Selling Permissionless

1 Share

During COVID, I started working on a book called Permissionless.

It was born out of frustration—the kind that gnaws at you when you see how broken the systems are, how unnecessary the gatekeepers have become, how much red tape gets in the way of solving real problems.

The book was about taking the DIY ethos and applying it as a manifesto for problem-solving, social change, cutting through bureaucracy, pushing past institutional overreach. A manifesto for people who saw the world as something they could rebuild, rather than something they had to accept.

I self-published it this year. I was happy with the launch. It found its audience. People bought it, shared it, sent me messages saying it resonated.

You bought it.

Right here on Gumroad.

You supported me.

That meant a lot.

Recently, a publisher reached out. They wanted to release the book officially. Expand its reach. Give it legitimacy.

So I sat down to read it again.

And I realized I had to say no.

Not just say no—I had to delete the whole thing from my website. Remove it from Gumroad. Kill it completely. No matter how much money I was leaving on the table. No matter how many copies had already been sold.

Because the world had shifted under my feet.

Because Elon Musk and his acolytes—his billionaire cronies, his reactionary fanboys, the cult that believes burning everything down is the same thing as building something better—have twisted ideas like mine into weapons. They’ve taken concepts like regulatory bloat and institutional decay and rent-seeking and duplicitously turned them into blunt objects they’re currently using to destroy the world I love.

They don’t believe in permissionless the way folks like me meant it. They don’t want to create. They want to destroy. They want to gut expertise, dismantle institutions, break things just to watch them shatter, then call it innovation.

And I refuse to be useful to them in any way, shape or form.

There’s a version of Permissionless that exists in a better world—a world where breaking down barriers is about lifting people up, not tearing them down. A world where expertise isn’t the enemy, where knowledge isn’t discarded in favor of whoever yells the loudest. A world where being “permissionless” means solving problems, not creating chaos for the sake of it.

But that’s not the world we live in.

And I can’t pretend otherwise.

I believe in the ideas in my book. But I also believe in responsibility. I believe in knowing when something you create could do harm in the wrong hands. I believe in looking at a movement and asking, Who benefits? Who suffers? Who is using this, and for what?

And if the answer makes my stomach turn, I don’t get to look away.

I wrote Permissionless because I wanted to see a world where people took action instead of waiting for permission. But I won’t let my work become an excuse for dismantling what little stability we have left. I won’t let it be co-opted by people who see destruction as an end goal.

For now, the book is gone.

I want to write a new version. A better version. It might take weeks. It might months.

If you bought the book, please know - I love and appreciate you, and I do not regret writing and sharing it with you. And you’ll get the new version free, as soon as it’s ready.

But for now, I can’t keep putting it out there.

Don’t get me wrong. I stand by the premise. But I don’t stand with the people who are currently warping concepts like Permissionless to their own ends.

I refuse to be useful to people who could turn my work into something ugly.

🍕
My goal this year is to make Westenberg and my news site, The Index, my full-time job. The pendulum has swung pretty far back against progressive writers, particularly trans creators, but I'm not going anywhere.

I'm trying to write as much as I can to balance out a world on fire. Your subscription directly supports permissionless publishing and helps create a sustainable model for writing and journalism that answers to readers, not advertisers or gatekeepers.

Please consider signing up for a paid monthly or annual membership to support my writing and independent/sovereign publishing.
Read the whole story
rosskarchner
16 days ago
reply
Share this story
Delete

'Bloody Saturday' at Voice of America and other U.S.-funded networks

1 Comment and 2 Shares
President Trump

Federal officials placed 1,300 employees at Voice of America on indefinite paid leave, while severing contracts with Radio Free Asia and other U.S.-funded networks.

(Image credit: Andrew Harnik)

Read the whole story
acdha
17 days ago
reply
“It took decades to build this goodwill and an audience of hundreds of millions every week. Seeing arsonists just set fire to it all is awful.”
Washington, DC
rosskarchner
17 days ago
reply
Share this story
Delete

Note published on March 15, 2025 at 11:01 PM UTC

1 Share
Read the whole story
rosskarchner
17 days ago
reply
Share this story
Delete

The important thing about 18F

1 Share

The important thing about 18F is that it was a dream.

Last weekend, 18F, the office I worked for at the US General Services Administration, was eliminated. All 100 or so individuals on staff were fired at midnight (12:02 to be precise) Saturday morning.

18F was a place where people worked. Those people helped other people do their work better. Sometimes they helped large groups of people save money. Some of those people worked to help small groups of people with impossible or herculean jobs. But the important thing about 18F is that it was a dream.

Often, 18F helped people focus on outcomes when the system wanted them to focus on check boxes. (It was also a place to learn that sometimes you have to find a way to do both.) 18F was a place that made a positive difference in how people in the federal government delivered to the public. But the important thing about 18F is that it was a dream.

The people who worked there had the courage to believe in the beauty of the dream. Their customers did too. So did their peers. And so did the giants on whose shoulders 18F stood. Dreams only work if people believe in them. So, the important thing about 18F is that it was a dream.

The future will not belong to the cynics. The future will belong to those who have passion and are willing to work hard to make our country better. The future will belong to those who believe in the beauty of their dreams.

— Sen. Paul Wellstone

Apologies to Margaret Wise Brown.

Read the whole story
rosskarchner
19 days ago
reply
Share this story
Delete

NEW: Emails Confirm What We Knew All Along: They Were Planning to Fire Us All

1 Share

Emails submitted as part of new court filings in the case NTEU vs Vought reveal the breakneck speed at which Russell Vought and Elon Musk’s DOGE staffers sought to completely shutter the CFPB. They show how the administration had hoped to …

NEW: Emails Confirm What We Knew All Along: They Were Planning to Fire Us All Read More »

The post NEW: Emails Confirm What We Knew All Along: They Were Planning to Fire Us All appeared first on CFPB Union.

Read the whole story
rosskarchner
22 days ago
reply
Share this story
Delete
Next Page of Stories