New X encrypted messaging feature raises major security concerns

Shafaq News – Texas

X, formerly Twitter, has begun rolling out its new end-to-end encrypted messaging feature called "XChat," but cybersecurity experts are warning users against trusting the service in its current form.

While X claims the messaging feature provides end-to-end encryption that prevents anyone, including the company itself, from accessing user conversations, cryptography specialists have identified multiple critical vulnerabilities that undermine these security promises.

Unlike established secure messaging platforms such as Signal, which stores users' private encryption keys directly on their devices, X stores these keys on its own servers protected only by a four-digit PIN. This fundamental design choice has raised immediate red flags among security researchers.

"If everyone involved is fully trustworthy, the X implementation is technically worse than Signal," security researcher Matthew Garrett told TechCrunch. "And even if they were fully trustworthy to start with, they could stop being trustworthy and compromise trust in multiple ways."

The platform also lacks several standard security features found in other encrypted messaging services, including "perfect forward secrecy" and open-source code verification. Most concerning, X acknowledges on its support page that the current system could allow "a malicious insider or X itself" to compromise encrypted conversations through man-in-the-middle attacks.

Cryptography expert Matthew Green from Johns Hopkins University echoed these concerns, advising users to treat XChat messages with the same caution as unencrypted direct messages until the platform receives independent security audits.

To continue reading, click here.