Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Twitter need to pull their finger out and get end-to-end encryption sorted on their DM's. I mean they onced acuihired Moxie and Whisper Systems yet they still don't have this in place? Many journalists and others are finding that Twitter is the place where initial contact with people/public/sources is being made first, because it's so easy to find and reach out to people. Yet they have no e-2-e on that. Even Facebook/WhatsApp, Google 'Allo, Telegram and of course, Signal are doing a better job then them.



What does end-to-end encryption mean for a tool with browser-based interfaces and where people often log on from multiple devices? I'm having trouble imagining how I'd do safe and easy key management between my phone, the old phone I stuck to my fridge, my tablet, and then Chrome and Firefox on my work laptop, my personal laptop, and that old laptop that hangs out by the couch for use when I'm watching TV.

I also don't see how end-to-end encryption would help for the sort of data apparently asked for here, which is metadata. If the feds get a warrant to find out who a particular government employee DMed, it would seem that encrypting the contents of the DMs wouldn't help if it's @nytimes they contacted.


The sender sends it to multiple devices, each with a different key.

I know that Signal messages can be sent to mobile and desktop at the same time, and it is seamless to do so. The sender does not even know that they are sending it to two devices


I can't tell if you know you only answered part of the question.


And just to be clear, the big part he's missing is about web apps. Whisper Systems is very clear that they're not doing a web version:

https://github.com/WhisperSystems/Signal-Desktop/issues/723

If they did, they would be the one holding the keys, not the user. The proposed solution also ignores the new-device case. If you install Twitter on your new phone, log in, and look at your DMs,you expect the whole history to be there. But if messages are encrypted for each device at time of transmission, then the new phone starts blank.


Don't browsers have a certificate store that can be used to store private keys?


End to end encryption wouldn't change this NSL at all. It isn't asking for content, which is the only thing that E2E encryption would affect.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: