X Rolls Out Encrypted Chat, Raises Security Questions

TLDRs:

• X launches encrypted Chat, but missing safeguards raise privacy concerns for users.
• Users can edit, delete, or make messages disappear, though limitations remain.
• Financial and corporate users face compliance risks using X’s new messaging tool.
• Experts warn missing encryption features could expose metadata and past messages.

X, the social media platform formerly known as Twitter, has officially unveiled a new encrypted messaging service named Chat.

The feature promises end-to-end encrypted conversations and file sharing, allowing users to edit, delete, or set messages to disappear. In addition, the platform includes screenshot blocking, alerting users when someone attempts to capture a message. X confirmed that the service will not include ads or tracking.

Despite the excitement, the company has not disclosed a full rollout timeline or when all users can access Chat. This ambiguity has left security experts and privacy advocates questioning the platform’s approach.

Encryption Safeguards Missing

While Chat offers a step toward secure communication, it lacks several protections standard in established encrypted platforms. For instance, both parties must pay to enable encryption, excluding some groups such as journalists or activists who rely on free secure messaging.

X has admitted that Chat does not currently defend against man-in-the-middle attacks, meaning that an insider or a legal order could potentially access conversations.

Additionally, attachments like videos and photos are stored unencrypted on X’s servers, and metadata detailing who communicates with whom and when remains exposed. Experts also note the absence of Perfect Forward Secrecy (PFS), a critical feature that prevents decryption of past messages if private keys are compromised.

Further complicating security, Chat’s private keys are protected by a simple 4-digit PIN and reside on X’s servers without verified Hardware Security Modules (HSMs), raising insider risk.

Compliance Risks for Businesses

The timing of Chat’s launch could present challenges for financial firms and corporate users. Since 2021, U.S. regulators such as the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have fined firms over $3.5 billion for recordkeeping failures related to unauthorized encrypted apps like WhatsApp and Signal.

Notably, JPMorgan faced a $200 million penalty after staff used WhatsApp for work communications, while Goldman Sachs, Bank of America, and Citigroup incurred a combined $1.8 billion in fines.

X’s new Chat could inadvertently expose businesses to compliance violations if employees use the platform for professional communication. Regulators typically expect firms to implement policies and technical controls to prevent unauthorized app usage, which may necessitate mobile device management or eComms archiving solutions to monitor or block Chat on work devices.

Privacy Experts Urge Caution

Security analysts caution that while X’s move into encrypted messaging signals an intent to improve user privacy, the current implementation leaves critical vulnerabilities.

Users relying on Chat for sensitive conversations should be aware that metadata exposure, unencrypted attachments, and the lack of forward secrecy could compromise security.

Industry observers also point out that X’s decision to tie encryption to a paid model may limit adoption among individuals and organizations that cannot afford subscriptions, potentially undermining the broader security promise. As competition with platforms like Signal and WhatsApp intensifies, X will need to address these shortcomings to gain user trust and comply with regulatory expectations.

Conclusion

X’s encrypted Chat represents a significant step toward secure communication on the platform, offering features like message editing, deletion, and screenshot notifications.

However, the absence of standard encryption safeguards, incomplete metadata protection, and regulatory concerns highlight the challenges ahead. Users and businesses are advised to approach the feature with caution until X addresses these critical security and compliance gaps.

The post X Rolls Out Encrypted Chat, Raises Security Questions appeared first on CoinCentral.