Don’t Trust X’s “Encrypted” DMs Yet

X has rolled out “end-to-end encrypted” DMs (XChat), but experts warn the current setup isn’t ready for real privacy. In this breakdown, we explain how public/private key crypto should work, why storing private keys on X’s servers (protected by a 4-digit PIN) is a red flag, what HSMs are and why unproven claims don’t equal security, how an insider at X could enable an adversary-in-the-middle, and why the lack of perfect forward secrecy matters. We compare X’s approach with Signal, which keeps keys on your device.
Takeaway: until key storage, PFS, and insider threats are fixed—and independently verified—assume X’s encrypted DMs can be read.

#x #xchat #encryption

subscribe
  • David Bombal

Search

Categories

Recent Posts

Why Hackers Don’t Hack the Cloud, They Log In
Agents: The NEXT Big Attack Surface
Why People Buy the WRONG Laptops for Hacking
We Let AI Fix a Real Network. Here’s What Happened.
Windows 11: Kill Telemetry, Widgets & Bloat
Will Your Encryption Be Worthless in 3 Years?
Free CCNA Course: Dynamic NAT Pool (Live Lab)
Set Up Windows WITHOUT a Microsoft Account (2025)
Becoming a Ghost Online: 3 Privacy Levels
Are FAKE CAPTCHAs hacking you?