X Rolls Out Enhanced Encrypted Direct Messaging with XChat

X (formerly Twitter) is improving its encrypted direct messaging (DM) system with the rollout of its new "XChat" platform for Premium subscribers. This update includes key enhancements to the encryption process, making conversations more secure.

How X's Updated Encryption Works

X initially launched encrypted DMs for Premium users last year. However, the system was deemed "clunky" by Elon Musk and required a significant overhaul. The updated system now features a more robust encryption process:

  • Upon entering XChat, a unique private-public key pair is generated for each user.
  • A user-defined PIN, which never leaves the device, secures the private key on X's infrastructure. This PIN allows users to recover their private key from any device.
  • A separate per-conversation key encrypts the message content. The private-public key pairs securely exchange this conversation key between users.

While a four-digit PIN offers convenient access, it may not be as secure as longer, more complex passcodes. X utilizes a combination of strong cryptographic schemes to encrypt every message, link, and reaction within a conversation. This encryption occurs before the message leaves the sender's device and remains encrypted while stored on X's servers.

Important Considerations for Encrypted DMs

To use encrypted DMs, both sender and recipient need the latest X app on iOS. Android and web support are not yet available. The recipient must also follow the sender, have previously accepted a DM from the sender, or have sent a message to the sender.

Group messages and media can now be encrypted. However, X will retain a record of shared posts. While message content, links, media, and reactions are encrypted, associated metadata (e.g., recipient, timestamp) is not.

Logging out of X deletes all DMs, including encrypted ones, from that device. This does not affect other logged-in devices. Upon logging out, X erases private and conversation keys. Logging back in on the same device allows retrieval and decryption of previous conversations.

Future Plans and Transparency

X plans to open-source its encryption system information later this year, promoting transparency and community review. The company hopes this enhanced security will encourage users to transfer money within the app once X Payments launches.