Thread
1/ alright, say you want to add end-to-end encryption to Twitter DMs. Hypothetically, of course.
That's quite difficult. Not in the "must nerd harder" sense, more in the "tricky product tradeoff" sense.
That's quite difficult. Not in the "must nerd harder" sense, more in the "tricky product tradeoff" sense.
2/ the central question is this: say you log into Twitter in a fresh browser, or on a brand new phone. Should you have access to your DMs? Because currently you do.
With end-to-end encryption, answering that question is tricky.
With end-to-end encryption, answering that question is tricky.
3/ because the point of end-to-end encryption is that the Twitter servers should never have access to your DMs. That means the ability to decrypt must always be kept on the client, say your Twitter app or web browser.
4/ If you can log into a fresh client and get your DMs, and you want end-to-end encryption, that means some kind of pairing dance between your fresh client and a pre-existing, already logged in Twitter client, say the Twitter app on your phone, to share the decryption key...
5/ or it means the decryption key is derived from your password. Which is doable, but means that the encryption is weaker because a password is not as strong as a random full-strength decryption key.
6/ and no matter what, if you lose your device and forget your password, you lose your DMs. No way around this.
That's how Signal works, too.
That's how Signal works, too.
7/ so, say you're ready to tackle this, you're good with these limitations.
How do you upgrade existing users?
Users who forget their password occasionally, or lose their phone sometimes and log into a new one. Or use third-party apps to manage their DMs?
How do you upgrade existing users?
Users who forget their password occasionally, or lose their phone sometimes and log into a new one. Or use third-party apps to manage their DMs?
8/ are users ready to lose their DMs in these scenarios?
Or does it make more sense to leave existing DMs alone and introduce "secure DMs" as a new feature, establishing new usage patterns for these secure DMs?
Or does it make more sense to leave existing DMs alone and introduce "secure DMs" as a new feature, establishing new usage patterns for these secure DMs?
9/ And if that's the path forward, will users understand? Will they suddenly worry about the insecurity of their old DMs (some would say that's good) ? Will they even use the new feature?
These are the tradeoffs. They're real and particularly tricky to manage.
These are the tradeoffs. They're real and particularly tricky to manage.
10/ if you want to read more about the product tradeoffs of end-to-end encryption, worth reading @matthew_d_green's Mud Puddle Test:
blog.cryptographyengineering.com/2012/04/05/icloud-who-holds-key/
blog.cryptographyengineering.com/2012/04/05/icloud-who-holds-key/
