X's Encrypted DMs: PRIVATE or NO?
Вставка
- Опубліковано 6 лип 2024
- X, the platform formerly known as Twitter, rolled out "encrypted messages" this year!
We explain how to use it, who is eligible, but we also dive into the nitty gritty of how this encryption has been implements, and why we don't think you should trust it for anything sensitive. There are better E2EE messaging apps out there.
00:00 X introduces Encrypted Messaging
02:53 How to Send Encrypted Messages on X
03:30 Who Can Use X’s Encrypted Messages?
03:57 Should You Use X’s Encrypted Messaging?
06:13 Deep Dive: How They've Implemented It
09:54 Problems
12:34 Conclusion
X’s introduction of encrypted messaging is long overdue, and a very welcome feature: It not only brings privacy to a lot more people, but it's also a signal to the entire tech industry that privacy is important. Just be careful not to place too much trust in their encrypted messenger: For anything sensitive, we recommend using a platform with more robust privacy features.
Huge thanks for Matthew Garrett for writing this fantastic summary of the issues:
mjg59.dreamwidth.org/66791.html
/ mjg59
Brought to you by NBTV team members: Lee Rennie, Cube Boy, Sam Ettaro, Will Sandoval, and Naomi Brockwell
To support NBTV, visit:
www.nbtv.media/support
(tax-deductible in the US)
Visit our shop!
Shop.NBTV.media
Our eBook "Beginner's Introduction To Privacy:
amzn.to/3WDSfku
Beware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.
Visit the NBTV website:
nbtv.media
Watch this video on LBRY:
open.lbry.com/@NaomiBrockwell...
________________________________________________________________________
Here are a bunch of products I like and use. Using these links helps support the channel and future videos!
Recommended Books:
Beginner's Introduction To Privacy - Naomi Brockwell
amzn.to/3WDSfku
Permanent Record - Edward Snowden
amzn.to/305negc
What has the government done to our money - Rothbard
amzn.to/2KMzmcu
Extreme Privacy - Michael Bazzel (The best privacy book I've ever read)
amzn.to/3BLZ1gq
Digital version: inteltechniques.com/book7.html (non affiliate link)
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State - Glenn Greenwald
amzn.to/2UQmJ4m
Some of my favorite products to help protect your privacy!
Brave browser: brave.com/nao076
Faraday bag (signal stopping, to protect your fob, credit card, computer, and phone)
amzn.to/3z02UiF
Data Blocker (if you're charging your phone in an unknown port, use this so that no data is transferred)
amzn.to/2SVh0J2
Camera tape (electrical tape is the best tape for covering phone and computer cameras)
amzn.to/3Xn8xBn
USB-C to ethernet adapter:
amzn.to/2lOVBoy
Privacy Screens (use your phone and computer in public? Keep your information safe!)
Computer: (Search for the size right for your computer)
MacBook Air 13" amzn.to/3VQvpZ7
HP/Dell/Acer/Asus/Lenovo 15.6" amzn.to/3KK1Oda
Lenovo Thinkpad/HP Elitebook/Dell 14" amzn.to/4enT2zq
Phone: (Search for the size for your phone, decide whether you want glass or plastic!)
Galaxy s24 - amzn.to/3VGgb8H
iPhone 15 - amzn.to/45vCd1h
Pixel 8 - amzn.to/3KFDuJF - Наука та технологія
Statistics show that you will have a great and beautiful day if Naomi enters your notifications.
💯% true!
Cringe
I think Elon Musk should donate $250k to NBTV to promote and support privacy.
That's like asking for crumbs from your new lord master in medieval times right after he won over the minds of the peasants with some savory promise. Your asking a psycho for too much.
@@lonewitness did you know that it is possible to make a posituve wishfull statement without trying to get into some kind of psychological undertone? Try to occasionally think positive about some 'what-ifs'. Try it sometime, it can make life a little less stressful.
Thanks, Naomi. Next video about Facebook, please. It is ridiculous how they push you to loose your privacy or pay 13 € per month for it, next year.
Privacy should and always be free. If you're serious about privacy, use signal.
The song and or dance at the end of this video was so well encrypted I didn't even see it. Good work! 😆
Thank you once again Naomi. More brilliant and useful advice. I got booted off twitter a while ago, I couldn't even close my account, so I have never bothered with it since. Oh, and I always watch your lovely endings.
Loved the ending!
very important stuff thanks, NBTV!
Great video, as always.
With perfect forward secrecy, you should only expose that session and not every session going forward.
Great video, thank you. Keep up the great work.
Awesome content again!
Thanks Naomi for this, more meat to chew over. Might try skipping to the end on the next one before watching next time. 😉🤣 But then again, 🤔. Keep up the good work.
Good video. I watched more than half of it until it got too complicated for me, and I don't even have Twitter/X. Still educational.
This was very good, although the temptation for me to use X is, shall we say, not great. 😉 As for watching to the end, I know that the average viewer looks for greener pastures by 9 minutes but I don't understand how any real interest in a subject or enjoyment of it can wane in so short a time. I suppose life is full of mysteries. 😊
I don't have X but nice video and amazing explanation about keys
Good job Naomi...
Having worked in IT for over 20 years, I would not put it past a rogue employee or two having a means of getting around this type of encryption. It could be a huge source of income for them, let alone cover their backside.
I bet for the NSA it would be child's play.
You don't even need to think that far. X is subject to US law and under US law, we know that it is legal and also common practice that the NSA subpoenas every big tech company to hand over all their data and forces them to lie about it. That the code is open source is the *bare minimum requirement* to start even thinking about trusting something. Even then, there's no guarantee, but if something is closed source, it's not even worth discussing.
Yeah, that instead of idk, doing everyone a favor and destroy this stuff.
They can call it what they want, it'll always be twitter and tweets to me.
That addendum will definitely change my life...or maybe not 😂
I guess anyone who doesn't pay for X could just paste PGP messages into their DMs and have done with it
I don't think Elon cares about users privacy when his own brand of cars ( tesla ) exposed very personal info , just use signal or even better session if need privacy , also love the ending 🤣🤣
Hey Naomi, im looking for your recomendation on hardware wallets. Thank you very much!
None of your videos have been showing up on my thread.
Actually I watch to the end hoping you'll do another little dance for us.
lolol one day
Can you not use your own encryption on top of X or anything else, so it's double encrypted with your encryption and their encryption?
I mean I guess you could, but personally, I'd probably use a different way to communicate at that point
What happens if you stop paying? Do you lose access to your encrypted messages?
Absolutely.
I love a good Asymmetric Key Pair, but I often find the naming conventions a little confusing for new users.
I've found that the word "Key" in "Public Key" kind of breaks the mental model for some people. So when introducing this idea to people I've began referring to the Public Key as the "Padlock File" and thus the "Private Key" can keep its name.
At my work place we have a decent chunk of non-tech folk who have to use ssh-keys and this has been the easiest way for me to get that idea across.
I once dated a girl with an asymmetric pair. She was wonderful. You would never know unless her boobs got akilter. I loved adjusting them. What fun mammaries. Memories. I meant memories!
I'm sure this feature will be implemented in Wayland eventually.~
awesome
tl;dw, the answer to the video title is: Not at all, unless the client code becomes open source and supports verifiable builds whose hashes match the binaries distributed by the app stores. Unless that foundation is laid, other questions are completely irrelevant.
The pros you list are only true under the condition that we can verify the code, which we cannot. So by presenting those pros you create a false sense of security. The "encrypted DMs" are not "fare more secure" than regular DMs. Until you can prove that claim by verifying the source, which you can't, both are equally insecure and should be treated like that without exception. Please do not promote a false sense of security.
@@Dosenwerfer Will you personally verify? Neither will I . Your still trusting the verifier. Governments obviously have large resources for data mining.
@@flashwashington2735 I never asked her to to verify the source. I asked her to stop making those misleading statements. Those "encrypted" DMs are not even the slightest bit more secure than regular DMs and do not have any of the advantages that she states. It is the media's responsibility to point that out very clearly. Subjunctive speech would have been the least to expect when talking about those alleged advantages. Even better not to mention them at all, since they are not there.
@@Dosenwerfer You are the same because you have not pursued the security of the code your using. That's hard for you understand. Reply to me and I will give you an example and exclamation a 3 or four year old van understand. Hopefully, you will get it. Fingers crossed. 🤣🤣🤣
@@flashwashington2735 Oh I know very well what I am talking about (professional low level software engineer with a computer science degree). You however do not seem to be interested in a constructive discussion, so I'm gonna end it here.
The old phrase comes to mind..... "For every lock, there exists a key."
Better encryption & a 'layered' approach will slow would-be thieves & data miners, but nothing is 100%. Everything has a weakness. It's just matter of time, to find it & use it.
Safer to assume that nothing is secure, private nor encrypted.
If it is not for certain that the zero access bit of true E2EE is in place then it is basically a false security honeypot.
👍🏻
I'd like to buy your painting, do you sell them? I would support your work through a commission if you send me the affiliate link
Session anyone?
🤯
Didn’t Tucker Carlson say that his signal messages were intercepted
If you want really private messaging something like Session would be a great option. Wouldn't trust X any more than Meta.
Session doesn't have perfect forward secrecy
@@NaomiBrockwellTV true, but doesn’t require a phone number or an email. Briar is probably the best, being able to message someone nearby over Bluetooth and not touch a public network is pretty great for security and privacy.
Algorithm.
Wide spread lack of privacy also supports growth of undermined and/or oppressed groups. Typically through crime. It’s mostly done by kids to go on vacation and buy Jordans. But we probably need both. Privacy and lack of privacy.
is Signal still recommended out of ignorance or complacency?
it now has a piece of closed-source code to fight spam. what else can that code be used for? can it be hijacked? does it examine message contents before passing them on? who knows? is Wire any better? I don't know, since they revamped their code, and although their last privacy audit was years more recent than Signal's last one, no longer applies to the new iteration of the app.
Signal is still recommended as one of the few who seem to care about privacy and not just bolt on some poor type of encryption on so they can say it's encrypted.
It depends on your threat level. If you want to stop big tech selling all your data to who knows who then this kind of app is easy to use and appears to do what it says.
If you are a politician or journalist maybe you need something bespoke. Maybe something using XMPP or jit.si.
Insert old meme: It' a trap!
Can i use what's app?
SMS is the gold standard.
X not gonna give it to ya (properly implemented DM privacy)
Algorithm😀😀
It's BS .. not paying for it.
That's right! Make your own BS whenever you want. You weren't talking bachelor if science, were you?
what about UA-cam?
how invasive is our privacy with these Muppets?
Your privacy is very invasive, whatt ever you use. Always waving your privacy under everybody's noses. Don't you weary if it?
Two words for why I would NEVER use X ; Elon Musk
I would not trust Musk with any of my data.
He doesn't want or need your stinking data.
Personal, I don't care about Twitter - X and it can go out of business.