this post was submitted on 21 Oct 2025
297 points (96.6% liked)

Technology

76432 readers
3238 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
297
X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch (techcrunch.com)
submitted 1 week ago by ardi60@reddthat.com to c/technology@lemmy.world
88 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] DarkFuture@lemmy.world 19 points 6 days ago

Hey y'all. Reminder not to trust a platform owned and operated by a Nazi manchild.

[–] BD89@lemmy.sdf.org 17 points 6 days ago

Shouldn't trust it yet.

Or ever.

[–] Typhoon@lemmy.ca 12 points 6 days ago

XChat, has some red flags.

With a white circle and a swastika inside?

[–] HubertManne@piefed.social 9 points 6 days ago

probably??? try definitely and ever

[–] notgivingmynametoamachine@lemmy.world 9 points 6 days ago* (last edited 6 days ago)

If you trust ANYTHING Musk has for you well then have I got a bridge to sell you.

[–] mazzilius_marsti@lemmy.world 8 points 6 days ago

"xchat" sounds like one of those porn chat rooms

[–] Bebopalouie@lemmy.ca 8 points 6 days ago

Yet? More like never.

[–] abbiistabbii@lemmy.blahaj.zone 6 points 6 days ago

"The guy who helped install Donald Trump, did a Nazi Salute at Trump's victory parade on live TV, supports authoritarians, and who has declared war on transgender people to the point you're not allowed to say "Cis" or "Cisgender" on his platform, has created an end to end encrypted chat."

All of this has the same vibes as the time Brigham Young University amended their code of conduct to allow people to come out as queer, let some students come out, and then changed the CoC back and expelled the students.

[–] thatradomguy@lemmy.world 5 points 6 days ago

~~shouldn't trust it yet~~ shouldn't trust it ever

[–] edgarzen@sh.itjust.works 7 points 6 days ago (1 children)

Signal and encrypted email only.

[–] DarkFuture@lemmy.world 3 points 6 days ago

Friends and I swapped our group chat to Signal the day Trump was inaugurated...the first time.

If things keep going the way they are, no one should be communicating on anything but encrypted messaging apps.

[–] DFX4509B_2@lemmy.org 2 points 5 days ago* (last edited 5 days ago)

Probably shouldn't? How 'bout definitely shouldn't, ditto for Twitter in general. Give ATproto shit all you want but at least you can move to an independent PDS with it.

Granted ActivityPub is still ideal over ATproto, but both are better than a centralized black box.

[–] Mohamad20ZX@sopuli.xyz 1 points 5 days ago

I hope Elon musk gets cancelled(cancer) for this useless nonsensical black box

[–] SabinStargem@lemmy.today 1 points 6 days ago

Ah, new ways for Kegsbreath to expose his idiocy.

[–] Hozerkiller@lemmy.ca -4 points 6 days ago (1 children)

I trust it but there is a major misunderstanding of end to end encryption. Some implementations the platform holder does not have a key to decrypt data but it is far from a requirement. All end to end means is there's a blocker preventing the network from seeing what you send not twitter who im assuming has a copy of the key.

[–] notarobot@lemmy.zip 5 points 6 days ago (1 children)

That is NOT end to end encryption. That is transport layer encryption. So basically SSL

End to end is from sender to recipient. No one in the middle should be able to read anything

[–] Hozerkiller@lemmy.ca -3 points 6 days ago (1 children)

It's like ssl but done at the application layer. Nobody in the middle can read it except it's nobody in the middle of you and twitter and twitter and the recipient. If you put something on a platform and they have the key they will always be able to read it if they want to.

[–] notarobot@lemmy.zip 2 points 6 days ago

are you being dense on purpose? sender and recipient are both users. never twitter.

i'm not saying that twitter's messaging is secure. the opposite. what i'm saying is that you statement of "All end to end means is there’s a blocker preventing the network from seeing what you send not twitter" is 100% objectively wrong.

[–] SnoringEarthworm@sh.itjust.works 125 points 1 week ago* (last edited 1 week ago) (9 children)

TL;dr of the article :

  1. They keep your private key on their servers.
  2. Their implementation allows for AITM attacks.
  3. It's closed source.
  4. There's no perfect forward secrecy.

This secret stays between you, me, and Elon.

I hope politicians use the hell out of it, so we can see what they really think when it gets (inevitably) hacked in a few weeks.

[–] answersplease77@lemmy.world 1 points 6 days ago

is it different with signal, telegram, whatsapp?

[–] Naich@lemmings.world 23 points 1 week ago (11 children)

What is the "A" in "AITM"?

[–] pirat@lemmy.world 2 points 6 days ago

Agencies

[–] BananaOnionJuice@lemmy.dbzer0.com 27 points 1 week ago (1 children)
[–] kuberoot@discuss.tchncs.de 4 points 6 days ago

Are you sure that site is trustworthy? It kinda reads like an LLM being told to explain the difference between two names for the same thing and basically rephrasing the same thing. I'd imagine it might just be a different name to get rid of a male-coded word.

[–] kami@lemmy.dbzer0.com 19 points 1 week ago

Adversary

[–] EncryptKeeper@lemmy.world 14 points 1 week ago (1 children)

It’s just MITM but with extra steps

[–] Someonelol@lemmy.dbzer0.com 13 points 1 week ago

Ah yes, Malcolm in the Middle is behind this all along.

load more comments (6 replies)
[–] renegadespork@lemmy.jelliefrontier.net 21 points 1 week ago

They keep your private key on their servers.

Then it's literally not even E2EE, lol

load more comments (6 replies)
[–] artyom@piefed.social 97 points 1 week ago* (last edited 1 week ago) (14 children)

offering me end-to-end encrypted chat

No one - not even X - can access or read your messages

This key is then stored on X’s servers

So...they're just blatantly lying?

[–] InnerScientist@lemmy.world 15 points 1 week ago* (last edited 1 week ago) (2 children)

It's encrypted with a 4 digit pin so they'll have to spend at least 316.8809e-10 years on brute-forcing it.

load more comments (2 replies)
load more comments (13 replies)
[–] popekingjoe@lemmy.world 42 points 1 week ago (1 children)

...yet? How bout just not trusting it at all?

load more comments (1 replies)
[–] sentient_loom@sh.itjust.works 29 points 1 week ago (5 children)

That "yet" is the narrative hook to trick us into feeling like it will soon be trustworthy, and that our assumed suspicions refer to a temporary state of untrustworthiness. Clever girls!

load more comments (5 replies)
[–] renegadespork@lemmy.jelliefrontier.net 22 points 1 week ago

How about: "You probably should trust or use X at all... ever."

[–] Manjushri@piefed.social 18 points 1 week ago

Yet? What kind of idiot would imagine that X would or could provide actual secure communication?

[–] Netrunner@programming.dev 17 points 1 week ago

Brain damaged people trust x again.

[–] Zeon@lemmy.world 15 points 1 week ago (2 children)

It's proprietary, how could you possibly trust it?

load more comments (2 replies)
[–] adespoton@lemmy.ca 15 points 1 week ago

YET?

load more comments
view more: next ›