Recently, Elon Musk announced that X is rolling out a new private messaging feature called "XChat", supposedly built with a "whole new architecture". Musk touted it as being built on Rust with "Bitcoin style" encryption, which, naturally, had experts skeptical almost immediately. That "Bitcoin style" encryption claim is particularly fishy, given Bitcoin is not about encrypting data on its blockchain; it relies on cryptography for transaction verification, not for making the ledger secret. It sounds like something meant to impress people who do not understand the tech. Perhaps Musk meant to compare its peer-to-peer aspect to Bitcoin, rather than claiming a new encryption method, but the phrasing was certainly unclear.
If you're a bit lost, here's a very brief timeline of how we got here: X, then Twitter, first launched a limited encrypted DMs feature back in May 2023. That version was only for verified users, lacked protection against man-in-the-middle attacks, and X itself admitted it could access messages under legal orders. Musk even said, "Try it, but don't trust it yet." By May 2025, that feature was paused for "improvements," only for XChat to emerge this month with similar promises and, apparently, similar fundamental flaws.
Regarding XChat itself, the initial details do not inspire much confidence. X's own updated help page for XChat still contains the same old warnings: "currently, we do not offer protections against man-in-the-middle attacks" and that X could compromise messages due to "a compulsory legal process". If a platform can decrypt your messages, it is not truly end-to-end encrypted in the way most people expect, like with Signal or WhatsApp, where only the sender and recipient can read the content.
Speaking to The Register, Matthew Hodgson, co-founder and CEO of encrypted messaging platform Element, was blunt, stating "XChat looks to be just another centralized platform where users have zero control over their data," and that without "technical transparency, no audits, no open source," it is "just marketing."
Hodgson also brought up Musk's ties to DOGE, saying the claims that he had access to sensitive government info and personal data aren't something to brush off. Pair that with reports about X hoarding way more data than it needs, and he says it's fair to question if XChat is really as secure as Musk wants people to believe.
X does state group chats and media can now be encrypted, and that in the future, to prevent man-in-the-middle (MITM) attacks, it will let devices verify the authenticity and origin of a message using what it calls "signature checks" and allow two users to confirm which devices have access to their encrypted chats using "safety numbers." The company claims it plans to release a whitepaper and open-source the implementation later this year.
13 Comments - Add comment