Twitter has launched the Encrypted DMs feature following yesterday's announcement, where it also talked about DM replies and a new emoji picker. The feature is available on the latest versions of Twitter apps (Android, iOS, Web). However, Twitter's version of secure messaging comes with its share of limitations mentioned in a support document.
People can only send and receive encrypted messages if they are verified users, or affiliates to verified organizations. As of now, Twitter charges a $8/mo Twitter Blue subscription fee to verify users with a blue checkmark. Meanwhile, an organization is required to pay $1,000/month to get verified and $50/mo for each affiliate. It was recently reported that Twitter restored the blue checkmark for many accounts with more than a million followers.
Now, to use encrypted messages both sender and receiver should be running the latest version of its mobile apps. Furthermore, the recipient should be following the sender, has previously sent them a message, or accepted a DM request from the sender in the past.
Eligible users can send encrypted messages just like normal texts but a limitation here is that the feature only works with texts and links; it doesn't support media and other attachments at the moment. They'll see a toggle at the top right corner after tapping on the compose message button in the app, allowing them to switch to encrypted messages.
A lock icon appears on the avatar of the recipient as an indicator that the conversation is encrypted. But Twitter warns that currently, "it is not possible to report an encrypted message to Twitter due to the encrypted nature of the conversation."
For now, the feature is only available in one-to-one chats and Twitter said it will "soon be expanding this feature to group conversations." Also, the company has put a limit of 10 devices per user and an existing device needs to be deregistered if the user wants to add a new one. Also, Twitter doesn't allow a new device to access messages of an existing encrypted conversion.
Twitter says it doesn't "offer protections against man-in-the-middle attacks" at the moment, falling short of the promises made by its CEO. "As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it," it said.