X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet

X's newly rolled out end-to-end encrypted chat feature, "XChat," is currently deemed untrustworthy by cryptography experts despite the company's claims. Several critical security flaws, including centralized private key storage, vulnerability to "adversary-in-the-middle" attacks, a lack of transparency through open-source code, and the absence of perfect forward secrecy, make it significantly less secure than industry standards like Signal. Users are advised to avoid using XChat for sensitive communications until these fundamental issues are addressed and independently verified.

QUICK TAKEAWAYS

• XChat's end-to-end encryption is fundamentally flawed and significantly less secure than platforms like Signal.
• X stores users' private keys on its servers, creating a central point of vulnerability.
• The feature is susceptible to "adversary-in-the-middle" attacks, potentially allowing X or malicious insiders to read messages.
• XChat lacks open-source implementation and perfect forward secrecy, hindering verification and long-term security.
• Security experts universally recommend not trusting XChat for private conversations at this time.

KEY POINTS

• Centralized Private Key Storage: X stores users' private keys (encrypted with a 4-digit PIN) on its servers, whereas secure alternatives like Signal store them directly on user devices. This server-side storage raises concerns about potential key tampering or decryption by X.
• Adversary-in-the-Middle (AITM) Vulnerability: X itself admits that its current implementation could allow "a malicious insider or X itself" to compromise encrypted conversations, effectively negating the purpose of end-to-end encryption.
• Lack of Transparency: Unlike Signal, XChat's encryption implementation is not open source, preventing independent security audits and verification of its claims. X has stated plans to open source it later in the year, but this has not yet occurred.
• Absence of Perfect Forward Secrecy: XChat does not use perfect forward secrecy, meaning if a user's private key is ever compromised, all past messages encrypted with that key could be decrypted, not just the most recent ones.

PRACTICAL INSIGHTS

• Expert Recommendation: Cryptography experts Matthew Garrett and Matthew Green strongly advise against trusting XChat for any sensitive communications.
• Comparison to Standards: XChat's security is considered "technically worse than Signal," which sets the benchmark for secure end-to-end encrypted messaging.
• Crucial Elements for Trust: Trustworthy E2EE requires private keys to be securely stored on devices, open-source code for independent auditing, and the implementation of perfect forward secrecy.
• X's Promises: X plans to open source its implementation and provide a technical whitepaper later this year, but these are future commitments, not current realities.

PRACTICAL APPLICATION

Users prioritizing privacy and security in their digital communications should continue to rely on established and audited end-to-end encrypted platforms like Signal. It is strongly advised to avoid sharing sensitive personal or business information via XChat until X addresses its critical security shortcomings, provides full transparency through open-source code, and undergoes independent security audits to verify its claims. Relying on XChat in its current state carries significant privacy risks.