AI Snips
Chapters
Transcript
Episode notes
Device Revocation Won't Revoke Access
- Registered devices share the conversation key so revoking a device does not prevent it decrypting future messages.
- Twitter currently offers no UI for unregistering devices, making revocation hard.
Raises The Bar Against Bulk Server Access
- Moving DMs from server-readable plaintext to endpoint-held keys raises the bar against bulk server-side access.
- The change reduces risk from database leaks and insider scraping, even if it doesn't stop compelled access or targeted key substitution.
Use It Only For Limited Threat Models
- If you need protection from server-side access or database theft, enable Twitter's encryption as it keeps keys on endpoints.
- If you face state-level adversaries, switch to Signal for proper end-to-end security and forward secrecy.