X, formerly Twitter, has begun rolling out its end-to-end encrypted messaging feature, “XChat.” The platform claims only senders and recipients can access messages, but cryptography experts warn the implementation is flawed compared to Signal, the widely trusted encrypted chat service.
Security researchers flagged several red flags: users’ private keys are stored on X’s servers rather than devices; proof of hardware security modules (HSMs) hasn’t been provided; and the system could allow insider or company-led “adversary-in-the-middle” attacks. Unlike Signal, XChat is not open source, lacks perfect forward secrecy, and admits that conversations could still be compromised.
Related: X Expands Encrypted Messaging With XChat
Experts like Matthew Garrett and Matthew Green advise against trusting XChat until it undergoes a full, reputable security audit. For now, they argue, users should treat it as no safer than X’s old direct messaging system.
