Topics

More from TechCrunch

X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet

Most Popular

OpenAI announces AI-powered hiring platform to take on LinkedIn

Tesla’s 4th ‘Master Plan’ reads like LLM-generated nonsense

BMW, I am so breaking up with you

Homicide at Burning Man turns Silicon Valley’s desert playground into a crime scene

Nvidia says two mystery customers accounted for 39% of Q2 revenue

Cracks are forming in Meta’s partnership with Scale AI

Mastodon says it doesn’t ‘have the means’ to comply with age verification laws

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet Lorenzo Franceschi-Bicchierai AM PDT · September 5, 2025 X, formerly Twitter, has started rolling out its new encrypted messaging feature called “Chat” or “XChat.” 

The company claims the new communication feature is end-to-end encrypted, meaning messages exchanged on it can only be read

Cryptography experts, however, are warning that X’s current implementation of encryption in XChat should not be trusted. They’re saying it’s far worse than Signal, a technology widely considered the state of the art when it comes to end-to-end encrypted chat. 

In XChat, once a user clicks on “Set up now,” X prompts them to create a four-digit PIN, which will be used to encrypt the user’s private key. This key is then stored on X’s servers. The private key is essentially a secret cryptographic key assigned to each user, serving the purpose of decrypting messages. As in many end-to-end encrypted services, a private key is paired with a public key, which is what a sender uses to encrypt messages to the receiver. 

This is the first red flag for XChat. Signal stores a user’s private key on their device, not on its servers. How and where exactly the private keys are stored on the X servers is also important. 

Matthew Garrett, a security researcher who published a blog post about XChat in June, when X announced the new service and slowly started rolling it out, wrote that if the company doesn’t use hardware security modules, or HSMs, to store the keys, then the company could tamper with the keys — brute-forcing them for example since they are only four digits — and potentially decrypt messages. HSMs are servers made specifically to make it harder for the company that owns them to access the data inside. 

An X engineer said in a post in June that the company does use HSMs, but neither he nor the company has provided any proof so far. “Until that’s done, this is ‘trust us, bro’ territory,” Garrett told TechCrunch. 

The second red flag, which X admits on the XChat support page, is that the current implementation of the service could allow “a malicious insider or X itself” to compromise encrypted conversations.

This is what is technically called an “adversary-in-the-middle,” or AITM attack. That makes the whole point of an end-to-end encrypted messaging platform moot. 

Garrett said that X “gives you the public key whenever you communicate with them, so even if they’ve implemented this properly, you can’t prove they haven’t made up a new key” and performed an AITM attack. 

Another red flag is that none of XChat’s implementation, at this point, is open

Finally, X doesn’t offer “perfect forward secrecy,” a cryptographic mechanism

As a result, Garrett doesn’t think XChat is at a point where users should trust it just yet. 

“If everyone involved is fully trustworthy, the X implementation is technically worse than Signal,” Garrett told TechCrunch. “And even if they were fully trustworthy to start with, they could stop being trustworthy and compromise trust in multiple ways … If they were either untrustworthy or incompetent during initial implementation, it’s impossible to demonstrate that there’s any security at all.”

Garrett isn’t the only expert raising concerns. Matthew Green, a cryptography expert who teaches at Johns Hopkins University, agrees. 

“For the moment, until it gets a full audit

X did not respond to several questions sent to its press email address.

Topics

Lorenzo Franceschi-Bicchierai Senior

Lorenzo Franceschi-Bicchierai is a Senior

You can contact or verify outreach from Lorenzo

October 27-29, 2025 San Francisco Put your brand in front of 10,000+ tech and VC leaders across all three days of Disrupt 2025. Amplify your reach, spark real connections, and lead the innovation charge. Secure your exhibit space before your competitor does.Last day to book is September 5

Most Popular OpenAI announces AI-powered hiring platform to take on LinkedIn Maxwell Zeff

Tesla’s 4th ‘Master Plan’ reads like LLM-generated nonsense Sean O'Kane

BMW, I am so breaking up with you Connie Loizos

Homicide at Burning Man turns Silicon Valley’s desert playground into a crime scene Connie Loizos

Nvidia says two mystery customers accounted for 39% of Q2 revenue Anthony Ha

Cracks are forming in Meta’s partnership with Scale AI Maxwell Zeff Marina Temkin

Mastodon says it doesn’t ‘have the means’ to comply with age verification laws Sarah Perez

X LinkedIn Facebook Instagram youTube Mastodon Threads Bluesky TechCrunchStaffContact UsAdvertiseCrunchboard JobsSite Map Terms of ServicePrivacy PolicyRSS Terms of UseCode of Conduct TelsaAnthropicTelexKlarnaMrBeastTech LayoffsChatGPT © 2025 TechCrunch Media LLC.