X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet

General News
1

In XChat, once a user clicks on “Set up now,” X prompts them to create a four-digit PIN, which will be used to encrypt the user’s private key. This key is then stored on X’s servers. The private key is essentially a secret cryptographic key assigned to each user, serving the purpose of decrypting messages. As in many end-to-end encrypted services, a private key is paired with a public key, which is what a sender uses to encrypt messages to the receiver.

So they’re storing the private key on their servers, but not on-device like Signal? What a terrible mistake…

2

I think this is by design. No social media platform prioritizes its users. Folks who don’t know any better and use this are in for a reckoning, eventually.

1 Like
3

Why? Proton also does the same thing.

The private keys gets encrypted with your password.

4

Difference is that Proton is primarily an collaborative suit with email and whatnot. Seamless cloud syncing is important in this usage case.

XChat is clearly trying to compete with WhatsApp and Signal in the messaging space. Both apps store their keys on-device.

5

This limits them to one device at a time, with limited linked devices. It also limits their use on the web.