It's possible to use OTR encryption with Twitter DMs, if you're prepared to put in the work.
Although encryption has never been more pervasive, with more and more services deploying strong privacy protections for users, Twitter has been slow on the following the trend. Now, one researcher has created a workaround for using end-to-end encryption with Twitter direct messages.
In a tutorial posted to Github, security researcher Colin Mahns has detailed how to do this with off-the-record encryption (OTR), the same protocol that continues to foil even snooping intelligence agencies.
"It was more of a 'I wonder if I can get this to work' idea to try it at first, and I wrote the gist to be a quick guide for friends in my circle to try out with me," Mahns told Motherboard in an (unencrypted) Twitter message.
This is now possible because of Twitter's recent lifting of the 140 character limit on direct messages: users can now chat on, and on, and there is enough space for encrypted conversations to take place.
Mahns's idea for encrypting these messages originally came around when Runa Sandvik, a security researcher and Forbes contributor, pointed out that when you send a PGP encrypted message in a DM, "Twitter mangles that content so that you cannot simply copy/paste/decrypt. You have to edit it yourself." From here, Mahns set out to see if it was possible to use OTR instead.
It's important to point out that the tutorial is not for the average internet user. First, it's necessary to connect your instant messaging client—the same one that you might already use for OTR chats—with Bitlbee, a tool for tunneling your messages to a virtual IRC channel. After some further configuration, it is then possible to send encrypted DMs from the instant messaging software (and not the web interface for Twitter.com).
"Okay it's a little fini[c]ky to deal with and set up I admit, but this is the best options we have at the moment," Mahns writes in the tutorial. "If you want OTR (or a better protocol like TextSecure) to be supported and widely adopted, lobbying Twitter and developers of third party clients is necessary."
Shortly after the Edward Snowden revelations in 2013, Twitter was reportedly developing new security measures, including encrypted direct messages, although those plans were apparently shelved a few months later. To be fair, the social network has a history of fighting back against government surveillance, so perhaps Twitter will implement the feature at a later date.
In the meantime, those who value their privacy might want to take the time to set up encrypted direct messages.