X (formerly Twitter) has officially launched Chat, a privacy-focused upgrade to its legacy direct messages (DMs). The platform combines standard DMs and end-to-end encrypted conversations, supporting one-on-one and group messaging.
Chat lets users exchange files, make voice and video calls, and send voice memos (returning in an upcoming update). It also supports editing or deleting messages, setting them to disappear automatically, notifying users of screenshots, blocking screenshots entirely, and keeping messages free from advertising or tracking.
How Chat Works and Device Management
When a user first opens Chat, a public-private key pair is generated for their account. A PIN stored only on the device protects the private key, which can be recovered on other devices using the same PIN. Each conversation uses a unique encryption key, and the public-private key pairs securely exchange these conversation keys between participants.
Users can access encrypted messages across multiple devices. Logging out deletes all encrypted messages and keys from that device, but the private key can be recovered on other devices using the PIN.
All messages, reactions, links, and files are encrypted on the sender’s device and remain encrypted on X’s servers until decrypted by recipients. X plans to release a technical whitepaper detailing its encryption technology later in 2025.
Eligibility for Encrypted Direct Messages
To send or receive encrypted DMs, users must:
- Be on the latest X app (iOS, Android, or Web)
- Either follow or subscribe to each other, have previously exchanged messages, or have accepted an encrypted DM before
Users can also send message requests to:
- Recipients who have opted to receive encrypted DMs from anyone
- Verified users who have opted to receive DMs from other Verified users
Security and Limitations
- Messages sent in groups, along with any media, are encrypted; however, associated metadata—such as recipient information and timestamps—remains unencrypted.
- Forward secrecy is not yet implemented; compromised device keys could expose past messages
- Man-in-the-middle attacks are not currently prevented; X plans to add signature checks and “safety numbers” in future updates
- Encrypted messages cannot currently be reported; issues must be reported via the account
Message Management
- Delete / Unsend: Remove messages from recipients’ inboxes; deletion syncs across devices
- Disappearing Messages: Set messages to auto-delete after a chosen duration
- Grok Integration: Messages or images can be analyzed with Grok; content sent to Grok is no longer encrypted, but the original conversation remains encrypted
Availability
Chat is currently available on iOS and Web, with Android support coming soon.