X has announced a new end-to-end encrypted chat feature, drawing comparisons with WhatsApp and sparking a sharp debate on message security. Soon after the announcement, Elon Musk openly challenged critics and security researchers to test the system.
Posting on X, Musk invited experts to probe the platform’s encryption. “We welcome any attempts to break X encryption,” he wrote, responding to concerns that server-stored keys protected by a 4-digit PIN could allow brute-force attacks. He also promoted the feature by saying, “Send files via X Chat with full encryption. Much more secure than email.”
The company said the new Chat feature, still in Beta, is designed to offer a secure and modern direct messaging experience. According to X, unlike other end-to-end encrypted platforms that rely on complex multi-device key management or QR codes, Chat simplifies key recovery. It does this by sharding and storing key material across 3 secure storage realms, including Hardware Security Modules and software databases, using the Juicebox Protocol. X added that the key material can be recovered with a 4 digit PIN that never leaves the device, enabling easy device changes while keeping messages private, even from employees.
However, the claims have been challenged by an X user, Sooraj Sathyanarayanan, who questioned Musk’s assertion that X Chat is highly secure. Musk replied directly, saying, “And we welcome any attempts to break 𝕏 encryption”.
In a detailed post, Sathyanarayanan argued that X can still access user messages because private key backups are stored on X’s servers. He said safety numbers help detect external attacks but do not protect users from insiders or legal demands. He also pointed out that X lacks forward secrecy, noting that a single key compromise could expose all past encrypted messages.
He further raised concerns about the Juicebox system, citing analysis by cryptographer Matthew Green, suggesting it may be software-only. According to the post, a 4–6 digit PIN is easy to brute-force if protections are bypassed. Sathyanarayanan also highlighted that message metadata is not encrypted, referencing a well-known quote by former intelligence chief Michael Hayden: “We kill people based on metadata.”
Another criticism was that X Chat is not open source, despite earlier promises to publish code and a whitepaper by June 2025. He concluded by advising users not to rely on X encrypted chats for sensitive conversations and instead use Signal.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
