X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch X's new encrypted messaging feature, XChat, has some red flags.

techcrunch.com/2025/09/05/x... shouldn't surprise anyone but quotes me so it's obviously good

2 images from hackers as characters converse. "I've got a record. I was Zero Cool." "Zero Cool crashed 1.507 systems in one day, biggest crash in history. Front page New York Times August 10, 1988"

Never forget today, when, on this day in 1988, Zero Cool crashed 1,507 systems in one day.

Acclaimed Colorado sci-fi author: Future stupider than I imagined Paonia writer Paolo Bacigalupi reflects on 10 years since the publication of his climate thriller “The Water Knife.”

For once, a very good headline, and of course @paolobacigalupi.bsky.social is not wrong here

www.cpr.org/2025/07/12/i...

So yesterday on X someone from X engineering tweeted at me that X does, in fact, use HSMs and the key ceremonies are “coming soon.” I’ve updated the post but I’ll be honest this whole thing doesn’t fill me with good feelings.

Regardless of how good or bad their Juicebox deployment is, at the end of the day, the client code has access to the unencrypted text and/or private key and can do whatever it wants with it.

And as you mention without an independently verified key ceremony, there's no way to know if the realm is running on commodity hardware, a poorly configured HSM that can leak keys, or a correctly configured HSM.

A bit more on Twitter/X’s new encrypted messaging Matthew Garrett has a nice post about Twitter (uh, X)’s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew’s post is that from a cryptographic…

I wrote a bit more about X’s new encrypted DMs and the Juicebox protocol. blog.cryptographyengineering.com/2025/06/09/a...

Juicebox had 2 realms running on real entrust HSMs managing billions of (test) keys. The impl is complete. That said I’m not aware of any deployments of it outside the ones Juicebox ran.

Don’t Put All Your Juice in One Box At Juicebox, we believe key recovery should be secure, user friendly, and actually… work. That means it has to be more than cryptographic theater. It has to reflect the real world, where systems get h...

If your DMs are “encrypted” but one org holds all the keys, you haven’t distributed trust – you’ve built a backdoor.

Juicebox only works when boundaries are real. Separation isn’t optional.

Replication != distribution.