Where are we on XChat security?
3 days ago
- #Encryption
- #X Chat
- #Security
- AWS outage caused Signal downtime, raising concerns about AWS dependency.
- Elon Musk recommends X Chat, claiming it's secure with no AWS dependencies.
- X Chat uses end-to-end encryption with keys stored via Juicebox protocol, sharded between backends (some HSM-backed).
- Lack of verification for public keys and HSM commissioning ceremony raises security concerns.
- X Chat's GetPublicKeysResult API could be manipulated to return fake keys, enabling message decryption by unauthorized parties.
- Remote attestation is missing in X Chat, a critical security feature present in services like Signal.
- Elon Musk's claims about X Chat's security are questioned, with accusations of being uninformed or dishonest.