Security
Headlines
HeadlinesLatestCVEs

Headline

Elon Musk’s Twitter Buy Exposes a Privacy Minefield

The social network’s user data and more will soon be at the whims of the world’s richest man. Who’s worried?

Wired
#git#rce#auth

Elon Musk Secured an agreement on Monday to buy Twitter for about $44 billion and take the company private. In his initial comments about the move, Musk discussed a range of goals from “making the algorithms open source to increase trust” to addressing spambots and “authenticating all humans.” There isn’t more information available yet on how Musk will steer Twitter, but privacy and security proponents say that these initial comments paint a mixed picture of where the social media giant could be headed under its new leadership—and reveal the risks of trusting platforms to protect our private information.

Unlike Facebook and other platforms that have enforced “real name” policies, Twitter has largely allowed people to use pseudonyms or remain anonymous, an approach that could change under Musk. Additionally, Musk will soon be able to access all Twitter user data, including IP addresses and the content of direct messages. Twitter’s DMs are notably not end-to-end encrypted, meaning that they can be accessed by whoever controls the platform. Proponents of end-to-end encryption have long emphasized that the protection not only safeguards users’ data from prying eyes of all sorts, but puts the power with users for the long term, regardless of who owns the service when.

“Elon Musk is now literally the king of Twitter. There is nothing stopping him from accessing your direct messages or handing them over to a government—perhaps one in a country where Tesla is trying to do business,” says Evan Greer, deputy director of the digital rights group Fight for the Future. The Chinese government, for example, is notorious for policing both public discourse and private communications, demanding that tech companies retain records about the identities of their users even if people are allowed to post using a handle. As rival ultra-billionaire Jeff Bezos highlighted in a Monday tweet thread, one of Musk’s other companies, Tesla, has major business interests in China. Twitter, meanwhile, remains a thorn in Beijing’s side.

Like other tech giants, Twitter has spent years building out systems for reporting things like the number of government information requests it receives or legal demands to remove content. Musk has indicated that transparency will be a priority for him at Twitter, but it remains unknown which areas he wants to focus on and what his stance will be on issues like government requests for user data.

In general, digital rights advocates point out that open standards protect speech more effectively than closed ecosystems, because they allow multiple organizations to offer versions of an interoperable service that users can choose from. (Think about SMS and email as two examples of these types of services.) In practice, though, users have flocked to the relative simplicity and ease of use that platforms like Twitter offer. In recent years, the company even launched its own exploratory program, Project Blue Sky, to look at ways of opening Twitter up as an interoperable, standardized platform rather than a single, closed service.

When Musk talks about “authenticating all humans,” it’s possible he’s referring to a plan to reduce spambots by having users, say, fill out captchas before tweeting to prove that they’re human. It’s unclear how feasible a system like this would be, but in theory, privacy and security advocates say, this is a best-case scenario and could actually be useful. The worst-case scenario, though, is that Musk is advocating a situation in which Twitter would either collect information about each user to confirm internally that they are an individual person or, worse still, require that users only have Twitter accounts under their legal identity.

“I don’t know what Musk means by this, but what would concern me most would be if everyone had to authenticate their identity with Twitter,” says Jeff Kosseff, an associate professor of cybersecurity law at the United States Naval Academy. “There are a lot of voices that are heard on Twitter that can’t be heard on platforms with real-name policies like Facebook. And platforms like Facebook are not a bastion of civility because of real-name policies anyway. Any small requirement to provide identifying information, even if it doesn’t require you to post under your real name, would really alter the ability of many people to speak online, especially outside the US.”

Musk will presumably share more details and specifics about his plans for Twitter soon. In the meantime, the situation serves as a cautionary tale of the uncertain and unpredictable path all private platforms are ultimately on.

“The extreme centralization and privatization of online spaces disproportionately harms those who don’t have access to traditional media,” Fight for the Future’s Greer says. “For human rights activists, small business owners, independent musicians, and folks from marginalized communities. having a platform ripped out from under you, or even just having an algorithm changed without warning, can have a profound impact on your ability to be heard, make a living, or even survive.”

As Meta continues to push its stand on implementing end-to-end encryption for Facebook Messenger and Instagram DMs, it remains to be seen what a Musk-led Twitter will do with its private user communications.

“It is scary. Twitter has been relatively good with the privacy stuff, and this takeover could be a serious issue for people who use the platform and have been shielded by the company, ” says Johns Hopkins cryptographer Matthew Green. “I guess just use Twitter DMs to hand out your Signal number. And then Elon can Signal message you.”

More Great WIRED Stories

  • 📩 The latest on tech, science, and more: Get our newsletters!
  • This startup wants to watch your brain
  • The artful, subdued translations of modern pop
  • Netflix doesn’t need a password-sharing crackdown
  • How to revamp your workflow with block scheduling
  • The end of astronauts—and the rise of robots
  • 👁️ Explore AI like never before with our new database
  • ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist