X Expands Encrypted Messaging Feature ‘XChat’ to All Users

Report by: Syed Taskin Ahmed

In a major update aimed at strengthening user privacy, X (formerly Twitter) has rolled out its encrypted messaging feature, XChat, for all users. The feature, which was previously limited to Premium subscribers, is now available free of cost, marking a significant step in the platform’s security evolution.

A Separate Secure Inbox

XChat is designed as a separate opt-in inbox that does not replace the platform’s existing Direct Messaging (DM) system. Standard messages remain in the “Unencrypted” section, while users who activate XChat can send and receive end-to-end encrypted conversations.

To activate the feature, users must opt in and set up a four-digit PIN code, which provides an additional layer of security. On desktop, the “Chat” tab appears above Message Requests, while on mobile devices it is available on the navigation bar above Communities.

Features and Functionality

XChat supports a wide range of features, including:

End-to-end encryption, ensuring only sender and recipient can read the messages.

Media sharing and group chats.

Options to pin messages, manage read/unread status, and soon, the addition of disappearing (auto-vanishing) messages.

An unsend option, allowing users to delete messages from both devices.

Elon Musk described the system as using “Bitcoin-style encryption” and confirmed that it is built on Rust programming language. Experts, however, note that while the term is catchy, the encryption relies on elliptic-curve cryptography rather than Bitcoin’s blockchain model.

Security Concerns

Despite the upgrade, security experts point out some limitations. Unlike Signal, XChat does not support forward secrecy, which means if a user’s encryption key is compromised, past messages may also be at risk. Furthermore, private keys are stored on X’s servers through its Juicebox protocol, raising concerns over potential vulnerabilities.

Metadata such as recipient details and message timestamps remain visible, and encrypted messages cannot be reported to moderation teams, presenting a trade-off between privacy and abuse detection.

Conclusion

With XChat, the company has taken a major step toward improving user privacy and securing digital conversations. While it still faces criticism for certain cryptographic shortcomings and moderation challenges, the update highlights X’s effort to compete with secure messaging platforms like Signal and WhatsApp. For journalists, activists, and privacy-conscious users, XChat could prove to be a valuable addition.