X Elevates Privacy with Chat—Encrypted DMs, Calls, But Security Concerns Persist

X has overhauled its direct messaging system by launching Chat, offering end-to-end encryption, file sharing, disappearing messages, and voice and video calls on iOS and web, with Android support coming. However, experts point out remaining security gaps—metadata is unencrypted, man‑in‑the‑middle risks persist, and private key handling on X’s servers raises trust concerns.

What We Know

X has replaced its legacy Direct Messages with Chat, an encrypted communication hub now available on iOS and the web with Android support coming soon. Chat supports end‑to‑end encryption of messages and files, automatic disappearing messages, editing and deleting, screenshot blocking or alerts, and voice and video calls without phone numbers. All content is encrypted, but metadata—such as timestamps and recipients—remains exposed. X acknowledges it currently offers no protection against man‑in‑the‑middle attacks, yet plans to add signature checks and safety number verification later.

The feature follows a temporary pause of earlier encrypted DMs in May 2025, when X claimed it was refining the system. Chat now includes more capability than before, extending encryption to group chats and media, and integrating file transfer and calls into a single messaging platform.

What It Means

By expanding encrypted messaging to all users and bundling richer features, X is aligning with competitors like WhatsApp, Signal, and iMessage while advancing its ambition to become a multi‑utility “everything app.” The seamless integration of chat, disappearing content, and voice/video calling positions the platform as a central communication hub.

Yet the security model raises concern. Storing user private keys on X’s servers (protected by a PIN) rather than solely on devices diverges from best practices. Without open‑source verification, forward secrecy, or guaranteed safeguards against man‑in‑the‑middle compromise, experts advise caution. For now, trust in Chat hinges on X’s integrity and transparency.

The Backstory

X initially offered encrypted DMs in 2023 for paid users, but paused that feature in May 2025 citing needed improvements. The launch of Chat marks a broader encryption rollout—now available to all users, not just subscribers, with enhanced functionality like media encryption and voice/video calls rolled into the new system.

What’s Next

X says it will introduce signature verification and safety numbers to mitigate man‑in‑the‑middle attack risks and enable device authenticity checks. The company also plans to open‑source its encryption implementation and publish a technical whitepaper. Until those arrive, the system remains in a transitional phase, blending increased functionality with unaddressed security gaps.