Users can register for Chat by entering the Chat tab from the dash menu or the messages tab in the toolbar, and following the instructions. This will initiate the creation of a public-private key pair which can then be retrieved from any device. To remove your private key from a device, log out of the account.
We welcome feedback and are actively working on improving every aspect of the product, from user experience to protocol security.
Unlike before, group messages and media can now be encrypted.
Content
The contents of an Encrypted Direct Message are always encrypted, including any links, media, or files. Reactions to Encrypted Direct Messages are also encrypted. It is important to note that while the message content itself is encrypted, associated metadata (e.g., recipient, creation time, etc.) is not. If Posts are shared in an encrypted chat, X will have a record that those Posts were shared.
New devices
There is no limit to the number of devices that can use Chat on X.
Safety numbers
Safety numbers are a way for you to verify your Chat is with who you think it is. Compare safety numbers with anyone you have a Chat with. They should match!
On the technical side, the safety number is derived with the public key from both people in the Chat. Every message is signed with the other person's public key, meaning that if the safety numbers match, the messages could not have come from anyone else.
Reporting
Currently, it is not possible to report an Encrypted Direct Message to X due to the encrypted nature of the conversation. If you encounter an issue with an encrypted conversation participant, we suggest you file a report about the account itself and our team will take a look.
To prevent someone from sending you Encrypted Direct Messages, do not follow them or, if you already have had a Direct Message conversation with that user, block them.
Logout and key backup
If at any time you log out from X, all messages including Encrypted Direct Messages on your current device will be deleted; this will not impact any other devices on which you are logged in.
Upon logging out, X will erase any private keys and conversation keys, unless you have used the device-managed passcode option - in which case the passcode is stored on your iCloud Keychain (for iOS devices only). If you log back in on the same device, your device will be able to re-fetch and decrypt the encrypted conversations using the private key that the device had access to before logging out.
If you cannot remember the passcode you can reset it from any device which you are already using Chat from. If unable to reset from a logged in device, you will not be able to recover your encrypted conversation history. We will be improving this limitation in the near future.
Forward secrecy
If the private key of a registered device is compromised, an attacker would be able to decrypt all Encrypted Direct Messages that were sent and received by that device. In other words, this implementation is not “forward secure.” We are working on mechanisms to allow private key rotation to offer some forward security in the future.
Chat allows users to “unsend” a message, which will remove it from the recipient’s inbox. This is only possible for encrypted messages. Deleting or leaving an encrypted conversation will not prevent the other person from sending you a DM (encrypted or not) in the future.
When you delete an encrypted message or conversation (sent or received), the data will be instantly deleted from your device (and soon after, from all your other devices). You will no longer be able to view it. Note that the recipient may still be able to see the encrypted message or conversation you have deleted.
Chat offers a new feature called Disappearing messages, which allows a user to select a duration, after which messages will be deleted from the device and X’s servers. To set the duration, navigate to the conversation info screen and tap the “Disappearing messages” menu.
You can edit an image with Grok or ask Grok to analyze your message. Select the image or message and pull up the context menu. Select ‘Ask Grok’ to open the selected image or message in the Grok tab. Note that once you send to Grok, that image or text is no longer encrypted (the contents within the original conversation are still encrypted).
On Chat, you can also chat with a Grok Companion. While end-to-end encrypted, ultimately Grok will need to decrypt your message in order for theCompanion to read your message and respond. You can read more about Grok here (https://help.x.com/en/using-x/about-grok).
End-to-end encrypted chats on X require each user to have a private-public key pair. This key pair helps securely exchange conversation secrets that encrypt your messages from sender to recipient. A primary challenge with end-to-end encryption is safely storing the private key - access to it would allow someone to read your messages.
Many apps store private keys only on your device, but this can make it difficult to access your chats seamlessly across multiple devices, which isn't the experience most X users expect.
To address this, X uses the open-source Juicebox protocol to securely store your private key in the cloud while keeping it protected. The Juicebox protocol splits your secret key into multiple shares, which are stored across independent servers (called "realms"). Your key can only be recovered using the PIN you set when enabling encrypted chats - this PIN never leaves your device.
In X's implementation:
Your key shares are stored across three Juicebox realms, all currently operated by X.
Two of these are hardware-backed realms that use Hardware Security Modules (HSMs) to encrypt your data before it's stored.
Recovering your key requires at least two of the three shares, ensuring that at least one always comes from a hardware-backed realm for added security.
We've published details about the key setup ceremony for these hardware realms here: Chat HSM Realm Key Ceremony.
No. The Juicebox protocol is designed to prevent brute-force attacks, even if someone controls all the realms.
Hardware-backed realms include a built-in guess counter with a strict limit. For X chats, this limit is set to 20 incorrect attempts. After the limit is reached, the key shares become permanently inaccessible. This protection is cryptographically enforced using a Merkle tree structure, where the root is securely stored in the HSM's protected enclave. The software running on the HSMs is open sourced here: https://github.com/juicebox-systems/juicebox-hsm-realm.
This means that even X cannot guess or brute-force your PIN to recover your private key and access your chats.
In the future, we plan to give users more options, such as choosing realms operated by different organizations to further distribute trust and self-custody of keys.
For more technical details on the Juicebox protocol, visit juicebox.xyz/blog.