X has officially rolled out its new messaging platform, Chat, a privacy-branded upgrade to its legacy direct messages (DMs).
The feature is now available on iOS and web for all users running the latest version of the X app, with Android support promised soon.
According to the company's announcement on Saturday, the new Chat system introduces a unified inbox combining legacy DMs and end-to-end encrypted conversations. It supports encrypted group and one-on-one messaging, file sharing, media calls, and voice memos, the latter returning in a future update. Additional features include message editing and deletion, disappearing messages, and screenshot notifications, along with the ability to block screenshots entirely.
The rollout marks a significant phase in X's ongoing transformation under Elon Musk, who first teased the platform's encrypted messaging overhaul in June 2025. Chat is powered by XChat, a custom protocol named Juicebox, written in Rust and built on top of Libsodium cryptographic primitives. It enables cross-platform communication without requiring a phone number, positioning it as a feature-rich rival to secure messengers like Signal, Telegram, and Session.
Unlike legacy DMs, which lacked encryption guarantees, Chat aims to offer a privacy-forward alternative with no ads, no tracking, and tighter content controls. Users can now initiate encrypted conversations with prior contacts and share any file type securely, at least in theory.
While the feature set is ambitious, earlier security analyses have raised flags about the strength of XChat's architecture. As previously reported, the system uses a four-digit PIN to protect users' private keys, which are stored on X's servers. Though the PIN is processed using the Argon2id password hashing function, its low entropy makes it highly susceptible to brute-force attacks. This undermines X's end-to-end encryption claims, since any actor with backend access, or an attacker with the encrypted key, could potentially decrypt user data.
Security researchers previously pointed out the absence of forward secrecy, key verification, and hardware-backed protections, all standard in mature encrypted platforms. While X claims its Juicebox protocol uses “realms” to distribute keys, there's no indication these are managed independently or secured in trusted hardware environments.
It's also worth noting that the addition of screenshot alerts, while aimed at protecting content visibility, diverges from industry moves toward more passive protections. Session, for example, recently removed screenshot alerts altogether, citing their limited effectiveness and potential privacy risks.
Still, the launch of Chat represents a major functional upgrade for the X platform, particularly for users who already rely on it for messaging and are looking for tighter integration with privacy controls. With support for encrypted group chats, media calling, and message control features, Chat is positioned as a full-featured replacement for traditional DMs, albeit users should keep its potential security gaps in mind.
Those seeking the highest level of communication security are advised to continue using platforms with independent audits, decentralized key storage, and strong forward secrecy.
Leave a Reply