X is opening up access to XChat, the end-to-end encrypted direct messaging feature, expanding from a small beta to more users, including those who haven’t been paying for X Premium. The secure inbox coexists with the current DM system and is intended for private, media-rich exchanges that remain locked to the devices they are being used on.
What’s New and What’s Included
XChat is a standalone, opt-in inbox that offers end-to-end encryption, or messages that are encrypted on the sender’s device and can only be decrypted on the recipient’s device. Feature wise: media upload, group chat, pinned messages, read/unread control. There’s also been a rumor of some sort of ephemeral “vanishing” mode, which would suggest the company wants to have parity with other secure messengers on its privacy features.
Importantly, XChat is not a substitute for the venerable DM system. Traditional messages still show up under a “unencrypted” tab, the encrypted ones have their own space. That separation reduces confusion for users and makes it clearer which messages are end-to-end encrypted.
Where to find XChat and how to get started
Users who are part of the larger rollout will notice XChat in the Messages section on desktop, under a “Chat” heading above Message Requests. On mobile: “Chat” is at the top of the left navigation bar, above Communities. But because the system is opt-in, only those people who have also activated it will be able to start encrypted threads with you.
X asks you to choose a four-digit code that will secure access to that encrypted inbox, before it sends out your first encrypted message. It’s somewhat akin to local passcodes in apps like Signal and adds a simple layer of security for a situation when someone has physical access to your device. For maximum security, digital safety groups recommend pairing that code with strong device-level biometrics or a longer device passcode.
Security expectations and open issues
As with any end-to-end encrypted rollout, the details matter instead. What security folk tend to seek include traits like front secrecy, overmuscled group key management, strong resistance to either SIM-swap or device-clone attacks as well as clear, user friendly means to verify contact keys in order to prevent mitm or man-in-the-middle interception. Advocacy organizations like the Electronic Frontier Foundation, along with academic labs like Citizen Lab, periodically urge platforms to document cryptographic design, threat models and how multi-device sync and backups work.
Distribution key verification is something else to keep an eye on. Competitive services do things differently: which will tell you that you are secure using so called safety numbers, Apple has added iMessage Contact Key Verification for high value targets, and WhatsApp goes so far as to have the ability to change keys transparently and will alert you about it. For XChat (community chats more likely), if they introduced a sane, reliable verification process, it would go a long way for the trust I’m mentioning.
How XChat matches up to its competitors
There is no open, audited end-to-end encryption service with minimal metadata collection that exists other than Signal. WhatsApp offers end-to-end encryption by default on its personal and group chats to a worldwide audience it claims tops two billion users, and has added account protections such as device verification that can help to thwart malware and account takeovers. Apple’s iMessage is end-to-end encrypted out of the box, and affords more protections for those who are especially targeted.
Telegram takes a different approach: the company’s normal chats are cloud-based and not E2E by default, but the company also provides “Secret Chats” for E2E on a per-thread basis, which historically has made it a bad fit for fully-featured groups. XChat’s decision to divide encrypted and unencrypted inboxes — with early support for group chats and rich media to boot — places it closer to WhatsApp and iMessage in terms of everyday utility and behavior, with Signal as the gold standard for transparency and security posture.
Privacy gains and moderation trade-offs
End-to-end encryption provides protection for the content of the messages from the platform providers, the network operators, and an attacker. It is particularly useful to journalists, activists and at-risk communities, a fact that civil society groups have been underlining for a long time. Meanwhile, encrypted messaging can make the safety work of platforms more challenging, since it stops them scanning for spam or known abuse material on the server side. Groups such as the National Center for Missing & Exploited Children have sounded alarms about the implications for detection workflows, while privacy advocates contend strong encryption is a must and that safety must depend on client-side tools, metadata limits, and strong chief reporting officers.
Regulators around the world are still grappling with how child-safety requirements interact with encryption. Platforms have taken to investing in user reporting flows, rate-limiting, behavioral signals and optional client-side safety features that don’t compromise end-to-end encryption. How X navigates those pressures — and how clearly it communicates the trade-offs — will determine credibility in XChat.
Why X’s rollout is relevant for this
Stretching XChat from the initial tiny beta suggests encrypted chats are graduating from a paid-only feature to a first class citizen of the service. And if adoption blossoms, X could find more delicate or high-value communications following suit, flowing from off-platform to on. That, in turn, ratchets up expectations for reliability across devices, secure backups and clear recovery strategies when users lose their phones — all spaces in which mature messengers have learned hard lessons.
For now, the broader launch is a practical one: users get a secure area for DMs with chat mechanics, X keeps legacy DMs for everyone else. The next phase will depend on openness about the cryptography, cautious safety design, and on whether X can make privacy tech feel such second nature that it becomes the default way its community communicates.
