X’s new XChat promises “end-to-end” privacy — but its current implementation leaves several simple, well-known privacy protections out in the open, and experts warn that the feature as shipped can expose users to avoidable risks ranging from leaked image metadata to a service operator or insider able to read supposedly private chats. (san.com) (techcrunch.com)
X introduced XChat as a major upgrade to Direct Messages: an encrypted chat mode built on a new Rust-based architecture, with support for media, group chats, audio and video calling, and a four-digit PIN users set during setup. The company markets XChat as end-to-end encrypted, but its documentation and the reactions from cryptographers show that the feature is not yet aligned with the industry norms that define trustworthy E2EE. (x.com, san.com)
What matters for users is not marketing language but engineering choices. Two engineering decisions stand out: X’s current approach to key storage (private keys encrypted by a short PIN and held on X’s servers) and its decision not to strip image EXIF metadata by default. Both choices dramatically change the threat model for ordinary users and have triggered alarm from independent security researchers. (techcrunch.com, san.com)
That SAN test is alarming because EXIF metadata routinely contains location (GPS) tags, timestamps and camera identifiers that can map a message to a physical place or a personal device. The risk is straightforward: sharing an image in an encrypted conversation but with intact EXIF data may still reveal where and when the sender was — sometimes to potentially dangerous effect. (san.com, proton.me)
Cautionary note: the Pixel 8 Pro / Kansas City example is SAN’s test result. Independent replication by other outlets or security teams has not yet been publicly posted at the time of reporting, so the specific file-level claim remains attributable to SAN’s controlled check. That said, the broader claim — that XChat does not strip image EXIF metadata by default — is supported by X’s own documentation and by multiple security writeups analyzing XChat’s behavior. (help.x.com, theregister.com)
Industry best practice is to remove or normalize EXIF for user-facing derivatives. Newsrooms and enterprise workflows standardize EXIF removal for public derivatives to prevent inadvertent disclosure, and many consumer-first secure messaging apps remove location and other identifying metadata by default to shrink the attack surface for stalking, doxxing and targeted social-engineering.
XChat is closed-source today; X has promised to publish a whitepaper and open-source the implementation later. Security researchers consider that promise useful but insufficient: shipping at-scale before independent audits and public code review risks rolling out an opaque crypto system that cannot be independently verified. (techcrunch.com, theregister.com)
The absence of public code or a formal, third-party audit also makes it difficult for users and enterprises to assess whether X’s server-side protections (HSMs, threshold-key schemes like Juicebox, auditing controls, key rotation) are implemented properly. Without that assurance, the only option is trust — and history shows that “trust us” rarely satisfies security-conscious communities. (blog.cryptographyengineering.com, theregister.com)
Metadata leakage is not academic. Network-level and platform-level metadata can enable:
For readers of WindowsForum and IT pros evaluating XChat today:
XChat could become a genuinely useful, privacy-forward product if X follows through on the engineering, transparency and default-safety measures the security community demands. Until then, the right posture for Windows users — and any user who values operational privacy — is skepticism and basic hygiene: strip metadata, don’t assume platform-held encryption equals absolute secrecy, and prefer tools that publish their designs and subject themselves to independent review.
Source: Straight Arrow News Not so secret: X’s new encrypted chat feature puts users at risk, experts say
Background
X introduced XChat as a major upgrade to Direct Messages: an encrypted chat mode built on a new Rust-based architecture, with support for media, group chats, audio and video calling, and a four-digit PIN users set during setup. The company markets XChat as end-to-end encrypted, but its documentation and the reactions from cryptographers show that the feature is not yet aligned with the industry norms that define trustworthy E2EE. (x.com, san.com)What matters for users is not marketing language but engineering choices. Two engineering decisions stand out: X’s current approach to key storage (private keys encrypted by a short PIN and held on X’s servers) and its decision not to strip image EXIF metadata by default. Both choices dramatically change the threat model for ordinary users and have triggered alarm from independent security researchers. (techcrunch.com, san.com)
What Straight Arrow News (SAN) found — the EXIF problem
In early September, Straight Arrow News (SAN) obtained early access to XChat’s beta and performed controlled tests which, according to the report, showed images sent over XChat retain full EXIF metadata. SAN said that information visible in the transferred photo included camera make/model, timestamp and GPS — and that SAN was able to identify a Google Pixel 8 Pro photo taken in a Kansas City airport parking lot on May 12 at 10:45 a.m. SAN’s piece quotes privacy technologists who say retaining EXIF data undermines user expectations that encrypted chats also sanitize embedded file metadata. (san.com)That SAN test is alarming because EXIF metadata routinely contains location (GPS) tags, timestamps and camera identifiers that can map a message to a physical place or a personal device. The risk is straightforward: sharing an image in an encrypted conversation but with intact EXIF data may still reveal where and when the sender was — sometimes to potentially dangerous effect. (san.com, proton.me)
Cautionary note: the Pixel 8 Pro / Kansas City example is SAN’s test result. Independent replication by other outlets or security teams has not yet been publicly posted at the time of reporting, so the specific file-level claim remains attributable to SAN’s controlled check. That said, the broader claim — that XChat does not strip image EXIF metadata by default — is supported by X’s own documentation and by multiple security writeups analyzing XChat’s behavior. (help.x.com, theregister.com)
Why EXIF matters: simple technical context
EXIF (Exchangeable Image File Format) is a standard for embedding metadata into JPEGs and many other image files. Typical EXIF fields include:- GPS coordinates (latitude, longitude, altitude)
- Camera make and model (e.g., Google Pixel 8 Pro)
- Date and time the photo was taken
- Image dimensions, orientation and software used to process the file
Industry best practice is to remove or normalize EXIF for user-facing derivatives. Newsrooms and enterprise workflows standardize EXIF removal for public derivatives to prevent inadvertent disclosure, and many consumer-first secure messaging apps remove location and other identifying metadata by default to shrink the attack surface for stalking, doxxing and targeted social-engineering.
X’s key-storage design and the cryptography criticisms
Beyond file metadata, the more fundamental cryptographic concern raised by researchers is how X stores and controls users’ private keys.- X requires users to set a four-digit PIN that the client uses to encrypt a private key.
- X’s documented flow places private key material on servers managed by X rather than strictly local-only key storage on the user’s devices.
- X’s public support pages explicitly warn that, in the current implementation, “a malicious insider or X itself” could compromise an encrypted conversation without alerting participants — a statement that breaks the usual promise of E2EE. (help.x.com, san.com)
- Centralized key storage under the service provider increases the chance that the provider or an insider may be able to access user keys, especially if Hardware Security Module (HSM) protections are absent or misconfigured. Researchers have warned that without rigorous, auditable HSM deployment, server-side key storage amounts to “trust us” security rather than provable end-to-end secrecy. (techcrunch.com, blog.cryptographyengineering.com)
- X’s use of a short PIN (four digits) to protect private key material reduces the effective protection of those server-held keys. Brute-force attacks or weak PIN-derivation schemes materially increase the risk that keys could be decrypted by an attacker who has gained access to the stored blobs. (techcrunch.com)
- XChat currently lacks Perfect Forward Secrecy (PFS), meaning compromise of a single long-term key could expose past and future messages. Most modern secure messaging protocols (Signal protocol, OMEMO, Double Ratchet) provide PFS precisely to prevent that catastrophic single-point compromise. X has said it is “working on” forward secrecy, but the feature’s absence now changes the trust calculus for anyone who assumed E2EE equals “cannot be read by the service.” (techcrunch.com, blog.cryptographyengineering.com)
Transparency and audits: open source matters
For mature secure messaging systems, transparency is a security feature. Signal, for example, publishes protocol details and open-source client/server code which allows independent researchers to validate implementation claims and audit for vulnerabilities.XChat is closed-source today; X has promised to publish a whitepaper and open-source the implementation later. Security researchers consider that promise useful but insufficient: shipping at-scale before independent audits and public code review risks rolling out an opaque crypto system that cannot be independently verified. (techcrunch.com, theregister.com)
The absence of public code or a formal, third-party audit also makes it difficult for users and enterprises to assess whether X’s server-side protections (HSMs, threshold-key schemes like Juicebox, auditing controls, key rotation) are implemented properly. Without that assurance, the only option is trust — and history shows that “trust us” rarely satisfies security-conscious communities. (blog.cryptographyengineering.com, theregister.com)
How X’s stated metadata policy changes the privacy promise
X’s help pages and public statements further clarify the product’s limits: although message contents are encrypted in XChat, associated metadata — who messaged whom and when, and whether a post was shared inside an encrypted chat — are not hidden from the platform. X explicitly says there will be a record if a public Post is shared in an encrypted chat. That means X retains conversational metadata that many privacy-first apps do not. (help.x.com, socialmediatoday.com)Metadata leakage is not academic. Network-level and platform-level metadata can enable:
- Timeline reconstruction of interactions
- Social graph analysis (who communicates with whom)
- Correlation of activity across accounts and services
- Narrowing ad targeting or content moderation actions based on private interaction patterns
Practical risks for Windows and desktop users
Windows users frequently move between desktop and mobile devices and often rely on cloud sync and backups. A few practical points to keep in mind:- Even if XChat encrypts messages in transit and at rest, server-side key storage and unstripped EXIF make it possible for someone with server access — or the operator under legal process — to access decrypted contents or embedded file metadata.
- Desktop uploads often include images edited or exported from Windows, which may retain EXIF or IPTC fields unless the user actively removes them. Many Windows workflows do not strip metadata by default.
- For enterprise or high-risk users, the retention of who-messaged-whom metadata is especially problematic; operational security requires minimizing data footprints that can be subpoenaed or leaked. (socialmediatoday.com)
What users and admins can do today (actionable mitigations)
Until XChat proves its architecture and ships forward secrecy, users who handle sensitive information should assume risk and apply practical mitigations.- Do not use XChat for high-risk or confidential conversations. Consider using established, audited E2EE apps (Signal, Wire, Element) for sensitive chats. (techcrunch.com)
- Strip metadata from images before sharing. On Windows, common options include:
- Use File Explorer: right-click an image -> Properties -> Details -> Remove Properties and Personal Information.
- Use a dedicated tool such as ExifTool for batch removal, or image editors that expose metadata removal. (en.wikipedia.org)
- Turn off GPS/location tagging on phones when privacy matters — prevent coordinates being embedded at capture time.
- If you must use XChat for convenience, limit types of files you share and avoid images taken at home, at unique locations or that contain location-bearing content (license plates, street signs, interior shots with identifiable decor).
- For organizations, add metadata-stripping and content sanitation to publishing and asset workflows: generate sanitized public derivatives and preserve masters in locked archives. This reduces accidental leaks if staff reuse images in private channels that later become public.
How X could fix the problems (and what to watch for)
If X wants XChat to be broadly trusted as a secure messaging platform, the following steps are necessary and measurable:- Move to device-held private key material or to a well-documented, audited threshold-HSM design so that provider-side decryption is cryptographically infeasible.
- Implement and enable Perfect Forward Secrecy by default so that the compromise of a single long-term key does not unlock message history.
- Publish the protocol and client/server code, and commission independent audits from multiple reputable cryptographers. Release audit results and remediation plans publicly.
- Strip EXIF and other metadata from media by default (or, at minimum, surface an explicit, well-labeled user choice with clear warnings).
- Limit retention of chat-related metadata — or, for users who need it, provide opt-in modes that minimize platform-held metadata and offer cryptographic proofs users can verify.
Critical analysis: strengths, gaps and risks
Strengths- XChat’s polished UI, cross-platform reach and support for media, group chats, and audio/video make encryption accessible to a large user base that previously had only unencrypted DMs.
- Building in Rust and promising to open-source the implementation indicates some commitment to modern engineering practices and transparency — if the code and audit follow-through happens. (x.com)
- The server-side key model paired with a four-digit PIN and lack of forward secrecy materially weakens end-to-end claims and makes the threat model dependent on trusting X’s internal operational security.
- Retaining image EXIF and conversation metadata violates widely accepted norms for privacy-preserving messaging and exposes users to simple, preventable harms like location disclosure.
- Rolling out encryption before independent audits and open code invites both technical attack vectors (man-in-the-middle, key compromise) and reputational damage that will be costly to fix.
Final verdict and recommendation
XChat’s launch highlights a recurring product trade-off: democratizing secure features to millions of users is laudable, but doing so without the architectural guarantees and sane defaults that make E2EE reliable turns privacy marketing into a risk vector.For readers of WindowsForum and IT pros evaluating XChat today:
- Treat XChat as an experimental, opt-in convenience feature, not a drop-in replacement for threat-model-appropriate secure messaging.
- Assume that image files you share may still carry EXIF location and device data unless you actively strip it.
- Expect that, in the current implementation, the platform operator retains metadata and may — under the right conditions — obtain decrypted content.
Quick checklist for power users (copyable)
- Disable location tagging on your camera and smartphone when privacy matters.
- Before sending images in any chat, remove EXIF data using File Explorer, ExifTool, or an image editor.
- Use audited, open-source E2EE apps (Signal, Element, Wire) for high-risk conversations. (techcrunch.com)
- Avoid sharing images of your home, license plates, unique interior shots or workspaces in non-audited platforms.
- For enterprises, enforce automated metadata-stripping on any content leaving corporate systems.
XChat could become a genuinely useful, privacy-forward product if X follows through on the engineering, transparency and default-safety measures the security community demands. Until then, the right posture for Windows users — and any user who values operational privacy — is skepticism and basic hygiene: strip metadata, don’t assume platform-held encryption equals absolute secrecy, and prefer tools that publish their designs and subject themselves to independent review.
Source: Straight Arrow News Not so secret: X’s new encrypted chat feature puts users at risk, experts say