Back to Blog
twitterxencryptionelon muskxchatend-to-end encryptionprivacysignalopen source

Elon Says X Has Encryption. X's Documentation Says They Can Read Your Messages. Both Can't Be True.

Snugg Team|February 12, 2026|15 min read
Contradiction between Elon Musk's encryption claims and X's documentation


Elon promises "very good encryption" and open source code. X's help page admits they can't protect against hackers. Which should you believe?

This week, Elon Musk announced two things:

On Twitter: "XChat has encryption, we'll open source the code in the next few months, very good encryption, peer-to-peer like Bitcoin."

In X's official documentation: "We currently do not offer protections against man-in-the-middle attacks" and "X itself could potentially access encrypted messages."

One of these statements is true.

Both cannot be.

And this contradiction sits at the foundation of X Money—Elon's payment system entering beta in 1-2 months.

You're supposed to trust your money to a platform that can't even align its CEO's tweets with its help documentation.

Let me explain what's really happening.

The Promise: "We Will Superset Signal"

Let's go back to where this started.

December 2022: Elon buys Twitter for $44 billion. He immediately starts talking about encrypted DMs.

His exact words: "DMs should have end to end encryption like Signal, so no one can spy on or hack your messages."

Not "similar to Signal." Not "inspired by Signal."

He said Twitter would "superset Signal."

For context: Signal is the gold standard for encrypted messaging. Used by journalists, activists, whistleblowers, and anyone who needs actual privacy. It's open source, independently audited, and trusted by security experts worldwide.

Elon was promising to build something better than that.

What he actually built:

A messaging system that X's own documentation admits:


So not "superset Signal."

More like "subset of basic security."

The Latest Claims: "We'll Open Source Everything"

Before we get into the history, let me address what Elon tweeted this week (February 9, 2026).

He announced:

"In the next few months, we will be doing rigorous security tests of X Chat and will open source all the code"

And on Joe Rogan, he claimed:

"It's using a sort of peer-to-peer-based encryption system. So, it's kind of similar to Bitcoin. I think, very good encryption."

So Elon is now saying:

  • XChat has end-to-end encryption

  • It will be open sourced "in the next few months"

  • It uses "peer-to-peer encryption similar to Bitcoin"


Great! If true, that would solve everything.

But here's my problem:

Elon's Tweets Say One Thing. X's Documentation Says Another.

While Elon tweets about "very good encryption," X's own help page currently states:

  • "We currently do not offer protections against man-in-the-middle attacks"

  • "X itself could potentially access encrypted messages as a result of a compulsory legal process"

  • Messages stored on X infrastructure are "encrypted" but can be decrypted by X


So which is it?

Is XChat truly end-to-end encrypted (what Elon tweets)?

Or can X still read your messages (what the documentation says)?

The "Open Source In A Few Months" Promise

Elon says the code will be open sourced "in the next few months."

I want to believe him. Open source is exactly what's needed.

But I've heard this before.

May 2023: "Try it, but don't trust it yet" - encryption launched, never improved

Three years later: Still not open source, still not independently audited

Now: "We'll open source it in a few months"

I'll believe it when I see it on GitHub.

Until the code is actually published and security experts can audit it, we only have Elon's word. And his word has a... let's call it a "credibility gap."

The "Bitcoin-Style Encryption" Confusion Continues

Elon keeps referencing "Bitcoin-style encryption" or "peer-to-peer encryption similar to Bitcoin."

I need to say this clearly: Bitcoin doesn't use encryption for transactions.

Bitcoin uses:

  • Cryptographic signatures (to prove you own your coins)

  • Hash functions (to link blocks together)

  • Public blockchain (where everything is visible)


The entire point of Bitcoin is that transactions are PUBLIC. Not encrypted. Visible to everyone.

When Elon compares XChat to Bitcoin, he's either:
1. Misunderstanding how Bitcoin works
2. Misunderstanding how encryption works
3. Using "Bitcoin" as a marketing term because it sounds secure

None of these options inspire confidence.

What he probably means: XChat uses public-key cryptography (like Bitcoin uses for signatures). But that's not the same as end-to-end encryption for messaging.

Signal also uses public-key cryptography. So does WhatsApp. So does pretty much every secure messaging app.

Saying "Bitcoin-style" instead of "Signal-style" or "industry-standard end-to-end encryption" makes me wonder: Does Elon actually understand what he's building?

What Actually Happened: A Timeline of Broken Promises

Let me walk you through three years of Elon promising encryption and delivering theater:

March 2023: The First Promise

Musk tweets: "Aiming to roll out ability to reply to individual DMs, use any reaction emoji & encryption later this month."

He adds: "The acid test is that I could not see your DMs even if there was a gun to my head."

That's end-to-end encryption. That's what he promised.

May 2023: The Fake Launch

Twitter launches "encrypted messaging" for paid users only.

Immediately, security experts notice problems:

  • Only works for 1-on-1 chats (not groups)

  • Only text and links (no photos, videos, files)

  • No forward secrecy

  • X's own documentation warns: "We currently do not offer protections against man-in-the-middle attacks"


Translation: Hackers can intercept your messages.

Musk tweets: "Try it, but don't trust it yet."

At least he was honest for once.

May 2025: The Quiet Removal

Encryption gets quietly removed. No announcement. No explanation. Just gone.

"Paused for improvements," they say.

June 2025: The "XChat" Relaunch

Musk announces XChat - a "whole new architecture" built on "Rust with Bitcoin-style encryption."

Remember: Bitcoin isn't encrypted.

Security experts immediately point this out. Musk doesn't respond.

November 2025: The Marketing Push

Musk goes on Joe Rogan to promote XChat.

He claims:

  • "Very good encryption"

  • "No hooks for advertising like WhatsApp"

  • Will be "the least insecure messaging system"


Notice what he didn't say: "It's secure."

He said "least insecure."

That's like saying "this is the driest water."

February 2026: The Payment System

This week, Musk announces X Money beta.

The foundation? XChat's "encrypted messaging."

You're supposed to trust your money to a platform that can't even protect your messages.

What's Wrong With X's "Encryption"

Let me explain the technical problems in plain English.

Problem 1: It's Not Actually End-to-End Encrypted

Real end-to-end encryption means:

  • Your device encrypts the message

  • Only the recipient's device can decrypt it

  • Nobody in between can read it—not the company, not hackers, not governments


X's encryption means:
  • Your message is encrypted... sometimes

  • X can decrypt it whenever they want

  • X admits: "X itself could potentially access encrypted messages as a result of a compulsory legal process"


That's not end-to-end encryption. That's just regular encryption with a backdoor.

Problem 2: No Protection Against Hackers

X's help page literally states: "We currently do not offer protections against man-in-the-middle attacks."

This means:

  • Hackers can intercept your messages

  • They can read them

  • They can modify them

  • You'll never know


This is Security 101 stuff. Signal solved this problem a decade ago.

Problem 3: No Forward Secrecy

Forward secrecy means: If someone steals your encryption key today, they can't decrypt messages you sent last week.

X doesn't have this.

So if your account gets hacked, all your past "encrypted" messages can be decrypted.

Problem 4: The "Bitcoin-Style Encryption" Nonsense

Musk keeps saying XChat uses "Bitcoin-style encryption."

Here's the thing: Bitcoin doesn't use encryption.

Bitcoin uses cryptographic signatures to prove ownership. But the blockchain itself is completely public. Everyone can see every transaction.

That's literally the opposite of encryption.

When Musk says "Bitcoin-style encryption," he's either:

  • Lying

  • Or fundamentally misunderstands how Bitcoin works


Neither option inspires confidence.

Problem 5: No Independent Audits

Signal is open source. Anyone can review the code. Independent security researchers regularly audit it.

X's encryption? Closed source. No audits. Just "trust us."

The same company that:


Yeah, I'm not trusting that.

Why This Matters (Beyond Just X)

I don't use X for DMs. Most people don't.

So why am I writing 3,000 words about this?

Because this is about something bigger than one platform's bad encryption.

This is about security theater becoming normalized.

What Security Theater Looks Like

Real security: Independently audited encryption that experts verify actually works.

Security theater: Marketing claims about encryption with no verification. (I wrote a whole guide on how to verify encryption claims if you want to learn to spot the difference.)

X is building security theater and calling it innovation.

And they're not alone:


The pattern is clear: Companies know users want privacy. So they slap "encrypted" on things and hope nobody looks too closely. It's the same playbook Snapchat used when they promised your photos would disappear—marketing a feature that didn't work as advertised.

The Dangerous Part

Now Elon wants to add payments to this broken system.

Think about that.

He's asking you to:

  • Trust your money to a platform

  • That can't protect your messages

  • Whose "encryption" admits it doesn't work

  • Run by someone who doesn't understand how encryption works


What could possibly go wrong?

What Actual Encryption Looks Like

I'm a yacht surveyor, not a security expert. But I know enough to recognize the difference between real security and marketing.

Here's what actual encryption requires:

1. End-to-End Encryption

Only sender and recipient can decrypt messages. Not the company. Not hackers. Not governments.

Signal does this. WhatsApp (supposedly) does this. X doesn't.

2. Forward Secrecy

If your key is compromised today, past messages stay secure.

Signal has this. X doesn't.

3. Protection Against Attacks

Man-in-the-middle attacks should be impossible.

Signal prevents this. X admits they don't.

4. Open Source & Audited

Anyone can verify the code actually does what it claims.

Signal is fully open source. X is closed and unaudited.

5. No Backdoors

The company genuinely cannot access your messages, even if compelled by law.

Signal deletes encryption keys. X keeps them.

It's not complicated. The technology exists. Signal proved it works at scale.

Elon chose not to build it.

The Real Goal: X as the Everything App

Let me tell you what I think is actually happening.

Elon doesn't care about encryption.

He cares about lock-in.

His vision for X is to recreate WeChat—China's "everything app" where you:

  • Message friends

  • Post on social media

  • Pay for things

  • Transfer money

  • Order food

  • Book travel

  • Access government services


All in one app.

China's government loves WeChat because it gives them complete surveillance of citizens' lives. Every message, every transaction, every movement—all in one convenient database.

Now Elon wants to build that for the West.

But Americans won't accept government surveillance. So he's wrapping it in the language of privacy:

  • "Encrypted messaging"

  • "Bitcoin-style" (even though Bitcoin isn't encrypted)

  • "Least insecure"


It's brilliant marketing. And it's complete bullshit.

Here's what he's actually building:

A platform where:

  • Your messages aren't actually encrypted

  • Your financial transactions happen alongside your messages

  • Everything is tied to your identity

  • X can access all of it

  • You have no way to verify any security claims


That's not an "everything app."

That's a surveillance platform with payment processing.

What You Should Actually Do

If you're using X DMs for anything sensitive, stop.

I know that sounds dramatic. But here's the reality:

X's own documentation admits their encryption doesn't work.

So what should you use instead?

For Messaging: Signal

It's free. It's open source. It's independently audited. It actually works.

Signal has:

  • Real end-to-end encryption

  • Forward secrecy

  • Protection against all known attacks

  • No metadata collection

  • No ads

  • No data sales


Download it. Convince your friends to use it. Delete XChat.

For Payments: Not X

Seriously. Don't send money through a platform that admits it can't protect your messages.

Use:

  • Your bank

  • Venmo (if you must)

  • Cash App (if you must)

  • Literally anything except a messaging app that doesn't understand encryption


For Social Media: Honestly, I'm Biased

I'm building Snugg specifically because platforms like X prioritize growth over security.

Snugg has:

  • Actual end-to-end encryption (not "Bitcoin-style")

  • Open source code (verify everything)

  • No payment integration (we're not trying to be an everything app)

  • Simple subscription model (you're the customer, not the product)


But even if you don't use Snugg, use something that actually encrypts your data.

Anything except X.

The Bigger Picture: When Marketing Beats Reality

Here's what frustrates me most about this situation:

Elon's broken encryption will probably work.

Not technically. It doesn't work technically.

But as marketing? It'll work great.

Most people will:

  • See "encrypted messaging"

  • Assume it means "secure"

  • Never read the documentation

  • Never talk to security experts

  • Just trust that Elon knows what he's doing


And X will get away with it.

They'll build a massive user base on false promises of security—the same way every major platform did.

They'll add payments to a broken foundation.

They'll collect vast amounts of data from people who think they're protected—just like YouTube, TikTok, Snapchat, and Reddit already do.

And by the time anyone realizes the encryption was theater, it'll be too late. Everyone will already be locked into the ecosystem.

This is why I'm writing this.

Not because I think I can stop X.

But because some people will read this and realize: "Wait, this isn't actually secure."

And maybe—maybe—they'll choose something better.

A Note on Elon

I need to say something about Elon Musk.

I respect what he's built with Tesla and SpaceX. Legitimately impressive.

But this encryption situation reveals something important:

Being smart at one thing doesn't make you smart at everything.

Elon clearly doesn't understand encryption. The "Bitcoin-style" comments prove that.

But instead of hiring experts and listening to them, he's:

  • Making bold claims he can't back up

  • Ignoring security researchers

  • Building systems that actively harm user privacy

  • Marketing it all as innovation


That's not innovation. That's arrogance.

And when it comes to security, arrogance gets people hurt.

What If Elon Actually Delivers This Time?

Look, I want to be fair.

If X actually:

  • Open sources the XChat code in the next few months

  • Passes independent security audits

  • Implements true end-to-end encryption with forward secrecy

  • Removes the backdoors their documentation currently admits exist


Then I'll happily update this post and say: "Elon delivered."

I'm skeptical based on history. But I'm not closed-minded.

The difference between me and Elon's biggest critics: I want him to succeed at this.

We NEED more encrypted messaging options. Signal is great but having competition is healthy. If X becomes a truly secure messaging platform, that's good for everyone.

But here's what needs to happen:

1. Open Source The Code (Actually Do It)

Not "in a few months."

Not "eventually."

Not "when we feel like it."

Put it on GitHub. Today. Let security researchers examine it. Let them find vulnerabilities. Fix them publicly.

Signal did this. WhatsApp did this (they use Signal's protocol). Even Apple published some of iMessage's code.

If Elon's serious about "the least insecure messaging," prove it with code, not tweets.

2. Update The Documentation

X's help page currently says they can read your messages and don't protect against hackers.

If that's changed, update the documentation.

If it hasn't changed, stop tweeting that it's encrypted.

3. Independent Security Audits

Hire Trail of Bits, NCC Group, or another respected security firm.

Have them audit the code publicly.

Publish the results.

This is standard practice for any serious encryption product.

4. Remove The Backdoors

The documentation currently says X can access messages "as a result of compulsory legal process."

That's a backdoor.

Real end-to-end encryption means even X can't decrypt messages. Not for legal process. Not for anyone.

If X keeps encryption keys, it's not end-to-end encrypted. Period.

5. Stop The "Bitcoin-Style" Nonsense

Just say "end-to-end encrypted using industry-standard cryptography."

Everyone will understand that.

The "Bitcoin-style" comparison confuses people and makes security experts cringe.

If Elon does all of this, I'll write a follow-up post titled: "I Was Wrong About X Encryption."

But until then, I'm judging based on what's verifiable now, not what's promised for later.

What Happens Next

X Money will launch in the next 1-2 months.

XChat's "encryption" will be the foundation.

Millions of people will use it because:

  • It's convenient

  • Everyone's already on X

  • Elon has convinced them it's secure


And their messages won't actually be encrypted.

Their financial data won't actually be secure.

But they'll think it is.

Until there's a breach.

And there will be a breach.

There's always a breach.

The question is: Will you still be using X when it happens?

Join Us in Building Something Better

I started building Snugg because I was tired of platforms lying about privacy.

Tired of "encrypted" meaning "we can still read it."

Tired of "secure" meaning "trust us."

Tired of watching people get deceived by security theater.

Snugg is different:

  • Real end-to-end encryption - We physically cannot read your content

  • Open source - Verify every claim we make

  • Independently audited - Security researchers check our work

  • No payments integration - We're not trying to be WeChat

  • Simple subscription - $5/month, no hidden costs, no data sales (here's why social media without ads requires this model)


We're not trying to beat X.

We're building an alternative for people who want actual security, not marketing claims about security.

If that's you, join us.

Join the waitlist: snugg.social
Email me directly: hello@snugg.social

Or keep using X. It's your choice.

Just make it an informed choice.

Related Reading

If this article was useful, you might also want to read:

Understanding Encryption & Privacy:


Platform Privacy Problems:

The Bigger Picture:

Sources & Further Reading

February 2026 Announcements:


XChat Launch & Analysis (2025):

Original Encryption Promises (2023):

Twitter/X Security & Staffing Issues:

About the Author

I'm a yacht surveyor based in the Caribbean and the founder of Snugg. I'm not a security expert, but I know enough to recognize when someone's tweets don't match their documentation. After watching Elon promise "very good encryption" on Twitter while X's help page admits they can read your messages, I decided we needed to talk about the difference between marketing claims and verifiable security. When I'm not building Snugg or surveying yachts, I'm wondering why we keep believing promises instead of reading the fine print.

Connect: Twitter/X | LinkedIn | Email

About Snugg: I'm building the social media platform I wish existed. No ads. No tracking. No algorithms. No surveillance. Just you, your friends, and actual control over your digital life. Learn more

If this helped you understand the gap between what Elon tweets and what X actually delivers, please share it. The more people who read the documentation instead of just the tweets, the safer we all are.

Share this post

Ready for Real Privacy?

Join our waitlist and be among the first to experience a truly private social platform.

Join Waitlist