Your privacy may be at risk with the new X calling function.
In an effort to make the simple and useful Twitter app into X, the app that does everything badly, Elon Musk added voice and video calling to X last week. This new feature is turned on by default, so anyone you talk to can see your IP address, and it’s very hard to figure out how to limit who can call you.
“Audio and video calling are now available to everyone on X!” said X’s official news account in a post on Wednesday afternoon. Who do you want to call first?” X wrote it.
We looked at X’s official help center page and tested the feature to find out how it works and what risks are involved.
Even though an IP address isn’t very private, it can be used to figure out where someone is and can be tied to what they do online, which can be risky for high-risk users.
First, you can make voice and video calls in the X app’s Messages section. On both iOS and Android, a phone icon now shows up in the upper right corner of Messages.
In the X apps, calling is turned on by default. One catch is that you can only call and receive calls on X’s app right now, not in your computer.
Calls are peer-to-peer by default, which means that both people on the call share the same IP address because the call links directly to their devices. As we said in November, this is how most chat and calling apps work by design. This includes FaceTime, Facebook Messenger, Telegram, Signal, and WhatsApp.
In its help center, X says that calls are sent between users peer-to-peer, which means that both parties can see each other’s IP addresses.
In X’s Message settings, you can slide the “Enhanced call privacy” switch on or off to hide your IP address. What X says about this setting is that it “will be relayed through X infrastructure, and the IP address of any party that has this setting enabled will be masked.”
Since X’s public help center page doesn’t say anything about encryption, it’s likely that the calls aren’t end-to-end encrypted, which could mean that Twitter can listen in on conversations. Signal and WhatsApp are both end-to-end protected apps, which means that only the caller and the receiver can hear what’s being said.
We asked X’s press email if there was end-to-end security. The only answer we got was “Busy now, please check back later,” which is X’s standard reaction to media questions. We also sent an email to Joe Benarroch, a spokesman for X, but did not hear back.
Because of these privacy risks, we suggest that you turn off the calling option completely.
If you do decide to use this call feature, you need to know who can call you and who you can call. Depending on how you have it set up, this can get very confusing and hard to understand.
As you can see above, the default setting is “People you follow.” You can change it to “People in your address book” if you shared your contacts with X; “Verified users” if you want anyone who pays for X to call you; or “everyone” if you want spam calls from anyone.
TechCrunch chose to test a number of different situations with two X accounts: a test account that was just made and a real account that had been used for a long time. With the open source network monitoring tool Burp Suite, we could see how the X app’s network traffic went in and out.
It Looks Like This (At The Time Of Writing):
- No one can call the other when they are not following each other. This is because neither account sees the phone icon.
- The real account gets the direct message from the test account, but neither account sees the phone icon.
- Once the real account says yes to the direct message, the test account can call the real account. And if no one answers, only the IP address of the test account user is shown.
- The real account’s IP address is shown when the test account picks up the call, so both sets of IP addresses are visible. The test account can’t call back because it is set to only accept “follow” calls.
- The real account can talk to the test account when it follows it back.
A study of the network shows that X used Periscope, Twitter’s defunct livestreaming service and app, to build the calling function. We found that because X’s calling uses Periscope, the X app sets up the call as if it were a live Twitter/X stream, even though no one can hear what’s being said.
Also Read: X is Adding Voice and Video Calls to Android
Finally, it’s up to you to decide if you want to use X calling. You can’t do anything, which means you might get calls from people you don’t want to hear from, which could put your privacy at risk. You can also try to figure out X’s settings to limit who can call you. And you don’t have to worry about any of this if you turn off the feature.
What do you say about this story? Visit Parhlo World For more.
