Our Blogs

Picture X’s shiny new chat app, XChat, as the sequel to a blockbuster movie that’s supposed to fix the plot holes of the last film. The headline feature is “proper” end-to-end encryption, but rolling that out for millions is like handing every viewer their own film projector — most people drop the reels or lose the power cord (read: crypto keys).

Because users misplace keys, services often babysit them. That’s convenient, except it defeats the whole “only the sender and receiver can read this” promise. To patch that hole, X bolts on a gadget called Juicebox. Think of it as a combination lock:

• Short PIN as the secret code — the user picks a memorable PIN.
• The real encryption key gets derived from that PIN, chopped into several slices, and those slices live on separate servers.
• Guess the PIN wrong too many times and the system vows to shred the key.

Sounds tidy until you notice two cracks:

• Same landlord, many rooms — if every “separate” server belongs to X, splitting the key is cosmetic.
• Pinky-swear deletion — the promise to nuke the key isn’t enforced by math, just by policy.

Rumour is X runs the Juicebox pieces inside paired Hardware Security Modules—vault-grade boxes that refuse to leak secrets—which does ease both worries. Still, outside eyes can’t inspect the setup yet, so plenty of security folk stick with Signal for now.

In short: XChat makes a clever stab at scalable encryption, but until we see the blueprints, it’s safer to treat it as a well-dressed beta than a locked vault.