in your search To turn a simple, functional Twitter app into X, the everything app that does nothing very well, Elon Musk launched audio and video calling on IP. to anyone you talk to, and it’s incredibly confusing to figure out how to limit who can call you.
In a post on Wednesday, the official X news account announced the new feature: “Audio and video calling is now available to everyone on X! Who do you call first? X wrote.
We examined the official X help center page and performed feature testing to analyze how the calling feature works and understand what the risks associated with it are.
A person’s IP address is not very sensitive, but these online identifiers can be used to infer location and can be linked to a person’s online activity, which can be dangerous for high-risk users.
Firstly, the audio and video calling feature is located within the Messages portion of the X app, where a phone icon now appears in the top right corner on both iOS and Android.
A screenshot of the X audio and video calling feature on iOS. Image credits: TechCrunch
A screenshot of the X audio and video calling feature on Android. Image credits: TechCrunch
Calling is enabled by default in the X apps. The caveat is that you can only make and receive calls in the X app, and not in your browser yet.
By default, calls are peer-to-peer, meaning the two people on a call share each other’s IP addresses because the call connects directly to their devices. This happens by design in most messaging and calling apps, such as FaceTime, Facebook Messenger, Telegram, Signal, and WhatsApp. as we reported in November.
In your official help centerX says that calls are routed peer-to-peer between users so that IP addresses “can be visible to each other.”
If you want to hide your IP address, you can turn on the “Enhanced Call Privacy” option in X’s messaging settings. By turning this setting on, part that has this setting enabled will be masked.”
A screenshot of the settings for the X audio and video calling feature for iOS. Image credits: TechCrunch
A screenshot of the settings for the X audio and video calling feature for Android. Image credits: TechCrunch
X doesn’t mention encryption at all on the official help center page, so the calls are probably not end-to-end encrypted, which could allow Twitter to listen in on conversations. End-to-end encrypted apps, Signal or WhatsApp: Prevent anyone other than the caller and recipient from listening in, including WhatsApp and Signal.
We asked X’s press email if there is end-to-end encryption. The only response we received was: “Busy now, check back later,” X’s default automatic response to media queries. We also emailed X spokesperson Joe Benarroch but received no response.
Due to these privacy risks, we recommend disabling the calling feature completely.
In case you want to use this call, it is important to understand who can call you and who you can call; and depending on your setup, it can be very confusing and complicated.
The default setting (as you can see above) is “People you follow”, but you can choose to change it to “People in your address book” if you’ve shared your contacts with X; “Verified users”, which would allow anyone who pays for X to call you; or all, if you want to receive unwanted calls from any rando.
TechCrunch decided to test several different scenarios with two X accounts: a newly created test account and a long-standing live account. Using the open source network analysis tool Burp Suite, we were able to see network traffic flowing in and out of the X application.
Here are the results (at the time of writing):
- When no accounts follow each other, none see the phone icon and therefore none can call.
- When the test account sends a DM to the real account, the message is received but neither account sees the phone icon.
- When the live account accepts the DM, the test account can call the live account. And if no one answers, only the IP of the caller on the test account is exposed.
- When the test account initiates a call and the live account answers (exposing the live account’s IP address, i.e. both sets of IP addresses), the test account cannot call back because it is configured to allow calls. starters to “follow”. only.
- When the live account follows the demo account, both can communicate with each other.
Network analysis shows that X created the calling feature using Periscope, Twitter’s app and live streaming service. which was discontinued in 2021. Because X’s call uses Periscope, our network analysis shows that application
Ultimately, you choose whether you want to use X Calling. You can’t do anything, potentially exposing you to calls from people you probably don’t want to receive calls from and potentially compromising your privacy. Or you can try limiting who can call you by deciphering your X settings. Or, you can disable the feature entirely and not have to worry about any of this.
Carly Page and Jagmeet Singh contributed reporting.