How Twitter could (somewhat) fix their encrypted DMs

Twitter's encrypted DM infrastructure has security flaws where keys could be swapped without user detection. The system could be improved by proving keys were generated in hardware security modules and embedding them in clients. However, web-based clients remain vulnerable to targeted attacks.