Twitter ramps up security for users – says its approach should be “the new normal”

Twitter has unveiled a serious security upgrade to protect its users’ data from cyber-snooping – and has said that this approach should be “the new normal for web service owners.”

In a technical blog post which linked to privacy group the Electronic Frontier Foundation’s site, the social network said, “Forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice.”
The new technology makes it more difficult to intercept traffic over a secure HTTPS connection, adding a further layer of protection for users. Perfect Forward Secrecy is explained further in Twitter’s technical post here.

Google, Dropbox, Facebook and Tumblr have all already implemented the technology, which may make it difficult even for state-backed agencies to intercept data, and LinkedIn is understood to be in the process of introducing it, according to The Guardian.

In its blog post, Twitter’s Jacob Hoffman-Andrews wrote, “ If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”

The blog post continues, “At the end of the day, we are writing this not just to discuss an interesting piece of technology, but to present what we believe should be the new normal for web service owners. Security is an ever-changing world. Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world.”
Forbes’ Larry Magid points out that while the encryption may help “protect against snoops”, mentioning the NSA, ‘“Of course, encryption can — at best — only protect you against data that you keep private. Don’t expect any privacy when it comes to your public Tweets now or in the future.
Techdirt says that the detailed post was “clearly not written by a PR person”, and praises the approach – but raises concerns that the encryption used may not actually be as bulletproof as Twitter claims.

ESET Security Researcher Stephen Cobb offers advice for small businesses on encryption and security in the wake of recent revelations about state-sponsored spying in a detailed how-to here.