Call us on:
01392 349 580

Twitter Foiling Eavesdroppers With Forward Secrecy Technology

Twitter is adding some teeth to its security to help protect users’ privacy.

The micro-blogging site is one Internet company in a long line of its peers to implement security measures designed to repel the efforts of hackers and federal law enforcement agencies like the NSA.

“As part of our continuing effort to keep our users’ information as secure as possible, we’re happy to announce that we recently enabled forward secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com,” Twitter announced in a blog post.

“On top of the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property. If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”

While Twitter did not specifically announce the measures were put in place because of NSA spying, it did hint at it and provided a link in its blog to an article by the Electronic Frontier Foundation.

Below is an excerpt from the article by EFF activist Parker Higgins.

How can perfect forward secrecy help protect user privacy against that kind of threat? In order to understand that, it’s helpful to have a basic idea of how HTTPS works in general. Every Web server that uses HTTPS has its own secret key that it uses to encrypt data that it sends to users. Specifically, it uses that secret key to generate a new “session key” that only the server and the browser know. Without that secret key, the traffic traveling back and forth between the user and the server is incomprehensible, to the NSA and to any other eavesdroppers.

But imagine that some of that incomprehensible data is being recorded anyway—as leaked NSA documents confirm the agency is doing. An eavesdropper who gets the secret key at any time in the future—even years later—can use it to decrypt all of the stored data! That means that the encrypted data, once stored, is only as secure as the secret key, which may be vulnerable to compromised server security or disclosure by the service provider.

Twitter said it is hoping forward secrecy will become the “new normal for Web service owners.”

“If you are a webmaster, we encourage you to implement HTTPS for your site and make it the default,” the post reads.

“Security is an ever-changing world. Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world.”

Jennifer Cowan is the Managing Editor for SiteProNews.

This article was taken from: sitepronews.com

 

Leave a Comment

Want to join the discussion? Please fill out the form below to leave your comments on this article.