Twitter adds security enhancements to thwart unwanted snooping
Twitter added Perfect Forward Secrecy to its line of defense. This security has been added to the network’s main page, its APIs and mobile.twitter.com. This augments the HTTPS properties already in use.
This latest addition is designed to protect data after the fact. “If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”
Twitter announced this change along with a tweet saying, “Forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice.”
How does this work? We will leave the granular details accessible at the source link (for you super-nerds, see below), but it boils down like this: Under traditional secure browsing sessions (https:// - hyper-text transfer protocol secure), the client (your browser or app) chooses a random session key which is decrypted by the server’s public key.
With forward secrecy, Diffie-Hellman cipher suites are enabled, the client and server share a random session key without sending the key across the network. This will prevent what are called “man in the middle” attacks or interference.
What does this mean to users? Not a whole lot, at least not in the US anyway. Other countries regulate the internet differently. Twitter, along with other leading web services, have been stepping up their game in the wake of Edward Snowden and the NSA scandals that are still fresh in a lot of people’s minds.
Twitter referred to this development as the “new normal” and encourages other services to follow the need, “At the end of the day, we are writing this not just to discuss an interesting piece of technology, but to present what we believe should be the new normal for web service owners. A year and a half ago, Twitter was first served completely over HTTPS. Since then, it has become clearer and clearer how important that step was to protecting our users’ privacy.”
sources: Twitter via Forbes