Science and Tech

Actions

Twitter Toughens Security Against NSA Snooping

Twitter has begun using forward secrecy to encrypt its traffic on a session-by-session basis.
Posted at 11:17 AM, Nov 23, 2013

Twitter has added an extra layer of security for all of its traffic using a technique called forward secrecy.

It secures connections through Twitter's website, mobile applications and API. This technique layers on top of HTTPS, the protocol already in use to encrypt information like home banking, Google searches and, yes, Twitter traffic.

The New York Times explains this new encryption scrambles each session — each time you log in to post a tweet, for example — with its own private key.

This makes unscrambling all communications much more difficult. Instead of cracking one umbrella encryption and getting access to everything it secured — which is possible under standard HTTPS — each session has to be unscrambled individually.

Twitter isn't naming names in its blog post, but SlashGear says given the revelations of the NSA's ongoing data collection programs, this move is to keep the government out of user data just as much as any malicious actor.

 

"Says Twitter, this announcement is to, in part, bring to light what it feels should be 'the new normal' for websites."

Forward secrecy does require more time and computer resources to generate its encryption. CNET says users should expect to add "about 150 milliseconds in the US and up to a second in countries that are farther away from Twitter's servers."

But The EFF believes the improved security is well worth the hassle, calling it "an important improvement that protects users."

And Twitter is in good company. Google was the first Web giant to widely implement forward secrecy, in 2011. Facebook has announced plans to follow suit in the coming months.