Twitter Inc (NYSE:TWTR) strengthened its security to protect users from “apex predators” of the internet and from government eavesdropping by implementing the “forward secrecy” for traffic on its app, desktop, and mobile platforms.
The new security measure by Twitter (NYSE:TWTR), provides additional layer of protection to the traditional confidentiality and integrity properties offered by HTTPS encryption, which is generally used by financial institutions particularly in online banking.
In a blog post, Jacob Hoffman-Andrews, a security engineer at Twitter said implementing forward secrecy is increasingly important given the current condition of the internet as pointed out by the Electronic Frontier Foundation.
The forward secrecy encrypts every exchange of information over the internet. A disposable key is created for every web session. In order to access the data stored in the key, it needs to be decrypted.
“If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic,” said Andrews.
Andrews emphasized, “Forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice.” He added that the deployment of the new security measure is Twitter’s latest way to defend and protect the voice of its users worldwide.
Furthermore, Andrews explained. “We are trying to create a new norm for what it means to be a secure website. It makes it harder for anyone attempting a large-scale cryptographic attack, but this is not just about the NSA. There’s more than one apex predator on the internet, including terrorists and groups outside of government – anyone well-funded could use the same techniques”
According to Chester Wisniewski, senior security adviser at Sophos, a number of major website owners stepped up in protecting users’ data in the wake of Snowden leaks. He added, “The people working on the next generation of web standards are considering making encryption of all web traffic the default. Most of the movement towards improved security and privacy is long overdue.”
Some of the technology companies that are already using perfect forward secrecy to protect the information of users include Google Inc (NASDAQ:GOOG) and Facebook Inc (NASDAQ:FB).
Andrews encourage web masters to use increase their website security beyond HTTPS by implementing HTTP Strict Transport Security, secure cookies, certificate pinning and forward secrecy.