Twitter
has unveiled a serious security upgrade to protect its users’ data from
cyber-snooping – and has said that this approach should be “the new
normal for web service owners.”
In a technical blog post which linked to privacy group the Electronic Frontier Foundation’s
site, the social network said, “Forward secrecy is just the latest way
in which Twitter is trying to defend and protect the user’s voice.”The new technology makes it more difficult to intercept traffic over a secure HTTPS connection, adding a further layer of protection for users. Perfect Forward Secrecy is explained further in Twitter’s technical post here.
Google, Dropbox, Facebook and Tumblr have all already
implemented the technology, which may make it difficult even for
state-backed agencies to intercept data, and LinkedIn is understood to
be in the process of introducing it, according to The Guardian.
In its blog post, Twitter’s
Jacob Hoffman-Andrews wrote, “ If an adversary is currently recording
all Twitter users’ encrypted traffic, and they later crack or steal
Twitter’s private keys, they should not be able to use those keys to
decrypt the recorded traffic.”
The blog post continues, “At the end of the day, we are writing this
not just to discuss an interesting piece of technology, but to present
what we believe should be the new normal for web service owners.
Security is an ever-changing world. Our work on deploying forward
secrecy is just the latest way in which Twitter is trying to defend and
protect the user’s voice in that world.”Forbes’ Larry Magid points out that while the encryption may help “protect against snoops”, mentioning the NSA, ‘“Of course, encryption can — at best — only protect you against data that you keep private. Don’t expect any privacy when it comes to your public Tweets now or in the future.
Techdirt says that the detailed post was “clearly not written by a PR person”, and praises the approach – but raises concerns that the encryption used may not actually be as bulletproof as Twitter claims.
ESET Security Researcher Stephen Cobb offers advice for
small businesses on encryption and security in the wake of recent
revelations about state-sponsored spying in a detailed how-to here.
No comments:
Post a Comment