Twitter improves security with eye on stopping snooping
(MoneyWatch) Last Friday, Twitter announced on its blog that it was stepping up its security practices by enabling forward security for traffic on Twitter.
Forward security -- known officially as "perfect forward security" -- is a somewhat arcane principle in the field of data encryption, but it has significant implications for people who rely on encryption for exchanging private information. In simple terms, forward security ensures that any particular session key -- used to unlock encrypted data -- will not be compromised if the long-term key for that account is compromised. That means that if bad guys (or the NSA, perhaps) compromises any single encryption key, only the session associated with that key is lost -- not the entire account.
Says the Twitter blog:
"If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic."
The Twitter blog does not specify what adversary the site is explicitly defending its data against, though pundits like Tech Crunch agree that the NSA is the most likely organization likely to be caching large volumes of data in hopes of decrypting it later.
Twitter isn't the first online service to move to forward security. Google made a similar change with Gmail last year, for example, and it's a technology endorsed by the Electronic Frontier Foundation. Facebook is expected to follow soon. So while Twitter is clearly on the leading edge of this kind of security enhancement today, it's likely just a matter of time before most essential security services follow suit, making it harder for hackers and intelligence agencies to mine your data.
Dave Johnson
View all articles by Dave Johnson on CBS MoneyWatch »
Dave Johnson is editor of eHow Tech and author of three dozen books, including the best-selling How to Do Everything with Your Digital Camera. Dave has previously worked at Microsoft and has written about technology for a long list of magazines that include PC World and Wired.
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
