All the latest UK technology news, reviews and analysis


Twitter switches on ‘forward secrecy’ to protect user privacy

25 Nov 2013
twitter-tech

Twitter has announced new security measures designed to make it impossible for cyber criminals and spy agencies to steal encrypted data on its users.

Twitter said in a blog post that it had enabled ‘forward secrecy’ across all versions of its site in order to make sure huge swathes of data cannot be siphoned off and read, including private direct messages.

“We recently enabled forward secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com. On top of the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property,” the firm said.

“If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”

It has done this by using a security cipher called EC Diffie-Hellman. This removes the need for an encryption key to be sent between a client and a server as this can be intercepted by a third party and used to unencrypt data.

“The client and server manage to come up with a shared, random session key without ever sending the key across the network, even under encryption,” Twitter explained. “The server’s private key is only used to sign the key exchange, preventing man-in-the-middle attacks.”

The firm called on other web services to follow the implementation of forward secrecy as a vital step to protect online users from criminals and government spies.

“Security is an ever-changing world. Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world,” it said.

Many technology giants are taking action against government spying in the wake of the PRISM scandal, with Yahoo announcing last week that it would encrypt all traffic being sent to and from its network following claims that traffic from its systems had been monitored by spy agencies.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
14%
3%
10%
4%
23%
4%
42%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Transformation Programme Architect

Transformation Programme Architect required to provide...

Solutions Architect

Solution Architect Harvey Nash are recruiting for...

Digital Solutions Architect

Digital Solutions Architect Harvey Nash are working...

Front-End UI/UX Developer (HTML5, CSS, JavaScript, jQuery, Ang

Front-End UI/UX Developer (HTML5, CSS, JavaScript, jQuery...
To send to more than one email address, simply separate each address with a comma.