Twitter Inc said it has implemented a security technology that makes it harder to spy on its users and called on other Internet firms to do the same, as Web providers look to thwart spying by government intelligence agencies.
Twitter followed in the footsteps of Google and Facebook, adding a layer of security called Perfect Forward Secrecy to protect data that users would like kept from prying eyes.
“On top of the usual confidentiality and integrity properties of HTTPS, Forward Secrecy adds a new property,” Twitter explained in a blog post on Friday.
“If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”
The non-profit Electronic Frontier Foundation is among online rights champions who advocate for this kind of added protection on personal Internet traffic, according to San Francisco-based Twitter.
“We are writing this not just to discuss an interesting piece of technology, but to present what we believe should be the new normal for web service owners,” Twitter said of the announcement.
“A year and a half ago, Twitter was first served completely over HTTPS,” the company added. “Since then, it has become clearer and clearer how important that step was to protecting our users’ privacy.”
US Internet titans whose businesses are based on maintaining the trust of users have been kept to strengthen privacy protection in the wake of disclosures of broad scale cyber spying by the National Security Agency.
Former NSA contractor Edward Snowden revealed US surveillance on a global scale, straining Washington’s ties with key allies and putting pressure on Internet firms to show people that their online privacy is being guarded.
Among the disclosures were spy tools for decoding data and a practice of saving encrypted information so that it might be unscrambled in the future.
Forward secrecy prevents attackers from exploiting one potential weakness in HTTPS, which is that large quantities of data can be unscrambled if spies are able to steal a single private “key” that is then used to encrypt all the data, said Dan Kaminsky, a well-known Internet security expert.
The more advanced technique repeatedly creates individual keys as new communications sessions are opened, making it impossible to use a master key to decrypt them, Kaminsky said.
“It is a good thing to do,” he said. “I’m glad this is the direction the industry is taking.”