Twitter is adding more security for traffic on its websites and mobile applications to make it more difficult for an “adversary” to record encrypted traffic. The change, called Perfect Forward Security, will work in conjunction with the TLS and SSL protocols the company already uses to protect logins and the transmission of data on its network.
In a blog post, Twitter’s Jacob Hoffman-Andrews shared the technical details of the new security blanket, which was based on the EC Diffie-Hellman cipher suites, which allows the client and server to have an encrypted session without ever sending the encryption key across the network.
Also, should anyone be able to crack or steal Twitter’s private keys, they won’t be able to use them to decrypt traffic that has already been recorded. While there was no mention of the National Security Agency in Twitter’s blog post, it’s likely the change is a response to several reports that the government agency is spying on Americans using collection tools that allow them and other government agencies to access unencrypted data.
According to the leaks by Edward Snowden, a former NSA contractor, the agency can also collect encrypted data in the hopes that they will be able to decrypt it and add it to a searchable stockpile of information. In response to the leaks, Google and Facebook already announced extra measures they are taking or will take to protect user data.