Twitter wants to keep NSA out with 'Perfect Forward Secrecy'
Twitter is showing its users that it cares about their privacy, by implementing an additional security layer in its services that makes it a harder prey for unauthorized access. The layer of protection that is added for HTTPS is known as "Perfect Forward Secrecy."
The move by the microblogging site has come at the time when the internet is buzzing about unethical spying on users' data by government intelligence agencies.
"Perfect Forward Secrecy" has been implemented by Twitter on its web and mobile platforms. It addresses a potential weakness of HTTPS. The present system has a loophole that can let intruders have a record of the encrypted conversation that took place between server and the user. Although the recorded data cannot be read, after innumerable attempts, it might be decrypted.
In "Perfect Forward Secrecy," the data encryption is based on two shore-lived keys. That said, even if someone has the access to server key, the data cannot be later recovered.
Twitter in its blog post also encouraged other web masters to implement the standard.
"If you are a webmaster, we encourage you to implement HTTPS for your site and make it the default. If you already offer HTTPS, ensure your implementation is hardened with HTTP Strict Transport Security, secure cookies, certificate pinning, and Forward Secrecy. The security gains have never been more important to implement."
Because of the additional security, it will take about 150 milliseconds longer for the users in U.S. for connecting to Twitter. Countries that are far from the Twitter servers might face a second or two lag. But the lag is worth it, as two Twitter engineers explained.
Twitter shares closed down 2.52 percent at $41.00 at the NYSE on Friday.