14 DAY TRIAL // Ever since Edward Snowden started leaking information regarding the capabilities of governments to spy on Internet users, major companies appear to be determined to protect their customers’ privacy. Twitter is the latest company to implement new security measures.
On Friday, the social media giant announced that it recently enabled forward secrecy. The traffic on domains such as twitter.com, mobile.twitter.com and api.twitter.com will be much better protected.
HTTPS is a good way to make sure traffic is difficult to crack. However, by enabling forward secrecy, Twitter is ensuring that encrypted traffic is not vulnerable to cyberattacks.
When HTTPS is utilized, traffic is encrypted with a random session key, which in turn is encrypted using the server’s public key. This means that an attacker with access to the server’s private key can easily decrypt traffic.
This is where forward secrecy steps in. By enabling the Elliptic Curve Diffie-Hellman (ECDHE) cipher suites, Twitter is making sure that intercepted traffic cannot be decrypted even by someone who possesses the private keys.
This type of encryption is not susceptible to man-in-the-middle attacks because traffic is protected using a random session key that’s shared between the client and the server. The key is never sent across the network, and the server’s private key is only utilized to sign the exchange of session keys.
Twitter says the increase in CPU usage caused by the enabling and prioritizing of the cipher suites is negligible. So far, 75% of client requests are sent over ECDHE-protected connections. Most of the rest are older clients that don’t support the cipher suites.
“A year and a half ago, Twitter was first served completely over HTTPS. Since then, it has become clearer and clearer how important that step was to protecting our users’ privacy,” Twitter’s Jacob Hoffman-Andrews noted in a blog post.