back to article Twitter fires up stronger, anti-snooping encryption for its millions of twits

Twitter says it has rolled out stronger encryption to safeguard its users' connections from eavesdroppers. The micro-blogging ad-pusher said it has switched on "forward secrecy" for traffic to and from its desktop and mobile websites and its app interface; this goes beyond the protections afforded by traditional HTTPS. …

COMMENTS

This topic is closed for new posts.
  1. Tom 35

    Can't have the NSA just scooping stuff off the wire

    Make them pay us for the data they want.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can't have the NSA just scooping stuff off the wire

      Nah, it's pure privacy theatre. As I have said probably a gazillion times by now, crypto is actually entirely irrelevant if any official can legally demand they get the raw data. I'm not sure how much power they have to order a version with a backdoor to be created, but Twitter is IMHO too big to risk saying no and face being closed down.

      Oh, and as for really caring about client privacy, umm, I don't think so:

      ; <<>> DiG 9.8.3-P1 <<>> twitter.com mx

      ;; global options: +cmd

      ;; Got answer:

      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58910

      ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

      ;; QUESTION SECTION:

      ;twitter.com. IN MX

      ;; ANSWER SECTION:

      twitter.com. 600 IN MX 20 alt1.aspmx.l.google.com.

      twitter.com. 600 IN MX 20 alt2.aspmx.l.google.com.

      twitter.com. 600 IN MX 30 ASPMX2.GOOGLEMAIL.com.

      twitter.com. 600 IN MX 30 ASPMX3.GOOGLEMAIL.com.

      twitter.com. 600 IN MX 10 aspmx.l.google.com.

      QED.

      1. Anonymous Coward
        Anonymous Coward

        '; <<>> DiG 9.8.3-P1 <<>> twitter.com mx'

        In the Bitcoin news today someone made a request to have BitCoins converted into London buses for simplicity. Can someone do the same for this Dig log please? What is the log saying, and what's the tie in between Twitter and Google? cheers...

  2. MrT

    Keeping secrets...

    ...isn't exactly what Twitter is about.

    They're protecting user account details with this move, and it would be good to see similar moves from others, but the way it's being reported you'd think Twitter was being used to transmit state secrets.

    Now if regular email suddenly switched to using similar encryption for all traffic, regardless of provider, that would be far more significant.

    1. Brian Miller

      Re: Keeping secrets...

      Hmmm, tweets from the twitterati that nobody can read.

      Is there a down side to this?

  3. Old Handle

    It may not be much, but at least they're doing something that could plausibly make a difference. It's better than Google, Yahoo and Microsoft who complain about the government not letting them reveal details of the snooping, but completely cooperate with it anyway.

    1. Anonymous Coward
      Coffee/keyboard

      I thought that elliptical curves were weak

      Because the NSA chose the points on the curve.

    2. JeevesMkII

      Doing what exactly?

      TLS implemented well is more than enough to keep even professional criminals from eavesdropping on your traffic. I'd far sooner trust Twitter to use OpenSSL or GnuTLS according to the instructions than I would them implementing their own cryptosystem. Frankly, they're almost bound to have got it wrong somewhere.

      It does nothing to keep the real problem at bay, that being government agents bearing rubber-stampted court orders, and adds a real element of risk that they've fucked it up and made themselves vulnerable to actual, feasible attacks rather than the largely theoretical bullshit attacks against TLS 1.1.

      Why not just deploy TLS 1.2 everywhere and wait for browsers to catch up in support?

  4. Anonymous Coward
    Happy

    El Reg Fires Up Encryption for its Millions of Readers and Commentards

    That would be nice.

    1. Simon Harris

      Re: El Reg Fires Up Encryption for its Millions of Readers and Commentards

      I thought El Reg had been encrypting AManFromMars's comments for ages.

  5. Anonymous Coward
    Anonymous Coward

    The security services are shooting themselves in the foot. From now on a battle is raging between privacy and their security work. All manner of technology and software is going to be developed to keep things private.

    If they had only focused on the criminals and terrorists then it wouldn't have been so bad.

    1. Destroy All Monsters Silver badge
      Big Brother

      People minding your own business.

      If they had only focused on the criminals and terrorists then it wouldn't have been so bad.

      But they did!

      It just turns that the "criminal and terrorist" turns out to be YOU.

      No state-sponsored surprises here, of course.

      1. Jan 0 Silver badge
        Pirate

        Re: People minding your own business.

        Never forget: "We are the people our parents warned us against."

  6. bpfh
    WTF?

    ...and the point is?

    Encrypting messages in transit so no-one can read them off the wire... When 1 second later they can read them from the website instead where they are publicly displayed...?

    1. Matt Bryant Silver badge
      Boffin

      Re: ...and the point is?

      "Encrypting messages in transit....." They are just encrypting logins because there have been an embarrassing number of account hijackings. If the Twatterati stop trusting the login mechanism then they will stop Twattering and Twatter loses all that ad revenue. In reality it is still pretty pointless if most Twatterati continue to use insecure passwords such as their pet's name, etc.

  7. bpfh
    Thumb Up

    @Matt Bryant

    That is reasonable enough, I just got the impression it was for everything. Just 2 more points: as you said, stop using pen15 as a password and hope your infrastructure does not have any/many 0-days that can be exploited!

    1. Matt Bryant Silver badge
      Joke

      Re: bpfh Re: @Matt Bryant

      I can't possibly use my pen15 as a password, it's too long!

  8. dssf

    How criminal or illegal would it be

    For an indignant, factually-non-criminal to say, "If I catch whoever is planting trojans, spyware, and remote controls on my devices, I will put a "capture and 1-leg-break/6-finger-mangle" bounty on YOU, your boss, and you next two suborninates" if said person could demonstrate an ability to find, out, and display the suspected exploits his/her devices?

  9. bigtimehustler

    With Twitter, all thats matters is post information, so IP addresses and geo data. Ultimately geo data is public anyway on the site, much as the tweet content is, so all that needs to be protected is the IP address. What else matters? They could just stop logging IP's against sent messages, problem solved.

  10. Paul 87
    Joke

    Additional security on a service designed to publically broadcast information, that's paid for by said company reading the information sent to it and selling "appropriate" advertising alongside it.

    You might as well send everything in plaintext!

  11. Sanctimonious Prick

    Whatever!

    Absolutely useless. The secret courts of the USA make this so. This is damage control, no two ways about it.

    IF you really want to protect users, move your servers and your business to a location where there are no secret courts to secretly steal user information.

    Also, make sure you do not use any Microsoft software, nor any Cisco hardware.

    As an up and coming IT security professional, that is the only recommendation I could ever make to clients where security is a concern.

    Full Stop!

  12. JaitcH
    FAIL

    As long as there is a ...

    PATRIOT Act, or similar, ANY attempt of concealing everything from US Government eyes is doomed to failure as long as Twitter servers reside in the USA.

    So what is the point of this?

    1. Anonymous Coward
      Anonymous Coward

      Re: As long as there is a ...

      I think you'll find the location of servers is irrelavent if under the control of a us entity. Twitter would have to sell itself to Tencent or Baidu...

This topic is closed for new posts.

Other stories you might like