Twitter adds extra security to thwart spying

Twitter has implemented new security measures to makes it harder to spy on its users, and called on other internet firms to do the same.

The online messaging service, which began scrambling communications in 2011 using traditional HTTPS encryption, said it has added an advanced layer of protection for HTTPS known as "forward secrecy."

"A year and a half ago, Twitter was first served completely over HTTPS," the company said in a blog post. "Since then, it has become clearer and clearer how important that step was to protecting our users' privacy."

Twitter's move is the latest response from US internet firms following disclosures by former spy agency contractor Edward Snowden about widespread, classified US government surveillance programs.

Facebook, Google, Microsoft and Yahoo have publicly complained that the government does not let them disclose data collection efforts. Some have adopted new privacy technologies to better secure user data.

Forward secrecy prevents attackers from exploiting one potential weakness in HTTPS, which is that large quantities of data can be unscrambled if spies are able to steal a single private "key" that is then used to encrypt all the data, said security expert Dan Kaminsky.

The more advanced technique repeatedly creates individual keys as new communications sessions are opened, making it impossible to use a master key to decrypt them, Kaminsky said.

"It is a good thing to do," he said. "I'm glad this is the direction the industry is taking." 

Twitter implored webmasters to implement HTTPS as the default for their websites.

"If you already offer HTTPS, ensure your implementation is hardened with HTTP Strict Transport Security, secure cookies, certificate pinning, and forward secrecy. The security gains have never been more important to implement," it said in the post.

"If you don’t run a website, demand that the sites you use implement HTTPS to help protect your privacy, and make sure you are using an up-to-date web browser so you are getting the latest security improvements."