Twitter is following the lead of Facebook and Google by adding new encryption features provided by the HTTPS Internet protocol to improve security.
At
long last, Twitter is rolling out HTTPS to provide a layer of security for
users looking for a way reduce the chances that hackers will eavesdrop on their
social networking.
Users
now have the option to choose the application security setting to always use
HTTPS when accessing Twitter.com,
Carolyn Penner, a Twitter spokesperson, wrote in a blog post late afternoon
on March 15. While users have had the option to use HTTPS by going to
https://www.twitter.com, the company decided to make it simpler by just adding
the option to always use the secure protocol, according Penner.
"We're
taking an important step to make it easier to manage the security of your
Twitter experience," wrote Penner.
HTTPS
is the default setting for a "number of clients and activities," such
as the official Twitter for iPhone and iPad mobile applications. Regardless of
whether the user has the option enabled, the actual log-in process is done over
HTTPS, according to Penner. The option forces the browser to maintain the HTTPS
connection the entire time the user is on the site. "In the future,
we hope to make HTTPS the default setting," she said.
The
user setting for HTTPS is available as a checkbox at the bottom of the account
settings page "Always use HTTPS." Once enabled, whenever the user
accesses the Twitter Website, their connection will be encrypted, even if they
are connecting over an unsecured Internet network, such as a public hot spot,
Penner said.
The
option does not currently apply for users accessing Twitter from a mobile
browser, Penner said. Mobile users will need to go to
https://mobile.twitter.com for the time being, but the company is working to
roll out the security setting for mobile devices as well, according to Penner.
Third-party
applications, such as HootSuite and TweetDeck, will be responsible for
implementing and maintaining HTTPS for their applications, according to
Twitter.
Twitter's
latest security move comes after the Federal
Trade Commission finalized the settlement with the microblogging site to
establish a rigorous information security policy to protect user accounts.
One
person who will likely applaud Twitter's move is U.S. Sen. Charles
Schumer, who reportedly sent letters two weeks ago to Amazon, Twitter and
several other popular Websites about switching to the more secure protocol. As
users increasingly take advantage of open WiFi connections at bookstores and
coffee shops, the sites need to secure log-in credentials and user credit card
information, Schumer said.
For
Firefox users, Twitter over HTTPS was already a reality as an "HTTPS
Everywhere" Firefox extension. The extension rewrote all requests to a
wide range of sites to using the HTTPS protocol.
"We
wanted a way to ensure that every search our browsers sent was encrypted,"
said Peter Eckersley, senior technologist at the Electronic Frontier
Foundation, who worked on the plug-in.
Twitter
is following what other companies have done recently. Google made HTTPS the
default for all Gmail
in January 2010, and Facebook rolled out the option for users in February this
year. While a lot of security experts would have liked to see HTTPS as the default
on the social networking site, it was still better than nothing.
Email
Print
