Twitter recognized by Online Trust Alliance

Wednesday, 6 June 2012

Early on, the Internet was built on people trusting people. When it was first deployed as the ARPANET, the operating environment was such that the users could just trust the network. Obviously, much has changed, but not our need to trust the Internet — it just takes a lot more effort now.

The Online Trust Alliance (OTA), a global non-profit that works to enhance online trust across the entire ecosystem, encourages online services to develop comprehensive trust programs. Every year, the OTA issues an Online Trust Scorecard recognizing companies and services that have adopted key technologies to help protect users’ privacy and identity from abuse.

We’re very pleased that this year the OTA has recognized Twitter as a service that has scored high marks in all the measures they evaluate, and therefore has added us to their Honor Roll.

In its evaluation process, the OTA looks at a number of technical and policy measures that include:

  • EV Certs. Think of Extended Validation certificates as the Verified Profile for websites. They help web users know they’re on the real site and not an impostor or spoof site. Take a look at your browser bar when you visit twitter.com. See that green highlight? That’s the way you know you are on the real Twitter site. Always look for this when surfing to twitter.com.

    Twitter recognized by Online Trust Alliance

  • Always-On HTTPS. Take another look at the browser bar. That “s” after the “http” means we’ve turned on encryption between the web browser and Twitter. This makes it more difficult for third party attackers to eavesdrop on your activity. 
  • Email Authentication. Similar to what EV certs provide to websites, email authentication enables ISPs and Inbox providers to verify that messages from a sender are indeed from the that sender. We include email authentication on all email we send so that ISPs can be certain they are genuine Twitter messages. We’re very pleased to receive this recognition from the OTA. You can find out more about implementing OTA trust and security measures in this resource section

Posted by Bob Lord, Head of Security - @boblord