Twitter buys secure communications company that helped hack the Arab Spring

Twitter has bought a company called Whisper Systems, who make a secure version of the Android operating system as well as suites of privacy tools that are intended to protect demonstrators, especially participants in the Arab Spring. Many speculate that the acquisition was driven by the desire to hire CTO Moxie Marlinspike, a somewhat legendary cryptographer.

At first blush, the move is a bit baffling. Twitter, the quintessential consumer internet service, would seem to have little need for a company that has revamped Android security from the ground up for business use. But the micro-blogging site may simply be acquiring Whisper Systems for its talent — including Marlinspike, who serves as the startup’s chief technology officer, and roboticist Stuart Anderson — and the two companies do have a certain affinity. Both pride themselves on the support they’ve provided to protesters in the Middle East.

Security and privacy guru Chris Soghoian believes Twitter may have brought Moxie Marlinspike into the fold because the micro-blogging site has developed a reputation for not having the best security. Marlinspike is an expert in SSL (secure sockets layer) encryption, and Twitter — which has yet to turn on SSL by default for all users — could use his skills to lock down its services and make life harder for phishers.

I've been worried lately about the crumbling infrastructure of the SSL system, and what it means for our ability to communicate in private, to conduct banking and ecommerce, and to have any assurance of identity online. I've been asking all the security/crypto supernerds I know about this for a few months, and to a one, they've mentioned Marlinspike's Convergence and said, effectively, "I'm not sure if it'll solve this, but there's nothing else I have any hope for."

Twitter Buys Some Middle East Moxie (Thanks, Larry!)


  1. Cory, it’s surprising that you’d say that about convergence without also mentioning (which isn’t implemented yet, but seems like a better approach to me).

    I’m really glad this acquisition has happened, since it has resulted in the surprising revelation (to many people, at least; I didn’t know and I don’t see it written anywhere) that Moxie’s RedPhone requires his server to operate (which is temporarily offline during the transition period)!

    Moxie is obviously a very smart guy; I really wish he would stop promoting the crazy notion that closed-source crypto software is in any way credible.

    1. Thank you very much CryptoUser! I’ve been researching solutions to public key infrastructure and its problems during the last months. I’ve evaluated the Perspectives project,  and Moxie’s implementation as Convergence is what I’m currently implementing myself in a client software. Now I’d kick myself for not stumbling upon The Sovereign Keys project earlier, thank you so much for sharing!

  2. I think they bought the company just so people at Twitter could introduce their new employee: Moxie Marlinspike. Seriously, that is the best name.

Comments are closed.