Is it time for social media posts to have digital signatures?

How would this even work? Normally for such signatures there is either a hierchy of trust (ssl) or you know them personally (PGP). Even if there was a working model, if Twitter itself got hacked, an account could just claim they lost their key and made a new one.

In my opinion that definitely will help theoretically! But a significant number of users will find it complicated to use, in a business point of view implementing something that compromises user-friendliness isn't a good strategy. Probably this is one reason why blockchain based dApps are yet far from being mainstream. Majority of users of mainstream social network/email don't even use MFA to secure their accounts.

Yep signed tweets solve this and it doesn’t need to be perfect, it can even be partially automanaged by Twitter infrastructure just to restrict staff.

This feature - social media comment authentication - substantially exists already on Twitter. It also already involves cryptography.

Under the current flow, tweets by notable people are authenticated if their profiles have the blue check mark. In turn, Twitter is authenticated by the TLS connection between your web browser and the server located at twitter.com, which is itself attested by one of a selection of certificate authorities you trust. A security compromise in Twitter should break your trust in the blue check mark authentication "scheme", just as a breach in a certificate authority should undermine your trust in the certificates it signs.

Suppose you want to augment this chain of trust with additional cryptography. You stand up a public key infrastructure (PKI) with unique public/private key pairs corresponding to every Twitter account. Each tweet is now digitally signed with the private key of its account owner, and the tweet view features a small tooltip which allows you to view the signature and the public key.

How do you augment this system so it's robust against a user's account being compromised? You could enforce two-factor authentication, sure. But if an individual account is successfully compromised, the attacker will be able to post arbitrary tweets with valid signatures corresponding to the victim's account, unless you segregate the signing functionality from the posting functionality. This puts us back to where we are now, but with more software to support and maintain.

What if we design this system to be robust against account takeover? We can make it so that every tweet requires a signature based on something only the real account owner owns. For example you could move the private key onto a Yubikey, which doubles for two factor authentication. Then a user needs to use the Yubikey to sign each tweet at post time. This incurs a significant usability barrier, but it might still be attractive to a small set of paranoid users. However the threat model it's defending against is not very compelling, because if you already have a hardware security token for producing digital signatures, your two factor authentication is robust anyway. Signing tweets in this way reduces to just authenticating with that token when you log into the account.

Finally, how do you defend against Twitter itself being compromised? This is what happened today. Assuming Twitter is being trusted to run this PKI, a compromise in Twitter is still going to undermine your trust in the authenticity of any given tweet. That again brings us back to where we currently are, but with more complex software to maintain and nontrivial performance cost.

It's an interesting idea, but I don't think the juice is worth the squeeze.

yes, it would help

yes