This is just as broken as the original. Links on twitter are redirected through, which twitter controls. That’s not more trustworthy than The website of the guardian could be hacked into. A man in the middle could happen with SSH as well, because governments can serve you a fake DNS record for the guardian’s website, and impersonate the website by using a forged certificate (the NSA is a CA, and other CAs can be compromised, too). Encrypted emails can be monitored for metadata (sender/recipient/subject/time) while they transit in untrusted networks. Connections to HTTPS servers can also be monitored for metadata. The whole PGP web of true concept exists for just that reason; Alan Rusbridger could simply get his key signed by sufficiently many people ; or he could post his key id in plenty of places ; for example, in a printed issue of the guardian, in a video, on the front of the Guardian’s building, etc.