Skip to main content

Google and Amazon are closing 'domain fronting' loopholes used to bypass web censorship

-

For years, governments around the world have tried to block various web services. This has often proved tricky in recent times, as the recent Telegram bans in Iran and Russia revealed. For example, Russia broke countless other sites while attempting to block Telegram, because they shared the same infrastructure (AWS, Google Cloud Messaging, etc).

To get around the Russia ban, Telegram opted to use "domain fronting," a popular method of bypassing censorship. Here's how Amazon defines it:

Domain Fronting is when a non-standard client makes a TLS/SSL connection to a certain name, but then makes a HTTPS request for an unrelated name. For example, the TLS connection may connect to "www.example.com" but then issue a request for "www.example.org".

Put simply, it allows web services to disguise their traffic as coming from another site. For example, the encrypted messaging app Signal was blocked in Egypt, Oman, Qatar, and UAE over a year ago. To circumvent the block, Signal used domain fronting with Google App Engine. This meant if governments wanted to block Signal, they had to block google.com entirely. This allowed citizens from those countries to use Signal again.

Unfortunately, both Google and Amazon are cracking down on domain fronting. This started when Tor discovered Google App Engine was no longer working for bypassing censorship. Meanwhile, Signal received an email from Google saying domain fronting would be blocked, so the project starting looking at other options. The organization decided on using Souq.com, an e-commerce site owned by Amazon that is incredibly popular in the Middle East.

Amazon quickly discovered what Signal was doing, and sent the following email:

Moxie,

Yesterday AWS became aware of your Github and Hacker News/ycombinator posts describing how Signal plans to make its traffic look like traffic from another site, (popularly known as "domain fronting") by using a domain owned by Amazon -- Souq.com. You do not have permission from Amazon to use Souq.com for any purpose. Any use of Souq.com or any other domain to masquerade as another entity without express permission of the domain owner is in clear violation of the AWS Service Terms (Amazon CloudFront, Sec. 2.1: "You must own or have all necessary rights to use any domain name or SSL certificate that you use in conjunction with Amazon CloudFront"). It is also a violation of our Acceptable Use Policy by falsifying the origin of traffic and the unauthorized use of a domain.

We are happy for you to use AWS Services, but you must comply with our Service Terms. We will immediately suspend your use of CloudFront if you use third party domains without their permission to masquerade as that third party.

Thank you,

[redacted]

General Manager, Amazon CloudFront

In other words, the two most popular options for domain fronting will no longer work. While Amazon and Google are completely within their right to block this behavior (since it puts them at risk), several human rights organizations are campaigning for the companies to reverse their decision.

Signal said in a blog post, "domain fronting as a censorship circumvention technique is now largely non-viable in the countries where Signal had enabled this feature. [...] If recent changes by large cloud providers indicate a commitment to providing network-level visibility into the final destination of encrypted traffic flows, then the range of potential solutions becomes severely limited."


#Google #Android #Smartphones #OS #News @ndrdnws #ndrdnws #AndroidNews

Popular Posts:

Apple is postponing new iOS features in favor of reliability and performance

-
Image
Apple has decided to postpone new features in iOS in favor of improving the reliability and performance of the operating system, as according to a report by Axios. According to the report, Craig Federighi, Senior Vice President, Software Engineering, announced the revised plan to employees at a meeting earlier this month. This pushes features like refresh of the homescreen and in-car user interface, improvements to core apps like Mail and camera experience to 2019. What we will get this year is improvements to AR, digital health and parental controls. Apart from that, the OS will largely feature improvements to performance and user experience. We have seen Apple do this with macOS in the past, where they dedicate one entire update cycle to just refining the OS and make existing features work better. However, we have never quite seen Apple do that on iOS. This is largely due to the hyper competitive nature of the mobile market where competition and customer demands push companies t
Continue Reading....

Do more from your inbox with Gmail Add-ons

-
Image
For many of us, email is mission control—the prompt to generate an invoice, prepare a presentation or follow up on a sales opportunity. With so many to-dos, imagine if you could complete these tasks directly from your inbox without interrupting your workflow. We believe email can do more, which is why we're launching Gmail Add-ons, a new way to work with your favorite business apps directly in Gmail. Gmail Add-ons, built for your workflows Rather than toggling between your inbox and other apps, use add-ons to complete actions right from Gmail. With Gmail Add-ons, your inbox can contextually surface your go-to app based on messages you receive to help you get things done faster. And because add-ons work the same across web and Android, you only need to install them once to access them on all of your devices. Click the settings wheel on the top right of your inbox and then "Get add-ons" to get started. We made Gmail Add-ons available in developer p
Continue Reading....

Collaboration request

-
Hi there How would you like to earn a 35% commission for each sale for life by selling SEO services Every website owner requires the use of search engine optimizaztion (SEO) for their websites. Think about it, this is really hot Simply register with us, generate your affiliate links and incorporate them on your websites, thats it. It takes only a few minutes to set up everything and the payouts are sent by each end of the month Click here to sign up with us, totally free: https://www.creative-digital.co/join-our-affiliate-program/ See you inside Tiffony
Continue Reading....

I/O is coming, get ready

-
Image
What's new in Google Play and Android Email not displaying correctly? View it online April 2024 Google I/O program details are now live Get a sneak peek at this year's 150+ sessions and learning content covering mobile, web, multi-platform development, and more. Be sure to save the "What's new in Play" session to My I/O to learn about the latest tools and updates designed to help you grow your business on Google Play. Register now Upcoming Google Play and Android policy deadlines May 2024 • All apps must use the monetization.subscriptions A
Continue Reading....

17 features and tricks to help you get started with Spotify

-
Image
Spotify is one of the world's most popular music streaming services, with 157 million active users ( as of December 2017 ) and over 35 million songs. Originally born in Sweden, it quickly gained popularity as it expanded outside of its home country. Frankly, it's hard to believe that Spotify hit U.S. shores almost seven years ago. For many who were accustomed to mainstays at the time like Pandora and iHeartRadio, Spotify represented something different. And to some of us, its disparity to those other services was off-putting. I was one of those people who was initially excited about it, then quickly became frustrated with it when I tried to use it like Pandora, which was my go-to back then. Fast forward to the very recent past and I decided to give Spotify another try — at the behest of Artem, no less. When I sat down to figure out how to best utilize it, I wanted to learn how to not only get going, but how to use Spotify to the best of its abilities in both the free
Continue Reading....