Interesting People mailing list archives
Encryption App 'Signal' Fights Censorship With a Clever Workaround
From: "Dave Farber" <farber () gmail com>
Date: Sat, 24 Dec 2016 23:17:10 -0500
Begin forwarded message:
From: Dewayne Hendricks <dewayne () warpspeed com> Date: December 23, 2016 at 4:25:50 PM EST To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com> Subject: [Dewayne-Net] Encryption App 'Signal' Fights Censorship With a Clever Workaround Reply-To: dewayne-net () warpspeed com Encryption App ‘Signal’ Fights Censorship With a Clever Workaround By Andy Greenberg Dec 21 2016 <https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/> Any subversive software developer knows its app has truly caught on when repressive regimes around the world start to block it. Earlier this week the encryption app Signal, already a favorite within the security and cryptography community, unlocked that achievement. Now, it’s making its countermove in the cat-and-mouse game of online censorship. On Wednesday, Open Whisper Systems, which created and maintains Signal, announced that it’s added a feature to its Android app that will allow it to sidestep censorship in Egypt and the United Arab Emirates, where it was blocked just days ago. Android users can simply update the app to gain unfettered access to the encryption tool, according to Open Whisper Systems founder Moxie Marlinspike, and an iOS version of the update is coming soon. Signal’s new anti-censorship feature uses a trick called “domain fronting,” Marlinspike explains. A country like Egypt, with only a few small internet service providers tightly controlled by the government, can block any direct request to a service on its blacklist. But clever services can circumvent that censorship by hiding their traffic inside of encrypted connections to a major internet service, like the content delivery networks (CDNs) that host content closer to users to speed up their online experience—or in Signal’s case, Google’s App Engine platform, designed to host apps on Google’s servers. “Now when people in Egypt or the United Arab Emirates send a Signal message, it’ll look identical to something like a Google search,” Marlinspike says. “The idea is that using Signal will look like using Google; if you want to block Signal you’ll have to block Google.” The trick works because Google’s App Engine allows developers to redirect traffic from Google.com to their own domain. Google’s use of TLS encryption means that contents of the traffic, including that redirect request, are hidden, and the internet service provider can see only that someone has connected to Google.com. That essentially turns Google into a proxy for Signal, bouncing its traffic and fooling the censors. That domain fronting technique has already been used by other encryption and anti-censorship tools like Tor, Psiphon, and Lantern. And it doesn’t just depend on Google, but also works with CDNs like Cloudflare, Akamai, and Amazon Cloudfront. So a censor attempting to block the circumvention method would have to block not only Google, but also a long list of other major services. “All of that together represents a large chunk of internet traffic,” says Marlinspike. “Eventually disabling Signal starts to resemble disabling the internet.” [snip] Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161224231718:037E6F08-CA59-11E6-98DD-928B45A6A1DD Powered by Listbox: http://www.listbox.com
Current thread:
- Encryption App 'Signal' Fights Censorship With a Clever Workaround Dave Farber (Dec 24)