Encryption App 'Signal' Fights Censorship With a Clever Workaround

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: December 23, 2016 at 4:25:50 PM EST
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Encryption App 'Signal' Fights Censorship With a Clever Workaround
> Reply-To: dewayne-net () warpspeed com
>
> Encryption App ‘Signal’ Fights Censorship With a Clever Workaround
> By Andy Greenberg
> Dec 21 2016
> <https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/>
>
> Any subversive software developer knows its app has truly caught on when repressive regimes around the world start to 
> block it. Earlier this week the encryption app Signal, already a favorite within the security and cryptography 
> community, unlocked that achievement. Now, it’s making its countermove in the cat-and-mouse game of online censorship.
>
> On Wednesday, Open Whisper Systems, which created and maintains Signal, announced that it’s added a feature to its 
> Android app that will allow it to sidestep censorship in Egypt and the United Arab Emirates, where it was blocked 
> just days ago. Android users can simply update the app to gain unfettered access to the encryption tool, according to 
> Open Whisper Systems founder Moxie Marlinspike, and an iOS version of the update is coming soon.
>
> Signal’s new anti-censorship feature uses a trick called “domain fronting,” Marlinspike explains. A country like 
> Egypt, with only a few small internet service providers tightly controlled by the government, can block any direct 
> request to a service on its blacklist. But clever services can circumvent that censorship by hiding their traffic 
> inside of encrypted connections to a major internet service, like the content delivery networks (CDNs) that host 
> content closer to users to speed up their online experience—or in Signal’s case, Google’s App Engine platform, 
> designed to host apps on Google’s servers.
>
> “Now when people in Egypt or the United Arab Emirates send a Signal message, it’ll look identical to something like a 
> Google search,” Marlinspike says. “The idea is that using Signal will look like using Google; if you want to block 
> Signal you’ll have to block Google.”
>
> The trick works because Google’s App Engine allows developers to redirect traffic from Google.com to their own 
> domain. Google’s use of TLS encryption means that contents of the traffic, including that redirect request, are 
> hidden, and the internet service provider can see only that someone has connected to Google.com. That essentially 
> turns Google into a proxy for Signal, bouncing its traffic and fooling the censors.
>
> That domain fronting technique has already been used by other encryption and anti-censorship tools like Tor, Psiphon, 
> and Lantern. And it doesn’t just depend on Google, but also works with CDNs like Cloudflare, Akamai, and Amazon 
> Cloudfront. So a censor attempting to block the circumvention method would have to block not only Google, but also a 
> long list of other major services. “All of that together represents a large chunk of internet traffic,” says 
> Marlinspike. “Eventually disabling Signal starts to resemble disabling the internet.”
>
> [snip]
>
> Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161224231718:037E6F08-CA59-11E6-98DD-928B45A6A1DD
Powered by Listbox: http://www.listbox.com