Encrypted Messaging App Signal Uses Google To Bypass Censorship

Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts. Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too. From a report on PCWorld: Open Whisper Systems, the company that develops Signal -- a free, open-source app -- faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple's FaceTime and other voice-over-IP apps were also being blocked. The solution from Signal's developers was to implement a censorship circumvention technique known as domain fronting that was described in a 2015 paper by researchers from University of California, Berkeley, the Brave New Software project and Psiphon. The technique involves sending requests to a "front domain" and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.

Egypt blocks Google... end of story

I'm just waiting until Egypt does what China has done and blocks Google until they comply. Hopefully not.

Signal is an awesome app. It reminds me of the old TextSecure app that isn't made any longer, which was a perfect replacement for Android's stock SMS appl

Re:Egypt blocks Google... end of story

[TadMSTR]

TextSecure was their original app. They replaced it with Signal.

Re:Egypt blocks Google... end of story

[mlw4428]

Signal is made by the same devs who make Signal.

Re:Egypt blocks Google... end of story

True dat.

Re:Egypt blocks Google... end of story

Whoa, whoa, whoa. Slow down egghead.

Re:Egypt blocks Google... end of story

[afgam28]

According to the article a lot of cloud service providers and CDNs allow HTTP host header redirection, so the Egyptian government would need to block a lot than just google.com.

China also had to create a domestic tech industry to replace all the foreign websites that it blocked. A country the size of China can pull this off, but Egypt is much smaller...

Re:Egypt blocks Google... end of story

SIlence is a fork of TextSecure and can be found on F-Droid. Silence still use SMS whereas Signal uses cellular data and the messages are routed through a central point.

I prefer, and use, Silence because I don't want to have to rely on data to send a simple text message.

Re:Egypt blocks Google... end of story

I'm just waiting until Egypt does what China has done and blocks Google until they comply. Hopefully not.

Until Google complies with what? Does Google have any involvement in this matter?

Re:Egypt blocks Google... end of story

I love how a post that provides zero information is modded informative.

Re:Egypt blocks Google... end of story

[fbobraga]

you must be new here...

Re:Egypt blocks Google... end of story

[mlw4428]

I was replying to the AC post of: "Signal is an awesome app. It reminds me of the old TextSecure app that isn't made any longer, which was a perfect replacement for Android's stock SMS appl" by informing him (and potentially others) that the guys who made TextSecure make Signal as it seemed from the post like AC thought they were completely different apps. It's informative for those who didn't know this information previously, I'm sorry you took offense to that.

Re:Egypt blocks Google... end of story

[moronoxyd]

That's what you wanted to do.
But what you did write is 'Signal is made by the same devs who make Signal.'

So... no mention of TextSecure in there.

Re:Egypt blocks Google... end of story

informing him (and potentially others) that the guys who made TextSecure make Signal

I think we all understood that is what you meant, but that isn't what you said. Please re-read what you wrote.

Obligatory XKCD.

Re:Egypt blocks Google... end of story

[mlw4428]

Yeah, I just saw it. Go ahead, downvote that post. Haha.

Re:Egypt blocks Google... end of story

FWIW, I totally read your original comment the way you meant it. I had to go back and re-read after seeing the replies.

Re: Egypt blocks Google... end of story

thats what i was thinking imagin the out cry and broken google integration devices they would have a full on revolt.

Re:Egypt blocks Google... end of story

[slashrio]

China could try to force all those CDNs to record, store and deliver them all the encrypted http headers (after decrypting them of course) they redirect to, including the issuing IP addresses, or else be blocked altogether.

Re:Egypt blocks Google... end of story

As long as they provide sites with camel porn, the Egyptians should be happy.

Re: Egypt blocks Google... end of story

Or they simply block https.

Re:Egypt blocks Google... end of story

Gives humping a whole new meaning!

Re:Egypt blocks Google... end of story

[St.Creed]

If the article is right about how this works, it should work with any website that obeys the specs. Unless you ban everything that uses https (good luck with that) you're not going to be able to stop this.

Their research revealed that many cloud service providers and content delivery networks allow HTTP host header redirection, including Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly and Akamai. However, most of them only allow it for domains that belong to their customers, so one must become a customer in order to use this technique.

Oh, how tough. I must be a CloudFlare customer to use this. *clickety click* Tadaaaah! Done.

So they're going to block all the major content delivery networks? Might as well just cut the cable to the rest of the world. This can only be stopped if they can get the CDN's and cloud services (all of them) to stop redirecting traffic. They may do it for China, but I doubt they'd do it for Syria or Egypt.

Re: Egypt blocks Google... end of story

[St.Creed]

Oh joy. If I were a cyber criminal, which I am not, obviously, I would be focusing all my attention on the country that did that. It must be wonderful to work in a country where encryption is illegal, even for banking apps.

Re: Egypt blocks Google... end of story

China could force me how? I do nit give a shit about China and their shit-communist party and now that commie Obongo is gone and President Trump is coming in, I have to worry about China just how much?

Re: Egypt blocks Google... end of story

[slashrio]

Sorry, responding to and AC who seems not even able to read a single sentence correctly is below my threshold of self esteem.

So Google gets metadata?

[fph+il+quozientatore]

So, IANACryptographer, but if I understand correctly: Google gets metadata when Alice sends a message (because connect to its server using this "fronting"), and when Bob receives one (because Signal delivers messages using GCM). It doesn't look too hard for them to reconstruct that Alice is exchanging messages to Bob.

Re:So Google gets metadata?

[donaggie03]

So, IANACryptographer, but if I understand correctly: Google gets metadata when Alice sends a message (because connect to its server using this "fronting"), and when Bob receives one (because Signal delivers messages using GCM). It doesn't look too hard for them to reconstruct that Alice is exchanging messages to Bob.

Except Google's servers are sending and receiving millions upon millions of messages every second, so no it wouldn't be very easy to match up one particular sender with one particular receiver. Then you have the problem that, as you said, Google gets the metadata, not Egypt, and Google has no interest in trying to reconstruct this conversation, regardless of how easy it may be to do so.

Re:So Google gets metadata?

[arth1]

In a nutshell, any security that depends on a third party becomes vulnerable to the integrity of the third party. Google and any agency that has ties with Google can certainly run traffic analysis and log the end points and request response sizes, even if the TLS connection is forwarded. When using Google, with the added advantage of having profiles for the contents already.
Even more, merely using such a service puts the traffic in the category of what's interesting and worthwhile trying to analyze and break.

So the question is "how far do you trust Google and other third parties?"

Re:So Google gets metadata?

[radiumsoup]

well, in this case, probably a lot farther than the government of Egypt.

Re:So Google gets metadata?

[arth1]

Google has no interest in trying to reconstruct this conversation, regardless of how easy it may be to do so.

Google has an interest in complying with the laws of the countries in which it operates. Are you sure that certain government agencies or individuals representing such agencies have no such interest?

Re:So Google gets metadata?

[arth1]

well, in this case, probably a lot farther than the government of Egypt.

That depends on who and where you are. I'm certain that some other governments who can pull Google's strings have the means to harm you far more than the Egyptian government. That may even be true for many Egyptians.

Re:So Google gets metadata?

1) Signal has never, ever, ever claimed to provide any protection for message addressing metadata that could be derived from analysis of the TCP conversations required to use Signal. It only claims to protect the _contents_ of your conversation and -if you bother to verify the keys of your conversing party- provide MitM protection to ensure that your conversing party is who you think they are.

2) Google is far more honest and forthright than the operators of most networking equipment in the path between Alice and OWS's servers, and Bob and OWS's servers. https://en.wikipedia.org/wiki/Room_641A , anyone?

Re:So Google gets metadata?

> Google can certainly run traffic analysis and log the end points and request response sizes, even if the TLS connection is forwarded.

So can any ISP or network equipment operators between a Signal user and OWS's servers. I'm wondering just _exactly_ what threat you think Google poses to Signal users. Is your sole concern that Google will figure out that two computers are communicating with Signal and do $SOMETHING with that data?

Newsflash: The big infrastructure operators like ATT can _already_ do this sort of thing, without anyone's cooperation. Google is _far_ more scrupulous than the big telcos. Never forget https://en.wikipedia.org/wiki/Room_641A . Google sure as fuck doesn't.

Re:So Google gets metadata?

[DRJlaw]

That depends on who and where you are. I'm certain that some other governments who can pull Google's strings have the means to harm you far more than the Egyptian government. That may even be true for many Egyptians.

Then don't use the application. You're free to completely secret, and thus incommunicado, by not initiating a connection through Google and remaining blocked.

Re:So Google gets metadata?

[Threni]

Google would presumably reveal that they are doing so for a given country, though.

Re:So Google gets metadata?

Spoken like a true low id LUSER. You're so courageous about your opinions, why don't you make them clear instead of being a passive aggressive little fuckwit? What "other governments" are you referring to that intend more harm to people than the Egyptian government and why is it that they want to "harm" me exactly?

Just because the other old turds on this site mod you up doesn't mean you made a good point or had anything relevant to say.

Re:So Google gets metadata?

[arth1]

So can any ISP or network equipment operators between a Signal user and OWS's servers. I'm wondering just _exactly_ what threat you think Google poses to Signal users. Is your sole concern that Google will figure out that two computers are communicating with Signal and do $SOMETHING with that data?

What you're missing is that Google knows the endpoint (or next step, if daisy-chained), which your ISP or firewall doesn't. Seeing that you visit overthrow.sedition.org is Useful Information for the snoops.

(It's worse because it's Google, because they also having statistics for traffic size, order and latencies for the endpoint web sites, making it possible to determine and log probabilities for just what content is being accessed too.)

Re:So Google gets metadata?

[arth1]

Google would presumably reveal that they are doing so for a given country, though.

Funny man. You really think that Google would tell you if an all writs or security court order compelled them to assist the US government and not disclose it to anyone? And that they aren't already doing this?

Re:So Google gets metadata?

[fph+il+quozientatore]

It is significantly easier for Google to match up senders and receivers. Even if you they go through millions of messages per second, in an exchange of, like, 20 IMs they can see if the timestamps of Alice's sent messages pair up almost perfectly with those of Bob's received messages. My ISP cannot do that, unless they see both halves of the conversation.

Re:So Google gets metadata?

Easy solution: use the most common websites that are not blocked and have good infrastructure.
Google. Microsoft. Amazon. etc.
Even if you were to get X% of the message, it will be an absolute pain in 51 asses to reconstruct it unless all these companies decide to cooperate on it. (unlikely even in the business sense)

You might piss off a few sys-admins, but it gives them something to do. I always hear how boring their jobs are and how they need to "break" peoples computers on purpose to actually have any fun.

Of course, it won't matter. Signal will end up being banned entirely soon enough. And everything else.

Re:So Google gets metadata?

I'm confused. You've made assertions that -while more or less factual- have absolutely nothing to do with any of the points I raised in my conversation. Did you mean to reply to another poster, or did you merely find and post the nearest matching response on your script?

Re:So Google gets metadata?

> What you're missing is that Google knows the endpoint...

What you obviously skimmed over was this part in my comment:

"Newsflash: The big infrastructure operators like ATT can _already_ do this sort of thing, without anyone's cooperation. Google is _far_ more scrupulous than the big telcos. Never forget https://en.wikipedia.org/wiki/Room_641A . Google sure as fuck doesn't."

You also failed to respond to my question. I guess you don't actually have a threat model, and are just playing the role of anti-Google fearmonger?

Re:So Google gets metadata?

[swillden]

Google would presumably reveal that they are doing so for a given country, though.

Funny man. You really think that Google would tell you if an all writs or security court order compelled them to assist the US government and not disclose it to anyone? And that they aren't already doing this?

I don't think there is, at present, any sort of standard legal mechanism that could compel disclosure of message content coupled with a gag order. A National Security Letter has the gag order, but can't compel disclosure of content, and other mechanisms don't have the gag order. I suppose a judge could issue an order that does both, but it's hard to see what sort of situation would motivate a judge to do that... and which wouldn't get rejected by the appellate court.

Re:So Google gets metadata?

If it was the US government that issued such an order and it was legal, then I'm sure they wouldn't, as they are a US-based company, which makes it tricky for them to ignore US-based laws.

If a country like Egypt issued such an order, however, they could conceivably cease their business operations there and ignore the order.

Re:So Google gets metadata?

The thing is, if Signal gets banned, something else will take its place. We saw how Napster, AudioGalaxy, Kazaa, and many other sharing sites have gotten turfed, only to have some other iteration rear its head. The only thing that will really work is an endpoint NAC... think an AV program, except scanning for signatures from dissident sites and other government banned items, has to be on the machine, and the machine has to have a hardware DRM stack in order to pass the healthcheck.

Re:So Google gets metadata?

[currently_awake]

Autocratic governments don't need a specific law, they just tell people/corporations what they want. It's like when the US government discovered they can ignore the Constitution if they tell a corporation to do the job and give them the intelligence instead of doing the spying directly.

Re:So Google gets metadata?

[swillden]

Autocratic governments don't need a specific law, they just tell people/corporations what they want. It's like when the US government discovered they can ignore the Constitution if they tell a corporation to do the job and give them the intelligence instead of doing the spying directly.

It's a good thing the United States doesn't work like that. Not yet, at least.

Re:So Google gets metadata?

[nadador]

Signal delivers notifications with GCM, not messages themselves. But yes, meta-data is not secure.

Re:So Google gets metadata?

[fph+il+quozientatore]

Oops - you are right, maybe your post was not the best one to answer to among the two-three that made similar claims. Anyway, it still applies to what you wrote in point 2: I meant to say that Google here is in a significantly stronger position than "the operators of most networking equipment between Alice/Bob and OWS's servers", because it has access to both endpoints. The attack I have described would not work for Alice's ISP (unless it also happens to be Bob's ISP).

Re: So Google gets metadata?

That would also require Google to log tjese redirects or they could not disclose them.

Re:So Google gets metadata?

[tlhIngan]

Google has no interest in trying to reconstruct this conversation, regardless of how easy it may be to do so.

Google doesn't care about the contents of the message (they're encrypted, anyways). However, the metadata is still valuable information if you want to see relationships.

And relationships are valuable marketing information - Google has to share that information with all the other Alphabet companies now (because the new Alphabet privacy policy ensures it), so even though the metadata might not seem important, you can bet the other Alphabet companies doing marketing (like DoubleClick) are *very* interested in that data.

Knowing how people interact means advertisers can target like minded people. So Alice knowing Bob means Bob's preferences in stuff might be used to show ads to Alice in case she's interested too.

Google's more trustworthy, yes, but only because they're more willing to sell/share that information for marketing purposes than use it for oppression.

Google's not doing this for free, after all. They're getting SOMETHING out of it.

Re:So Google gets metadata?

> I meant to say that Google here is in a significantly stronger position than "the operators of most networking equipment between Alice/Bob and OWS's servers", because it has access to both endpoints.

I guess you don't know _just_ how _big_ operators like ATT, Verizon, and Sprint are... Why _exactly_ do you think NSA went to ATT to get copies of Internet backbone traffic? It certainly _wasn't_ because they have a very limited view of Internet traffic...

Universal back-end

Could the same technique used with Amazon S3, CloudFlare, or Azure back-ends? It would probably be a lot more difficult to trace if requests are distributed amongst multiple domains, those get enough traffic that the messaging would likely get lost in the "noise."

Re:Universal back-end

Could the same technique used with Amazon S3, CloudFlare, or Azure back-ends?

Yes. That's what Tor "meek" transport does, and it works reliably in China.

Re:Universal back-end

[St.Creed]

I'll quote the article for you, which helpfully describes points like the one in your question.

Their research revealed that many cloud service providers and content delivery networks allow HTTP host header redirection, including Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly and Akamai. However, most of them only allow it for domains that belong to their customers, so one must become a customer in order to use this technique.

RTFA. It will make the writer happy.

I'd give it a day before Google blocks it

Frankly, I'm surprised they allow Host header redirection to unknown sites in the first place. Seems open to abuse, like an open mail relay....

Re:I'd give it a day before Google blocks it

Okay, I need to read TFA:

"No matter the specifics of particular web services, as
a general rule they do not forward requests to arbitrary
domains—only to domains belonging to one of their customers.
In order to deploy a domain-fronting proxy, one
must become a customer of the CDN (or Google, etc.)
and pay for bandwidth"

Blocking of https://*.google.com in Egypt soon

[davidwr]

Egypt and other countries that want to block Signal will now have to start blocking https://.google.com/ and https://.cnd_domain_here/ real soon now.

This would allow non-encrypted Google searches and non-encrypted CDN traffic. Since most users in those countries know their government is spying on them, er, I mean protecting them from bad stuff on the Internet, this shouldn't cause too much domestic political blowback.

Face it, if you are in a country with draconian censorship or government monitoring - like North Korea and possiby China - you'll need to use stegonography to hide the fact that you are even encrypting things. Furthermore, if you need to "encrypt and hide" more than a relatively small amount of data, you'll have to use a technique that is "custom made" or at least a "custom variation" of well-known formats to avoid detection. I'm not saying the people in Egypt are in this situation now, but people in some parts of the world are.

Is this used by default for everyone now?

[TheDarkener]

FTFA: "The anti-censorship feature is currently present in the latest version of Signal for Android. It’s also included in a beta version of the app for iOS that will be released in production soon. The developers also plan future improvements that will allow the app to detect censorship automatically and switch to domain fronting even if the user has a phone number from a country where censorship is not normally present. This is intended to cover those cases where users travel to other countries where the app is blocked."

I reside in a country that doesn't (yet) block Signal. But will my app automatically use domain fronting anyway? I'd rather not use the feature unless absolutely necessary, to protect the integrity and privacy of my communications.

Re:Is this used by default for everyone now?

I get the privacy concern. What exactly is your integrity concern given their implementation?

SOUNDS HIGHLY ILLEGAL

Don't do it. You could get into trouble. Be kind to yourself. Please. Do not do this.

The acid test for such an app

[Applehu+Akbar]

If it can operate through sites other than Google, can it get through to and from China?

Re:The acid test for such an app

We are using Signal in China. It is not blocked, yet. Just a matter of time though.

Thought about installing Signal

[NoSalt]

I have thought about installing Signal, but then I always remember the laundry list of permissions it wants access to in order to install. This app is supposed to make us feel comfortable about being "secure" but it asks for way more privileges than any other app I have ever installed. And speaking of "ever", given the recent Evernote announcement, I worry about giving another company access to THAT MUCH of my phone's contents.

What is everybody else's opinion on Signal?

Re:Thought about installing Signal

[PvtVoid]

I have thought about installing Signal, but then I always remember the laundry list of permissions it wants access to in order to install.

Here is a rundown on device permissions for Signal. Most of them seem basically necessary for a functional messaging app.

What is everybody else's opinion on Signal?

I've been using it for a few weeks, and I like it just fine. It is a transparent replacement for my default messaging app, and handles encryption to/from other signal users transparently. An additional perk is a Chrome plugin which lets me send/receive SMS messages from my browser. For a lot of obvious reasons, it is likely to be nowhere near as secure as a set of properly managed PGP keys, but IMO a lot of useful progress in widely deployed crypto has been hamstrung by paranoia, and letting the perfect be the enemy of the good.

One disconcerting thing is that it goes through your contact list upon install, and notifys you of all people on your contacts list who have Signal enabled, without the permission of those contacts. This should be configurable, and opt-in. Sad!

Re:Thought about installing Signal

Used Signal nearly exclusively since it was called TextSecure. There's been a few hiccups with MMS that are better now and they've added voice calls and more.

Note that if you lose your phone or upgrade it and wipe the old one prematurely, you'll lose all your stored conversations, as you should. Nobody else has those keys.

I agree it's a bit disturbing that it seems to send your contacts list to Signal servers (it must, to parse for other Signal users), but I see why they do that. "Do you use Signal, the encrypted messaging app?" is an odd start to a conversation otherwise. I wouldn't have a third of the Signal contacts I have without that notification, honestly.

Re:Thought about installing Signal

With the fact that even a fleshlight app on Android demands every permission under the sun, installing Signal isn't too bad. It is as close to iMessage as you can get on Android, and it does a good job of not just protecting messages in flight, but encrypting them as well.

I'd use it. If worried, use XPrivacy.

Re:Thought about installing Signal

With the fact that even a fleshlight app on Android demands every permission under the sun

Heard it from a friend.

Re:Thought about installing Signal

[turning+in+circles]

Most of my friends won't/wouldn't use Signal, and if you are always talking to people with default Apple/Android, nothing is encrypted anyway and the fact Signal doesn't attach photos easily and couldn't handle group texts made it not valuable. So I quit using Signal.

Other option of course is ditch the friends/family who won't use Signal for friends/family who do.

Re: Thought about installing Signal

Most of my friends won't/wouldn't use Signal, and if you are always talking to people with default Apple/Android, nothing is encrypted anyway and the fact Signal doesn't attach photos easily and couldn't handle group texts made it not valuable. So I quit using Signal.

I have the same problem with friends and family. They don't get why you'd want to use it and if they install it they bitch that it's "different" and stop using it. Sometimes I really hate people.

It does, however, have group messages and easy attachment sending. I've been using both regularly. I don't know why you suggest that it doesn't.

Re:Thought about installing Signal

I just went through the list and most of the permissions it ‘needs’ aren't at all necessary.
Yes, they've listed an excuse for every permission, but really, it's just a chatbox.
The only thing it really needs is to be able to connect to peers or a server when it's open.

Redirects look different than search responses

[laughingskeptic]

Egypt doesn't have to block www.google.com, they only have to discern which internal IPs are attempting to communicate securely and blacklist those IPs from performing out-bound connections. As long as Egypt's firewall can tell the difference between a redirect and a normal search response they can do this. Google would have to start padding redirect responses to make it harder to tell the difference between these response types.

Re: Redirects look different than search responses

They can't tell the difference. it's https traffic.

Re: Redirects look different than search responses

[laughingskeptic]

They still know the length of the response and for redirects, this is short.

Re:Redirects look different than search responses

I haven't bothered to RTFA, but I assume what they're talking about is the same thing as Meek. In this situation, there's no actual "redirect" (in the sense of a 3xx HTTP response) going on. It's just that the program puts an inoffensive hostname such as "www.google.com" in the SNI header (which is not encrypted), and a different hostname (e.g. "secret-signal-server.appspot.com") in the Host header (which *is* encrypted.) Google's edge servers don't care what you put in the SNI header, except insofar as they will serve you a certificate that is valid for that hostname. The Host header is what actually controls which virtual server receives the request.

So no, even if the censors had some way to distinguish encrypted 3xx responses from encrypted 2xx responses with a small body, that would not help them.

Tautologically informative

[raymorris]

> Signalis made by the same devs who make Signal . At the moment, that's moderated +4 Informative. Since that's informative, let me add that Frosted Flakes is made by the same people who make Frosted Flakes.

Re:Tautologically informative

On the other hand, if you're a dick, you're a dick.

Re: Redirects look different than search response

There are lots of short messages. Just think of the normal redirects to mobile versions of sites with the billions of mobile devices.

Re: Only apps can app apps!

Signal does this, May do it, sometimes? Or users do it, how exactly. Murky tech crypto advice.... how's that going in getting everyone encrypted, which would stop crypto-flagging?

Re:Only apps can app apps!

The luddites eat big sausage when apping the app in the pack on their back

It doesn't work

I'm in UAE and still cannot sign up to Signal.

Its a proxy? amiright?

Someone researched and made a proxy, and it got in the news... Yay! The wheel is round again.

Re: Redirects look different than search response

[St.Creed]

Indeed - some major websites do about 5 redirects before you ever get to any content. It's the norm, not the exception. Good luck with that haystack.

Signal is not very good anyways

[Nocturrne]

I've never liked Signal because it associates users to mobile phone numbers and doesn't have a good PC companion app. Mobile phones are amazingly effective tracking and surveillance devices. We should try very hard to avoid using them or at least decouple them from the phone system as much as possible. We need anonymous mobile computing devices. :)

WTF is an 'app signal'?

[swell]

"Encrypted Messaging App Signal Uses Google To Bypass Censorship"

When every word is capitalized, capitals have no meaning. Wake up Slashdot, headlines don't need this hype and I don't have time to try to decipher them. The English language works- use it!

Re:WTF is an 'app signal'?

[ryocoon]

It is called a "Title". In standard English composition a title is all capitalized. Much like a novel or movie title. However this is an article title. Therefore it is capitalized. Notice the summary is not in all caps.

back to work again :(

Now that everyone knows my little secret its time I upgraded security on my server.