Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Messaging App Signal Uses Google To Bypass Censorship (pcworld.com)

Posted by msmash on from the outwitting-with-tech dept.

Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts. Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too. From a report on PCWorld: Open Whisper Systems, the company that develops Signal -- a free, open-source app -- faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple's FaceTime and other voice-over-IP apps were also being blocked. The solution from Signal's developers was to implement a censorship circumvention technique known as domain fronting that was described in a 2015 paper by researchers from University of California, Berkeley, the Brave New Software project and Psiphon. The technique involves sending requests to a "front domain" and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.

1 of 87 comments (clear)

  1. Re:So Google gets metadata? by Anonymous Coward · · Score: 2, Insightful

    1) Signal has never, ever, ever claimed to provide any protection for message addressing metadata that could be derived from analysis of the TCP conversations required to use Signal. It only claims to protect the _contents_ of your conversation and -if you bother to verify the keys of your conversing party- provide MitM protection to ensure that your conversing party is who you think they are.

    2) Google is far more honest and forthright than the operators of most networking equipment in the path between Alice and OWS's servers, and Bob and OWS's servers. https://en.wikipedia.org/wiki/Room_641A , anyone?