Slashdot Mirror
Google Is Shuttering Domain Fronting, Creating a Big Problem For Anti-Censorship Tools (theverge.com)
"The Google App Engine is discontinuing a practice called domain fronting, which lets services use Google's network to get around state-level internet blocks," reports The Verge. While the move makes sense from a cybersecurity perspective as domain fronting is widely used by malware to evade network-based detection, it will likely frustrate app developers who use it to get around internet censorship. From the report: First spotted by Tor developers on April 13th, the change has been rolling out across Google services and threatens to disrupt services for a number of anti-censorship tools, including Signal, GreatFire.org and Psiphon's VPN services. Reached by The Verge, Google said the changes were the result of a long-planned network update. "Domain fronting has never been a supported feature at Google," a company representative said, "but until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature."
Domain-fronting allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important for evading state-level censorship, which might try to block all the traffic sent to a given service. As long as the service was using domain-fronting, all the in-country data requests would appear as if they were headed for Google.com, with encryption preventing censors from digging any deeper. We do not yet know exactly why and when Google is shutting down the practice, but will update this post once we learn more.
Domain-fronting allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important for evading state-level censorship, which might try to block all the traffic sent to a given service. As long as the service was using domain-fronting, all the in-country data requests would appear as if they were headed for Google.com, with encryption preventing censors from digging any deeper. We do not yet know exactly why and when Google is shutting down the practice, but will update this post once we learn more.
Domain fronting is a case of "just because you can do something, doesn't mean you should."
Domain-Fronting was a good idea with a huge potential for abuse.
VPNs and TOR are the answer to getting around blocks. While you are at it, switch your DNS to 1.1.1.1
The real answer to our problem is to kick China and Russia off the Internet until they learn how to behave.
i.e. the service Telegram is using to evade Russia.
If there's any doubt that Google would stand up to Russia, take a look here. Russia blocks Google, Google pulls the service.
And can you blame them?
As a corporation, defending freedom is not profitable, and as people, Sergey Mikhaylovich Brin has family in Russia, family with balconies and door handles.
So they comply with Putin, just as Trump did in cancelling the new Russian sanctions.