Amazon Web Services Starts Blocking Domain-Fronting

Earlier this month, Google announced it is discontinuing domain fronting, a practice that lets developers disguise their traffic to evade network blocks. Now, Amazon Web Services has announced a similar move to implement a new set of enhanced domain protections specifically designed to stop domain fronting. The Verge reports: In the post, Amazon characterized the change as an effort to stamp out malware. "Tools including malware can use this technique between completely unrelated domains to evade restrictions and blocks that can be imposed at the TLS/SSL layer," the post explained. "No customer ever wants to find that someone else is masquerading as their innocent, ordinary domain." Domain-fronting works by using major cloud providers as a kind of proxy, making a data request seem like it's heading to a major service like Google or Amazon only to be forwarded along to a third party once it reaches the broader internet. Unfortunately for circumvention tools, neither Amazon nor Google will let them pull that trick anymore. Amazon will still allow domain fronting within domains owned by the same customer (or more specifically, listed under the same SSL certificate), but customers can no longer use the technique to disguise where data is going, making it far less useful for blocked apps.

Telegram

[roman_mir]

So the reason for this I bet is the latest fight that is happening between Telegram and ROSKOMNADZOR - a Russian government agency that is trying to block this service.

You can surely find all the information you want/need on this topic but what I want to add is that it is amazing how quickly these companies folded to pressure applied by the Russian government Mafia.

Re:Telegram

[Wolfier]

Very interesting. Telegram seems the most likely ultimate cause. If Russia is threatening to block all of AWS, I can imagine this happening.