Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts. Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.
The solution from Signal's developers was to implement a censorship-circumvention technique known as domain fronting that was described in a 2015 paper [PDF] by researchers from University of California, Berkeley, the Brave New Software project and Psiphon.
The technique involves sending requests to a "front domain" and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.
(Score: 2) by opinionated_science on Saturday December 24 2016, @06:46PM
Is this what Google does (on my Nexus 6P) when it offers to secure the wifi connection?
It would seem obvious that since the initial transfer is https->google.com, after that the secure session can be passed of to any other app.
For signal this is great, as it also stops phone companies from preventing you using wifi-calling...
Yes, there are some networks that try to limit what you can do, so this technique would prevent this.
As an aside, does anyone know if this would get through the air wifi, which allows me to access google, but nothing else..?(united's wifi I am talking about - their app is *really* bad....).
(Score: 2) by darkfeline on Saturday December 24 2016, @10:41PM
The claim is that Google routes your traffic through a secure VPN, so no, it's probably not using this hack.
Join the SDF Public Access UNIX System today!