Submitted via IRC for Fnord666
The team behind secure messaging app Signal says Amazon has threatened to drop the app if it doesn't stop using an anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike — founder of Signal developer Open Whisper Systems — posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider.
Amazon has said that it's banning domain-fronting so malware purveyors can't disguise themselves as innocent web traffic. But Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal.
Source: https://www.theverge.com/2018/5/1/17308508/amazon-web-services-signal-domain-fronting-ban-response
Also at TechCrunch and TechRepublic.
See also: A Google update just created a big problem for anti-censorship tools
APT29 Domain Fronting With TOR
Previously: Encrypted Messaging App Signal Uses Google to Bypass Censorship
Related: Open Whisper Systems Releases Standalone "Signal" Desktop App
(Score: 2, Interesting) by Anonymous Coward on Wednesday May 02 2018, @08:22PM (3 children)
Amazon and Google are in the right here. Any practice which subverts the integrity of the DNS system, regardless of the intent, is an attack on the entire Internet.
It's unfortunate that the "good guys" are on the wrong end of this, but the responsibility isn't with the potential malware authors or the infrastructure providers that make this decision, but with the censors who make it necessary to work around them in the first place.
Hopefully a different way of circumventing the censorship apparatus will be found soon.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @08:26PM (1 child)
Indeed, that's how such censorship is possible already. DNS and IP routing are easily captured by centralized, authoritarian gans, such as governments.
(Score: 2) by KiloByte on Wednesday May 02 2018, @11:03PM
Censorship interprets the Internet as damage and routes around it.
Ceterum censeo systemd esse delendam.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @08:39PM
Make a distributed social network something like Fidonet. Encode the nightly batches into cat pics. We could call it Mittens-net.