Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday May 02 2018, @07:43PM   Printer-friendly
from the nowhere-to-hide dept.

Submitted via IRC for Fnord666

The team behind secure messaging app Signal says Amazon has threatened to drop the app if it doesn't stop using an anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike — founder of Signal developer Open Whisper Systems — posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider.

Amazon has said that it's banning domain-fronting so malware purveyors can't disguise themselves as innocent web traffic. But Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal.

Source: https://www.theverge.com/2018/5/1/17308508/amazon-web-services-signal-domain-fronting-ban-response

Also at TechCrunch and TechRepublic.

See also: A Google update just created a big problem for anti-censorship tools
APT29 Domain Fronting With TOR

Previously: Encrypted Messaging App Signal Uses Google to Bypass Censorship

Related: Open Whisper Systems Releases Standalone "Signal" Desktop App


Original Submission #1   Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by EvilSS on Wednesday May 02 2018, @08:49PM (3 children)

    by EvilSS (1456) Subscriber Badge on Wednesday May 02 2018, @08:49PM (#674757)
    So here is the letter that AWS sent to Signal.

    Yesterday AWS became aware of your Github and Hacker News/ycombinator posts describing how Signal plans to make its traffic look like traffic from another site, (popularly known as “domain fronting”) by using a domain owned by Amazon -- Souq.com. You do not have permission from Amazon to use Souq.com for any purpose. Any use of Souq.com or any other domain to masquerade as another entity without express permission of the domain owner is in clear violation of the AWS Service Terms (Amazon CloudFront, Sec. 2.1: “You must own or have all necessary rights to use any domain name or SSL certificate that you use in conjunction with Amazon CloudFront”). It is also a violation of our Acceptable Use Policy by falsifying the origin of traffic and the unauthorized use of a domain.

    We are happy for you to use AWS Services, but you must comply with our Service Terms. We will immediately suspend your use of CloudFront if you use third party domains without their permission to masquerade as that third party.

    Essentially Signal wanted to use the amazon owned Souq.com as a way to circumvent censorship of their app. Noble and clever, sure. But it's also against Amazon's terms of service. This isn't "We at Amazon love censorship!"

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by takyon on Wednesday May 02 2018, @09:19PM

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday May 02 2018, @09:19PM (#674765) Journal
  • (Score: 2, Touché) by Anonymous Coward on Thursday May 03 2018, @04:58AM (1 child)

    by Anonymous Coward on Thursday May 03 2018, @04:58AM (#674944)

    This isn't "We at Amazon love censorship!"

    Yes it is, they could give permission but decided they like receiving money from oppressive governments much more than freedom.

    • (Score: 2) by EvilSS on Saturday May 05 2018, @12:40AM

      by EvilSS (1456) Subscriber Badge on Saturday May 05 2018, @12:40AM (#675925)
      "Hi, can you hijack your billion dollar e-commerce site to stop the bad people from blocking our app? They might also block your site and maybe all of AWS but it's cool, yea? Don't worry, we will only announce what we are doing on our GitHub so the world knows. I'm sure nothing bad will happen!"