SoylentNews

AnonTechie [soylentnews.org] writes:

Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts. Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.

The solution from Signal's developers was to implement a censorship-circumvention technique known as domain fronting that was described in a 2015 paper [PDF] [icir.org] by researchers from University of California, Berkeley, the Brave New Software project and Psiphon.

The technique involves sending requests to a "front domain" and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.

http://www.computerworld.com/article/3153059/security/encrypted-messaging-app-signal-uses-google-to-bypass-censorship.html [computerworld.com]

Original Submission