Friday, 20 April 2018 05:10

Google removes feature that helps avoid Net censorship Featured

By

Google has thrown a spanner into the works of developers who have been using domain-fronting in the Google App Engine to avoid Internet censorship by using Google's network.

The company recently made a change in its network architecture and now the workaround is not possible, a report in The Verge said.

The change was spotted first by developers at the Tor Project which develops the Tor browser that is used to browse the dark Web.

In an advisory, they said: "On or about 2018-04-13 16:00:00 UTC, domain-fronted requests for *.appspot.com stopped working. It appears to affect fronting to all appspot.com domains, not only ours."

Also affected by the Google decision to remove the ability to use domain-fronting are the privacy-focused messaging app Signal, GreatFire.org and Psiphon's VPN services, all of which help users to avoid censorship by nation states.

In a statement on 21 December 2016, Signal detailed how it had used Google's support for domain-fronting to get around censorship in the United Arab Emirates and Egypt. iTWire contacted Signal to ask what it would do now, but the company is yet to respond.

Wikipedia explains domain-fronting thus: "(It) is a technique that circumvents Internet censorship by hiding the true endpoint of a connection. Working in the application layer, domain-fronting allows a user to connect to a blocked service over HTTPS, while appearing to communicate with an entirely different site.

"The technique works by using different domain names at different layers of communication. The domain name of an innocuous site is used to initialise the connection. This domain name is exposed to the censor in clear-text as part of the DNS request and the TLS Server Name Indication. The domain name of the actual, blocked endpoint is only communicated after the establishment of an encrypted HTTPS connection, in the HTTP Host header, making it invisible to censors. This can be done if the blocked and the innocuous sites are both hosted by the same large provider, such as Google App Engine.

"For any given domain name, censors are typically unable to differentiate circumvention traffic from legitimate traffic. As such, they are forced to either allow all traffic to the domain name, including circumvention traffic, or block the domain name entirely, which may result in expensive collateral damage."

Asked why the company had made this change, a Google spokesperson told iTWire: “Domain-fronting has never been a supported feature at Google, but until recently it worked because of a quirk of our software stack.

"We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature.”

According to Google, domain-fronting had never been a supported feature but essentially a workaround. The company claimed that the network change that had been made recently had been planned for about a year

iTWire also asked Google whether this change had anything to do with what appears to be a change in policy at the company that moves away from its initial motto of "Don't be Evil".

Recently, workers at the search giant submitted a letter to senior management to protest against a decision to provide technology to a US Defence Department programme that uses artificial intelligence to interpret video images and assist in targeting enemies in drone strikes.

Google announced recently that it would be providing help to Project Maven, a joint effort with the Pentagon, which uses video imagery in counter-insurgency and counter-terrorism missions. The project aims to develop artificial intelligence to analyse drone footage and identify objects within it

The company denied this was the case, saying that the removal of the domain-fronting feature had nothing to do with Project Maven.

Read 2668 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

ENABLING MICROSOFT TEAMS IN THE CONTACT CENTRE

If you're looking at enabling Microsoft Teams for your contact centre, you should bookmark this webinar.

Marketing budgets are now focused on Webinars combined with Lead Generation.

Our panellists from Whangarei District Council (NZ) and Maurice Blackburn Lawyers (Aus) were closely involved in recent projects to enable Microsoft Teams for their own contact centres.

They have kindly agreed to join Enghouse and Microsoft to talk about some of the things they would recommend as most critical for IT and CX professionals planning a Teams Contact Centre migration.

Date: 11 May 2022
Time: 12pm AEST | 2pm NZST | 10am SGT

We look forward to having you join us. Please click the button below to register.

REGISTER HERE!

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments