The company recently made a change in its network architecture and now the workaround is not possible, a report in The Verge said.
The change was spotted first by developers at the Tor Project which develops the Tor browser that is used to browse the dark Web.
In an advisory, they said: "On or about 2018-04-13 16:00:00 UTC, domain-fronted requests for *.appspot.com stopped working. It appears to affect fronting to all appspot.com domains, not only ours."
|
|
Google is killing an absolutely critical protection for people in places like Iran, China, and Russia trying to reach uncensored news and chat. That this can slide without any opposition from US policy-makers is the epitaph on the US internet freedom agenda's grave. https://t.co/l5OSg72zQ6
— Edward Snowden (@Snowden) 19 April 2018
In a statement on 21 December 2016, Signal detailed how it had used Google's support for domain-fronting to get around censorship in the United Arab Emirates and Egypt. iTWire contacted Signal to ask what it would do now, but the company is yet to respond.
Wikipedia explains domain-fronting thus: "(It) is a technique that circumvents Internet censorship by hiding the true endpoint of a connection. Working in the application layer, domain-fronting allows a user to connect to a blocked service over HTTPS, while appearing to communicate with an entirely different site.
"The technique works by using different domain names at different layers of communication. The domain name of an innocuous site is used to initialise the connection. This domain name is exposed to the censor in clear-text as part of the DNS request and the TLS Server Name Indication. The domain name of the actual, blocked endpoint is only communicated after the establishment of an encrypted HTTPS connection, in the HTTP Host header, making it invisible to censors. This can be done if the blocked and the innocuous sites are both hosted by the same large provider, such as Google App Engine.
GOOGLE MOTTOS: A HISTORY
— MGK Hockey 1234 (@mightygodking) 28 March 2018
1999: Don't Be Evil
2003: Try Your Hardest To Not Be Evil
2008: Make A Reasonable Effort To Avoid Being Evil
2013: What Is Evil, Really, When You Get Down To It, I Mean Really
2018: *just a series of high-pitched giggles*
"For any given domain name, censors are typically unable to differentiate circumvention traffic from legitimate traffic. As such, they are forced to either allow all traffic to the domain name, including circumvention traffic, or block the domain name entirely, which may result in expensive collateral damage."
Asked why the company had made this change, a Google spokesperson told iTWire: “Domain-fronting has never been a supported feature at Google, but until recently it worked because of a quirk of our software stack.
"We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature.”
According to Google, domain-fronting had never been a supported feature but essentially a workaround. The company claimed that the network change that had been made recently had been planned for about a year
iTWire also asked Google whether this change had anything to do with what appears to be a change in policy at the company that moves away from its initial motto of "Don't be Evil".
Recently, workers at the search giant submitted a letter to senior management to protest against a decision to provide technology to a US Defence Department programme that uses artificial intelligence to interpret video images and assist in targeting enemies in drone strikes.
Google announced recently that it would be providing help to Project Maven, a joint effort with the Pentagon, which uses video imagery in counter-insurgency and counter-terrorism missions. The project aims to develop artificial intelligence to analyse drone footage and identify objects within it
The company denied this was the case, saying that the removal of the domain-fronting feature had nothing to do with Project Maven.
