Signal, the encrypted messaging app endorsed by whistleblower Edward Snowden, just received rather significant update. No, we’re not referring to the new stickers and doodling functionality. Those are just a front for the real meat of the update. In almost a similar fashion, Signal now uses a “front”, specifically a domain front utilizing Google.com, in order to circumvent current and future government censorship that would block an app that is reported to be in popular use among activists, advocates, and even dissidents.
This new turn in Signal’s story came after developers Open Whisper Systems got word that their app and website was being blocked in Egypt as well as in UAE. After some investigating, the developers concluded that ISPs were censoring traffic coming to and from Signal since they can’t break through the service’s encryption and spy on its users.
As a counter measure, Signal resorted to a method called “domain fronting”. In a nutshell, it means that censors will only see traffic to and from certain unblocked domains, like Google, Amazon, etc. In truth, part of the destination address is hidden in an encrypted HTTPS portion. If the censor wants to block possible Signal connections, they’d have to block the entire Google domain and services. And even then Signal can switch to another domain front. It will become a game of cat and mouse, and the censor might end up blocking half of the Internet in their country just to block Signal.
That said, it remains to be seen if services and domain name owners like Google will be willing to be part of Signal’s censorship circumvention. If countries like Egypt can’t root out Signal itself, it might end up forcing Google to block it from its end.
Censorship circumvention is currently available only on Android, with an update for iOS on the way. The feature is automatically enabled for Signal users whose phone numbers come from Egypt or UAE. In the future, Signal could include an automatic switch that turns the feature on when users visit countries where censorship is being implemented.
SOURCE: Open Whisper Systems