Signal loses anti-censorship tool as Amazon blocks domain fronting

Amazon has sent Open Whisper Systems an email threatening to terminate its CloudFront services if it continues using the Amazon URL as a “domain front”.

Open Whisper Systems developed the security system Signal Protocol, used by WhatsApp to offer end-to-end encryption on the platform.

It also has its own secure messaging app called Signal.

The company used domain fronting through the Google App Engine for the past year and a half.

This was to circumvent governments attempts to block the app in countries like Egypt and the United Arab Emirates.

Domain fronting involves making the initial Transport Layer Security (TLS) handshake appear as though it is from a domain which censors can’t easily block, like those operated by Google or Amazon.

Due to a policy change within Google, Open Whisper Systems switched to using Amazon’s CloudFront service.

Open Whisper Systems said its CloudFront distribution isn’t using the SSL certificate of any domain but its own, and it is not falsifying the origin of traffic when clients connect to CloudFront.

This now means censors may be able to block Signal from working.

Now read: Signal desktop app launched

Latest news

Partner Content

Show comments


Share this article
Signal loses anti-censorship tool as Amazon blocks domain fronting