Google’s App Engine No Longer Allows Domain Fronting, Creating a Huge Problem for Anti-Censorship Tools

Author Photo
Apr 19, 2018
16Shares
Submit

After the latest update on Google’s App Engine, developers won’t be able to use Google to get around internet censorship anymore. Previously, developers could use a process known as ‘domain fronting’, which allowed developers to use Google as a proxy, forwarding traffic to their servers through a Google.com domain. It works similar to a VPN, with the data appearing to originate from a different location than it actually is.

Domain Fronting was never officially supported by Google, but often used by developers who sought to evade state-level censorship, which might try to block all the traffic sent to a given service. All requests from the affected region would appear as Google.com traffic. It makes it so that the traffic from an otherwise banned site merges with regular internet traffic, making it impossible for monitors to differentiate between the two. Additionally, Google’s encryption prevented censors from getting their hands on any information, should a page get flagged.

screen-shot-2018-09-21-at-8-06-35-pmRelated Google Pixel 3 & Pixel 3 XL Might Get A Brand New Accessory And Photos App Update

Services such as Signal Messenger to be affected the most

Domain Fronting was used fairly often and got into the limelight in 2016 when it was widely publicized by the Signal messaging app, which sought to allow users in Egypt and UAE to use the service. It has also been used for malicious purposes, with a report stating that Russian hackers had been using it to smuggle information off of targets for two years, before getting caught. A TOR-based domain front service exists to date, which is regularly used by hackers.

With the latest change in Google’s architecture, Domain Fronting no longer works. Once the change is in effect, services such as Signal, GreatFire.org and Psiphon’s VPN could be affected. The Google App engine no longer redirects traffic through Google domains, which is why Domain Fronting won’t be possible anymore.

Domain Fronting is a double-edged sword. It has legitimate uses for people living under oppressive regimes. Google’s Domain Fronting has allowed millions of users to enjoy an open, censorship-free internet experience and privacy groups are asking Google to reconsider their move.

Source: The Verge

Submit