Open Whisper Systems — makers of the encrypted chat app Signal — found out that the Egyptian government had blocked access to the app earlier this week. The company has now rolled out an update to Signal that circumvents government censorship through a technique called domain fronting.
Signal is now routing its traffic through Google's CDNs (content delivery networks), so all messages sent on the platform now look like requests to Google services. Essentially, this means that for a country to block access to Signal, they'd also have to switch off connectivity to all of Google's services.
Signal described the process in detail on its blog:
Today's Signal release uses a technique known as domain fronting. Many popular services and CDNs, such as Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly, and Akamai can be used to access Signal in ways that look indistinguishable from other uncensored traffic. The idea is that to block the target traffic, the censor would also have to block those entire services. With enough large scale services acting as domain fronts, disabling Signal starts to look like disabling the internet.With today's release, domain fronting is enabled for Signal users who have a phone number with a country code from Egypt or the UAE. When those users send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.Follow up releases will include detecting censorship and applying circumvention when needed (eg. so that when users with phone numbers from other countries visit places where censorship is being deployed, Signal will work without a VPN for them as well) and expanding the services that domain front for Signal.
In addition to circumventing government censorship, the latest update also includes support for adding doodles, stickers, and text to images. If you're looking for a secure way to communicate on Android, you should take a look at Signal.
