Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon Threatens to Kick Signal App Off Its Hosting Platform

The recent dust-up with Facebook has made secure communication more popular than ever, but many law enforcement agencies aren’t happy with that prospect. In the US, federal authorities have made their dislike of encrypted communication widely known. In some countries, private messaging services are effectively banned. Signal is one of the most common ways to send encrypted messages, and it may no longer be able to evade those bans. According to the service’s lead developer Moxie Marlinspike, Amazon has threatened to revoke Signal’s hosting if it does not stop using Amazon to circumvent censorship.

Signal, which is available on Android, iOS, and desktop, uses strong end-to-end encryption to ensure no one but the intended recipient of your message can read it. As a result, Signal is currently banned in Egypt, Oman, Qatar, and the United Arab Emirates. It managed to evade that ban for 18 months with the help of Google App Engine. Using Google’s hosting tools, Signal used a technique called “domain fronting” that makes it look like its traffic is coming from a popular domain like Google.com.

Unfortunately, Google made changes to its infrastructure several weeks ago to block domain fronting, but it framed that as a consequence of unrelated upgrades. Although, it came suspiciously soon after a number of policy organizations pressured Google to make domain fronting work in Iran, where it was taking an unusually strict view of US sanctions by blocking all App Engine traffic. When Google did away with Domain Fronting, Signal moved over to Amazon’s CloudFront. The public source code reflected this change, and someone posted the news to Ycombinator.

Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon was made aware of the Ycombinator post, and it was not happy. The notice sent to Signal made it abundantly clear that Amazon did not want third-party services to use Amazon domains to disguise their traffic. It points to the AWS terms and conditions, which could be read to disallow Domain Fronting. Signal disagrees, but that’s hardly the issue. Effectively immediately, Signal can’t use Domain Fronting on CloudFront lest it gets banned. Amazon has also decided to make changes that prevent Domain Fronting entirely.

It’s not hard to see why Google and Amazon would decide to stop allowing this workaround on their platforms. The censoring of apps in other countries is a political issue that does not concern them as US companies. As we learned from the Russian Telegram debacle, when a country gets serious about shutting down an app, it can do so even if that means breaking part of the internet. Marlinspike sees Domain Fronting as no longer viable, so Signal and other apps will need to find another solution.

Continue reading

Sony’s PlayStation 5 Is Now the Fastest-Selling Platform in US History
Sony’s PlayStation 5 Is Now the Fastest-Selling Platform in US History

The PlayStation 5 is now the fastest-selling console in history according to NPD. Video game sales have been sharply higher this year than a year ago.

AMD Roadmap Leak: Major Platform, Graphics Changes Coming in Zen 4
AMD Roadmap Leak: Major Platform, Graphics Changes Coming in Zen 4

Fresh rumors regarding AMD's long-term product roadmap have arisen and they imply some major improvements and changes coming with Zen 4.

Qualcomm Unveils Snapdragon 7c Gen 2 Platform, Windows on ARM Dev Kits
Qualcomm Unveils Snapdragon 7c Gen 2 Platform, Windows on ARM Dev Kits

Qualcomm is updating its Snapdragon 7c and bringing a new dev kit to market for Windows on ARM programmers.

Intel Will Offer SiFive RISC-V CPUs on 7nm, Plans Own Dev Platform
Intel Will Offer SiFive RISC-V CPUs on 7nm, Plans Own Dev Platform

Intel and SiFive are teaming up to make RISC-V platforms more widely available and bring high-performance RISC-V CPUs to 7nm.