Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon Threatens to Kick Signal App Off Its Hosting Platform

The recent dust-up with Facebook has made secure communication more popular than ever, but many law enforcement agencies aren’t happy with that prospect. In the US, federal authorities have made their dislike of encrypted communication widely known. In some countries, private messaging services are effectively banned. Signal is one of the most common ways to send encrypted messages, and it may no longer be able to evade those bans. According to the service’s lead developer Moxie Marlinspike, Amazon has threatened to revoke Signal’s hosting if it does not stop using Amazon to circumvent censorship.

Signal, which is available on Android, iOS, and desktop, uses strong end-to-end encryption to ensure no one but the intended recipient of your message can read it. As a result, Signal is currently banned in Egypt, Oman, Qatar, and the United Arab Emirates. It managed to evade that ban for 18 months with the help of Google App Engine. Using Google’s hosting tools, Signal used a technique called “domain fronting” that makes it look like its traffic is coming from a popular domain like Google.com.

Unfortunately, Google made changes to its infrastructure several weeks ago to block domain fronting, but it framed that as a consequence of unrelated upgrades. Although, it came suspiciously soon after a number of policy organizations pressured Google to make domain fronting work in Iran, where it was taking an unusually strict view of US sanctions by blocking all App Engine traffic. When Google did away with Domain Fronting, Signal moved over to Amazon’s CloudFront. The public source code reflected this change, and someone posted the news to Ycombinator.

Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon was made aware of the Ycombinator post, and it was not happy. The notice sent to Signal made it abundantly clear that Amazon did not want third-party services to use Amazon domains to disguise their traffic. It points to the AWS terms and conditions, which could be read to disallow Domain Fronting. Signal disagrees, but that’s hardly the issue. Effectively immediately, Signal can’t use Domain Fronting on CloudFront lest it gets banned. Amazon has also decided to make changes that prevent Domain Fronting entirely.

It’s not hard to see why Google and Amazon would decide to stop allowing this workaround on their platforms. The censoring of apps in other countries is a political issue that does not concern them as US companies. As we learned from the Russian Telegram debacle, when a country gets serious about shutting down an app, it can do so even if that means breaking part of the internet. Marlinspike sees Domain Fronting as no longer viable, so Signal and other apps will need to find another solution.

Continue reading

FCC Chairman Ajit Pai Will Resign on January 20th
FCC Chairman Ajit Pai Will Resign on January 20th

The federal government has started to adjust to the reality of Joe Biden's inauguration as the 46th President on January 20th. A lot of things are going to change that day, including the leadership of the Federal Communications Commission (FCC).

New MIT AI Designs Robots On Its Own
New MIT AI Designs Robots On Its Own

The team believes RoboGrammar could point researchers in new directions, leading to more efficient and inventive designs.

Leak Shows Off Samsung’s Redesigned Galaxy S21 Family
Leak Shows Off Samsung’s Redesigned Galaxy S21 Family

Based on some new teaser videos, you can look forward to a whole bunch of cameras.

Astronomers Spot Potentially Artificial Radio Signal From Nearby Star
Astronomers Spot Potentially Artificial Radio Signal From Nearby Star

We don't yet know what this signal is, but there's a (very) small chance it could have alien origins.