Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon Threatens to Kick Signal App Off Its Hosting Platform

The recent dust-up with Facebook has made secure communication more popular than ever, but many law enforcement agencies aren’t happy with that prospect. In the US, federal authorities have made their dislike of encrypted communication widely known. In some countries, private messaging services are effectively banned. Signal is one of the most common ways to send encrypted messages, and it may no longer be able to evade those bans. According to the service’s lead developer Moxie Marlinspike, Amazon has threatened to revoke Signal’s hosting if it does not stop using Amazon to circumvent censorship.

Signal, which is available on Android, iOS, and desktop, uses strong end-to-end encryption to ensure no one but the intended recipient of your message can read it. As a result, Signal is currently banned in Egypt, Oman, Qatar, and the United Arab Emirates. It managed to evade that ban for 18 months with the help of Google App Engine. Using Google’s hosting tools, Signal used a technique called “domain fronting” that makes it look like its traffic is coming from a popular domain like Google.com.

Unfortunately, Google made changes to its infrastructure several weeks ago to block domain fronting, but it framed that as a consequence of unrelated upgrades. Although, it came suspiciously soon after a number of policy organizations pressured Google to make domain fronting work in Iran, where it was taking an unusually strict view of US sanctions by blocking all App Engine traffic. When Google did away with Domain Fronting, Signal moved over to Amazon’s CloudFront. The public source code reflected this change, and someone posted the news to Ycombinator.

Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon was made aware of the Ycombinator post, and it was not happy. The notice sent to Signal made it abundantly clear that Amazon did not want third-party services to use Amazon domains to disguise their traffic. It points to the AWS terms and conditions, which could be read to disallow Domain Fronting. Signal disagrees, but that’s hardly the issue. Effectively immediately, Signal can’t use Domain Fronting on CloudFront lest it gets banned. Amazon has also decided to make changes that prevent Domain Fronting entirely.

It’s not hard to see why Google and Amazon would decide to stop allowing this workaround on their platforms. The censoring of apps in other countries is a political issue that does not concern them as US companies. As we learned from the Russian Telegram debacle, when a country gets serious about shutting down an app, it can do so even if that means breaking part of the internet. Marlinspike sees Domain Fronting as no longer viable, so Signal and other apps will need to find another solution.

Continue reading

Why Apple’s M1 Chip Threatens Intel and AMD
Why Apple’s M1 Chip Threatens Intel and AMD

Intel's own history suggests it and AMD should take Apple's new M1 SoC very seriously.

Star Citizen Devs Angry, Forced to Work Through Life-Threatening Texas Storm
Star Citizen Devs Angry, Forced to Work Through Life-Threatening Texas Storm

Multiple Cloud Imperium Games employees have spoken out against their employer over how they were treated during the 2021 Texas snowstorm.

Meta Threatens to Pull Instagram and Facebook Out of Europe Over Data Sharing Ruling
Meta Threatens to Pull Instagram and Facebook Out of Europe Over Data Sharing Ruling

Meta has told the EU if it can't do ad targeting, it might as well just call it a day.

Russia Threatens to Fine Wikipedia For ‘False Information’
Russia Threatens to Fine Wikipedia For ‘False Information’

The threat constitutes a new attempt to maintain control of the information reaching Russian citizens.