Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon Threatens to Kick Signal App Off Its Hosting Platform

The recent dust-up with Facebook has made secure communication more popular than ever, but many law enforcement agencies aren’t happy with that prospect. In the US, federal authorities have made their dislike of encrypted communication widely known. In some countries, private messaging services are effectively banned. Signal is one of the most common ways to send encrypted messages, and it may no longer be able to evade those bans. According to the service’s lead developer Moxie Marlinspike, Amazon has threatened to revoke Signal’s hosting if it does not stop using Amazon to circumvent censorship.

Signal, which is available on Android, iOS, and desktop, uses strong end-to-end encryption to ensure no one but the intended recipient of your message can read it. As a result, Signal is currently banned in Egypt, Oman, Qatar, and the United Arab Emirates. It managed to evade that ban for 18 months with the help of Google App Engine. Using Google’s hosting tools, Signal used a technique called “domain fronting” that makes it look like its traffic is coming from a popular domain like Google.com.

Unfortunately, Google made changes to its infrastructure several weeks ago to block domain fronting, but it framed that as a consequence of unrelated upgrades. Although, it came suspiciously soon after a number of policy organizations pressured Google to make domain fronting work in Iran, where it was taking an unusually strict view of US sanctions by blocking all App Engine traffic. When Google did away with Domain Fronting, Signal moved over to Amazon’s CloudFront. The public source code reflected this change, and someone posted the news to Ycombinator.

Amazon Threatens to Kick Signal App Off Its Hosting Platform

Amazon was made aware of the Ycombinator post, and it was not happy. The notice sent to Signal made it abundantly clear that Amazon did not want third-party services to use Amazon domains to disguise their traffic. It points to the AWS terms and conditions, which could be read to disallow Domain Fronting. Signal disagrees, but that’s hardly the issue. Effectively immediately, Signal can’t use Domain Fronting on CloudFront lest it gets banned. Amazon has also decided to make changes that prevent Domain Fronting entirely.

It’s not hard to see why Google and Amazon would decide to stop allowing this workaround on their platforms. The censoring of apps in other countries is a political issue that does not concern them as US companies. As we learned from the Russian Telegram debacle, when a country gets serious about shutting down an app, it can do so even if that means breaking part of the internet. Marlinspike sees Domain Fronting as no longer viable, so Signal and other apps will need to find another solution.

Continue reading

Amazon’s Automated Grocery Store Opens to the Public
Amazon’s Automated Grocery Store Opens to the Public

The cashier-free store has been in beta for the last few years, but Amazon now says its automated technology is ready for primetime.

New Jupiter Images From Juno Probe Reveal Amazing Detail
New Jupiter Images From Juno Probe Reveal Amazing Detail

In a pair of recently released images, you can see an unprecedented amount of detail in Jupiter's clouds, and they were both created by citizen scientists.

How Amazon Could Succeed in Overturning the Old Healthcare Model
How Amazon Could Succeed in Overturning the Old Healthcare Model

We round up some of the usual suspects from the health tech industry and look at how they're likely to play a role in the Bezos-Buffet-Dimon healthcare model.

How to Create Amazing Videos With Your Drone
How to Create Amazing Videos With Your Drone

While your drone can create some great video out of the box, with a little work you can upgrade it and get pro-quality results.