Friday, 20 April 2018 05:10

Google removes feature that helps avoid Net censorship Featured


Google has thrown a spanner into the works of developers who have been using domain-fronting in the Google App Engine to avoid Internet censorship by using Google's network.

The company recently made a change in its network architecture and now the workaround is not possible, a report in The Verge said.

The change was spotted first by developers at the Tor Project which develops the Tor browser that is used to browse the dark Web.

In an advisory, they said: "On or about 2018-04-13 16:00:00 UTC, domain-fronted requests for * stopped working. It appears to affect fronting to all domains, not only ours."

Also affected by the Google decision to remove the ability to use domain-fronting are the privacy-focused messaging app Signal, and Psiphon's VPN services, all of which help users to avoid censorship by nation states.

In a statement on 21 December 2016, Signal detailed how it had used Google's support for domain-fronting to get around censorship in the United Arab Emirates and Egypt. iTWire contacted Signal to ask what it would do now, but the company is yet to respond.

Wikipedia explains domain-fronting thus: "(It) is a technique that circumvents Internet censorship by hiding the true endpoint of a connection. Working in the application layer, domain-fronting allows a user to connect to a blocked service over HTTPS, while appearing to communicate with an entirely different site.

"The technique works by using different domain names at different layers of communication. The domain name of an innocuous site is used to initialise the connection. This domain name is exposed to the censor in clear-text as part of the DNS request and the TLS Server Name Indication. The domain name of the actual, blocked endpoint is only communicated after the establishment of an encrypted HTTPS connection, in the HTTP Host header, making it invisible to censors. This can be done if the blocked and the innocuous sites are both hosted by the same large provider, such as Google App Engine.

"For any given domain name, censors are typically unable to differentiate circumvention traffic from legitimate traffic. As such, they are forced to either allow all traffic to the domain name, including circumvention traffic, or block the domain name entirely, which may result in expensive collateral damage."

Asked why the company had made this change, a Google spokesperson told iTWire: “Domain-fronting has never been a supported feature at Google, but until recently it worked because of a quirk of our software stack.

"We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature.”

According to Google, domain-fronting had never been a supported feature but essentially a workaround. The company claimed that the network change that had been made recently had been planned for about a year

iTWire also asked Google whether this change had anything to do with what appears to be a change in policy at the company that moves away from its initial motto of "Don't be Evil".

Recently, workers at the search giant submitted a letter to senior management to protest against a decision to provide technology to a US Defence Department programme that uses artificial intelligence to interpret video images and assist in targeting enemies in drone strikes.

Google announced recently that it would be providing help to Project Maven, a joint effort with the Pentagon, which uses video imagery in counter-insurgency and counter-terrorism missions. The project aims to develop artificial intelligence to analyse drone footage and identify objects within it

The company denied this was the case, saying that the removal of the domain-fronting feature had nothing to do with Project Maven.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments