Friday, 20 April 2018 05:10

Google removes feature that helps avoid Net censorship Featured


Google has thrown a spanner into the works of developers who have been using domain-fronting in the Google App Engine to avoid Internet censorship by using Google's network.

The company recently made a change in its network architecture and now the workaround is not possible, a report in The Verge said.

The change was spotted first by developers at the Tor Project which develops the Tor browser that is used to browse the dark Web.

In an advisory, they said: "On or about 2018-04-13 16:00:00 UTC, domain-fronted requests for * stopped working. It appears to affect fronting to all domains, not only ours."

Also affected by the Google decision to remove the ability to use domain-fronting are the privacy-focused messaging app Signal, and Psiphon's VPN services, all of which help users to avoid censorship by nation states.

In a statement on 21 December 2016, Signal detailed how it had used Google's support for domain-fronting to get around censorship in the United Arab Emirates and Egypt. iTWire contacted Signal to ask what it would do now, but the company is yet to respond.

Wikipedia explains domain-fronting thus: "(It) is a technique that circumvents Internet censorship by hiding the true endpoint of a connection. Working in the application layer, domain-fronting allows a user to connect to a blocked service over HTTPS, while appearing to communicate with an entirely different site.

"The technique works by using different domain names at different layers of communication. The domain name of an innocuous site is used to initialise the connection. This domain name is exposed to the censor in clear-text as part of the DNS request and the TLS Server Name Indication. The domain name of the actual, blocked endpoint is only communicated after the establishment of an encrypted HTTPS connection, in the HTTP Host header, making it invisible to censors. This can be done if the blocked and the innocuous sites are both hosted by the same large provider, such as Google App Engine.

"For any given domain name, censors are typically unable to differentiate circumvention traffic from legitimate traffic. As such, they are forced to either allow all traffic to the domain name, including circumvention traffic, or block the domain name entirely, which may result in expensive collateral damage."

Asked why the company had made this change, a Google spokesperson told iTWire: “Domain-fronting has never been a supported feature at Google, but until recently it worked because of a quirk of our software stack.

"We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature.”

According to Google, domain-fronting had never been a supported feature but essentially a workaround. The company claimed that the network change that had been made recently had been planned for about a year

iTWire also asked Google whether this change had anything to do with what appears to be a change in policy at the company that moves away from its initial motto of "Don't be Evil".

Recently, workers at the search giant submitted a letter to senior management to protest against a decision to provide technology to a US Defence Department programme that uses artificial intelligence to interpret video images and assist in targeting enemies in drone strikes.

Google announced recently that it would be providing help to Project Maven, a joint effort with the Pentagon, which uses video imagery in counter-insurgency and counter-terrorism missions. The project aims to develop artificial intelligence to analyse drone footage and identify objects within it

The company denied this was the case, saying that the removal of the domain-fronting feature had nothing to do with Project Maven.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments