l Encrypted messaging app Signal uses Google to bypass censorship
itMYti.com < New IT WebNews
Category: news    |    Added: 2016-12-23 05:55:05    |    View: 145

The app routes requests through Google's servers to make it harder for governments to block them

The Signal app uses domain fronting to evade censorship attempts.
Credit: Peter Sayer
"; adDivString = "
" + adString + "
"; IDG.GPT.defineGoogleTagSlot(slotName ,[[320,50],[300,250],[300,50]]); } placementDiff = applyInsert($(this), adDivString); if (DEBUG) { console.log("Just placed an ad and the placementDiff is: " + placementDiff); } placementTarget = cumulativeHeight + placementDiff + INTERMODULE_HEIGHT + AD_HEIGHT_BUFFER; } else if (moduleCounter < articleDRRModuleList.length){ var elementId = "drr-mod-"+moduleCounter; var moduleDivString = "
"; modules.push(elementId); placementDiff = applyInsert($(this), moduleDivString); if (DEBUG) { console.log("Just placed a module and the placementDiff is: " + placementDiff); } placementTarget = cumulativeHeight + placementDiff + INTERMODULE_HEIGHT + MODULE_HEIGHT_BUFFER; moduleCounter++; } loopCounter++; } // Avoid placing elements too soon due to non-large figures inflating the cumulative height if ($(this).is("figure") && !$(this).is("figure.large")) { cumulativeHeight += GRAF_HEIGHT; } else { cumulativeHeight += $(this).height() + GRAF_HEIGHT; } } }); // end $("#drr-container").children().each() // clone Related Stories module to come in after eighth para in article body for mobile breakpoint display var $relatedStories = $('.related-promo-wrapper'); if ($relatedStories.length) { var $relatedStoriesClone = $relatedStories.clone(); $relatedStoriesClone.insertAfter( "#drr-container > p:eq(7)"); } // For mobile only, place ad after second paragraph. if (firstMobileAdHtml) { $(firstMobileAdHtml).insertAfter("#drr-container > p:eq(1)"); } var $insiderPromo = $('.insider-promo-wrapper'); if ($insiderPromo.length) { var $insiderPromoClone = $insiderPromo.clone(); $insiderPromoClone.insertAfter( "#drr-container > p:eq(1)"); } IDG.GPT.trackOmniture(); // Add Right rail module content var placeModule = function( data ) { var placementId = $(data).attr("data-placement-id"); $( "#"+placementId ).html( data ); }; for (i=0; i" + adString + "
"; } /** * @param jqo Original jquery object target * @param divString The div to be inserted. * @return Difference in height between original placement target and final target. * Checks first 6 elements for an allowable placement (600 pixel window). * If none, place element in first location that does not follow a reject element. */ function applyInsert(jqo, divString) { if (DEBUG) { console.log("applyInsert at top and jqo index is: " + jqo.index()); } for (var i=0; i<=6; i++) { $thisElement = jqo.nextAll().andSelf().slice(i, i+1); if (DEBUG) { console.log("Checking first six and i is: " + i + " and this element index is " + $thisElement.index() ); } if ($thisElement.index() < 0) { break; } if (allowPlacement($thisElement)) { return addElement(jqo, $thisElement, divString); } } if (DEBUG) { console.log("No nearby allows so just place in first spot that is not after reject."); } var numElements = jqo.nextAll().length; var startIndex = jqo.index(); for (var i=startIndex; i<=numElements; i++) { var $element = $("#drr-container").children().eq(i); // This element is eligible when not null, not in placement index, and previous element is not reject if ($element != null && (placementIndex == null || placementIndex.indexOf(i) == -1) && !isReject($element.prev())) { return addElement(jqo, $element, divString); } } if (DEBUG) { console.log("Not going to place element: return 0."); } return 0; } /** * @param jqo Original jquery object * @param allowElement Element that is good placement for module/ad * @param divString The div to be inserted before the good element * @return placementHeightDiff Diff in height between original placement target and current target. * * If element is not too close to the end the insert the div before allowable element. * Add element index to placementIndex to keep track of which elements already have placements */ function addElement(jqo, allowElement, divString) { var offset = allowElement.index() - jqo.index(); if (DEBUG) { console.log("addElement: jqo index is " + jqo.index() + " allowElement index is " + allowElement.index()); } if (elementNotNearEnd(allowElement, RIGHT_PIXEL_WINDOW)) { allowElement.before(divString); if (DEBUG) { console.log("addElement: Adding " + allowElement.index() + " to placementIndex."); } placementIndex.push(allowElement.index()); if (offset == 0) { return 0; } else { return getHeightDifference(jqo,allowElement); } } else { if (DEBUG) { console.log("addElement: Near the end so do NOT add."); } return 0; } } function getHeightDifference(jqo,allowElement) { var offset = allowElement.index() - jqo.index(), height = 0, children = null; if (offset > 0) { children = $("#drr-container").children().slice(jqo.index(), allowElement.index()); } else { children = $("#drr-container").children().slice(allowElement.index(), jqo.index()); } if (children != null) { children.each(function(i) { if (DEBUG) { console.log("About to add this element's height to heigh diff offset"); console.log($(this)); } height += $(this).height() + GRAF_HEIGHT; }); } if (offset < 0) { height *= -1; } if (DEBUG) { console.log("getHeightDifference: offset was " + offset + " and height diff is : " + height); } return height; } function allowPlacement(jqo) { if (jqo.prev() != null && isReject(jqo.prev())) { return false; } return true; } function isReject(jqo) { if (jqo != null) { if (jqo.is('h2') || jqo.is('h3') || jqo.is('h4') || jqo.is('h5')) { if (DEBUG) { console.log("isReject: found header"); } return true; } } return false; } // Returns true if height of all elements after this one is more than 500; false otherwise function elementNotNearEnd(element, pixelWindow) { if (pixelWindow === null) { pixelWindow = 500; } if (element === null) { return false; } var remainingHeight = 0, children = $("#drr-container").children().slice(element.index()); if (children === null) { return false; } children.each(function(i){ remainingHeight += $(this).height(); }); if ( remainingHeight > pixelWindow) { return true; } else { if (DEBUG) { console.log("Element too close to end. Remaining height is: " + remainingHeight + " and window is " + pixelWindow); } return false; } } } // end function executeDRRMobile() function executeDRRDesktop() { var heroImgHeight = $('figure.hero-img').outerHeight(true); if (heroImgHeight === null) { heroImgHeight = 0; } var galleryItemHeight = $('figure.thm-gallery').outerHeight(true); if (galleryItemHeight === null) { galleryItemHeight = 0; } var atAglanceTop = $('.at-a-glance.top').height(); if (atAglanceTop === null) { atAglanceTop = 0; } var drrContainerHeight = $('div#drr-container').outerHeight(true); var topIMUheight = $('#topimu').height(); if (topIMUheight === 0) { topIMUheight = 600; } var relatedPromoHeight = $('div.related-promo-wrapper').outerHeight(true); if (relatedPromoHeight === null) { relatedPromoHeight = 0; } var videoHowtoHeight = $('div#video-howto-wrapper').outerHeight(true); if (videoHowtoHeight === null) { videoHowtoHeight = 0; } var teadsInreadHeight = $('div.teads-inread').height(); if (teadsInreadHeight === null) { teadsInreadHeight = 0; } var unrulyAdHeight = $('.unruly_in_article_placement').height(); if (unrulyAdHeight === null) { unrulyAdHeight = 0; } //just in case the in article ads are picked up... var collapsibleAdHeight = unrulyAdHeight + teadsInreadHeight; var workingRRheight = ( (heroImgHeight + galleryItemHeight + atAglanceTop + drrContainerHeight) - (topIMUheight + relatedPromoHeight + videoHowtoHeight) ); workingRRheight = workingRRheight - collapsibleAdHeight; var DEBUG = false; if (DEBUG) { console.log('-----working RR height = ' + workingRRheight); } var articleDRRModuleList = ["dealposts","products.latest-reviews"], moduleUrls = [], modules = [], moduleCounter = 0, loopCounter = 0; var adPositions = new Array(0,1,3); // IMU, IMU, module, IMU, module if (false) { var dealpostsIdx = articleDRRModuleList.indexOf("dealposts"); if (dealpostsIdx > -1) { articleDRRModuleList.splice(dealpostsIdx, 1); adPositions = [0, 1, 2]; } } for (var i=0; i 650) { numItems = 1; } if (workingRRheight > 1350) { numItems = 2; } if (workingRRheight > 2300) { numItems = 3; } if (workingRRheight > 2950) { numItems = 4; } if (workingRRheight > 3650) { numItems = 5; } for (var currIndex=0;currIndex
"; adDivString = "
" + adString + "
"; IDG.GPT.defineGoogleTagSlot(slotName ,[[320,50],[300,250],[300,50]]); } //$('#drr-container > p').first().before(adDivString); //$('#drr-top-ad').append(adDivString); $(adDivString).appendTo('#drr-top-ad'); if (DEBUG) { console.log("-----Just placed an AD currIndex = " + currIndex); } } else if (moduleCounter < articleDRRModuleList.length){ var elementId = "drr-mod-"+moduleCounter; var moduleDivString = "
"; modules.push(elementId); //$('#drr-container > p').first().before(moduleDivString); $('#drr-top-ad').append(moduleDivString); if (DEBUG) { console.log("-----Just placed a MODULE and currIndex = " + currIndex); } moduleCounter++; } } //end for loop IDG.GPT.trackOmniture(); // Add Right rail module content var placeModule = function( data ) { var placementId = $(data).attr("data-placement-id"); $( "#"+placementId ).html( data ); }; for (i=0; i" + adString + "
"; } } // end function executeDRRDesktop()

Developers of the popular Signal secure messaging app have started to use Google’s domain as a front to hide traffic to their service and to sidestep blocking attempts.

Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.

Open Whisper Systems, the company that develops Signal—a free, open-source app—faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple’s FaceTime and other voice-over-IP apps were also being blocked.

The solution from Signal’s developers was to implement a censorship circumvention technique known as domain fronting that was described in a 2015 paper by researchers from University of California, Berkeley, the Brave New Software project and Psiphon.

The technique involves sending requests to a “front domain” and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.

“In an HTTPS request, the destination domain name appears in three relevant places: in the DNS query, in the TLS Server Name Indication (SNI) extension and in the HTTP Host header,” the researchers said in their paper. “Ordinarily, the same domain name appears in all three places. In a domain-fronted request, however, the DNS query and SNI carry one name (the “front domain”), while the HTTP Host header, hidden from the censor by HTTPS encryption, carries another (the covert, forbidden destination).”

Their research revealed that many cloud service providers and content delivery networks allow HTTP host header redirection, including Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly and Akamai. However, most of them only allow it for domains that belong to their customers, so one must become a customer in order to use this technique.

Google, for example, allows redirection through the HTTP host header from google.com to appspot.com. This domain is used by Google App Engine, a service that allows users to create and host web applications on Google’s cloud platform.

This means that someone can create a simple reflector script, host it on Google App Engine and then use the HTTP host header trick to hide its location from censors. Someone monitoring user traffic will only see HTTPS requests going to www.google.com, but those requests will reach the reflector script on Google App Engine and will be forwarded to a hidden destination.

“With today’s release, domain fronting is enabled for Signal users who have a phone number with a country code from Egypt or the UAE,” Open Whisper Systems founder Moxie Marlinspike said Wednesday in a blog post. “When those users send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.”

Even if the censors decide to ban Google, the domain fronting implementation can be expanded to use other large-scale services as domain fronts. If this happens, enforcing a ban on Signal would be the equivalent of blocking a very large portion of the internet.

The anti-censorship feature is currently present in the latest version of Signal for Android. It’s also included in a beta version of the app for iOS that will be released in production soon.

The developers also plan future improvements that will allow the app to detect censorship automatically and switch to domain fronting even if the user has a phone number from a country where censorship is not normally present. This is intended to cover those cases where users travel to other countries where the app is blocked.

Signal is considered by security experts as one of the most secure messaging services around. It’s open-source end-to-end encryption protocol has also been adopted by other popular chat apps like Facebook Messenger and WhatsApp.

While the communication between users is encrypted end-to-end, the Signal app uses servers for contact discovery and these can be blocked by censors to prevent users from using the app.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.
source: Pcworld

Category: news    |    42 minutes ago    |    View: 7

Last week, XDA-Developers discovered lines of code within Android Q’s first beta that referenced the budget handsets’ names: Pixel 3a and Pixel 3a XL. Now, 9to5Google, which cites a source familiar with the phones, says it has confirmed that these&hellip;

Category: news    |    2 hours ago    |    View: 47

Microsoft has some exciting news to share from GDC 2019 that will improve gaming performance. In DirectX 12, Microsoft is introducing Variable Rate Shading. The new API allows for more effective use of GPU resources so that high detail areas&hellip;

Category: news    |    3 hours ago    |    View: 3

The $500 million Aurora supercomputer will be powered by Intel’s future Xeon Scalable processor— Intel Xᵉ—alongside Optane DC memory, the X compute architecture, and Intel's ONE API suite of developer tools. Cray will be providing its Shasta system architecture, which&hellip;

Category: news    |    4 hours ago    |    View: 18

Nvidia used the Game Developer Conference to reveal that April’s GeForce driver update will add basic ray tracing support to cards ranging from the 6GB GTX 1060 and above. This includes the recent GTX 1660 and 1660 Ti, as well&hellip;

Category: review    |    4 hours ago    |    View: 0

Following our coverage into Nvidia's laptop RTX GPUs, today we're reviewing the top-end RTX 2080 Max-Q. As an "RTX 2080" Turing part, this GPU comes with 2944 CUDA cores, 368 Tensor cores and 46 ray tracing cores. But that's where the similarities between the RTX 2080 Max-Q and the desktop RTX 2080 end.

Category: news    |    5 hours ago    |    View: 35

The first reports that Google might be another company looking to develop a 'Netflix for video games' arrived last February. We later heard that it was developing some sort of hardware linked to its streaming service, and October saw the&hellip;

Category: news    |    15 hours ago    |    View: 96

With that in mind, it will probably come as no surprise to learn that game engine maker Unity is following in competitor Unreal's footsteps today by baking support for Nvidia's RTX technology into its popular engine.

Category: news    |    16 hours ago    |    View: 0

The short test fight made Moses the first woman to fly to space on a commercial craft. It also made her the 571st human to travel to space and earned her qualification for her commercial astronaut wings from the FAA.

Category: news    |    17 hours ago    |    View: 1

Given that they boast user numbers in the tens of millions and yearly revenues far beyond that, it's tough to deny the influence of websites like Facebook and Twitter.

Category: news    |    18 hours ago    |    View: 4

Logitech sells some of the most popular gaming peripherals out there, as we've outlined multiple times in the past. Unfortunately, that can come with a few drawbacks from time to time.




Download Latest PC Softwares

Category:     |    Added: 52 minutes ago    |    View: 0
Wondershare Dr.Fone Toolkit for iOS / Android Download - downloadwise.com

Wondershare Dr.Fone Toolkit for iOS / Android Download. It is full offline installer standalone setup of Wondershare Dr.Fone v9.9.5.38.

Wondershare Dr.Fone iOS is an efficient application that has been developed for recovering the lost data from your iPhone, iPad and iPod touch devices. Retrieving the lost data is very simple and with just few mouse clicks you can perform the tasks easily. You can also download Wondershare Dr.Fone for Android.

Category:     |    Added: 52 minutes ago    |    View: 0
Windows 10 Enterprise LTSC 2019 x64 Multi Language 2019 Download - downloadwise.com

Windows 10 Enterprise LTSC 2019 x64 Multi Language 2019 Download Latest OEM RTM version. Full Bootable ISO Image of Windows 10 Enterprise.

Windows Operating System, the most widely used OS all over the globe was intiated in the mid-80s . With it’s user friendly nature and ease of use, users accepted it and it becomes the most widely used operating system all over the world. Windows XP and Windows 7 are termed as the most famous operating systems but now developers have come up with Windows 10 and they have put so much effort in it so that the users can get the ultimate experience. Windows 10 has come up in many versions and the one we are reviewing here is Windows 10 Enterprise LTSC 2019 x64 Multi Language 2019. You can also opt for Windows 10 Enterprise 2019 LTSC.

Category:     |    Added: 52 minutes ago    |    View: 0
Adobe Bridge CC 2019 Free Download - downloadwise.com

Adobe Bridge CC 2019 Free Download Latest Version for Windows. It is full offline installer standalone setup of Adobe Bridge CC 2019 v9.0.2.

Adobe Bridge CC 2019 is an imposing application which can be used for managing as well as working with multimedia files. You can easily keep track of all the videos, songs as well as photos which are stored onto your PC. You can also download Adobe Bridge CC 2017Adobe Bridge CC 2019 Free Download-GetintoPC.com  Adobe Bridge CC 2019 has been equipped with full scale cataloging as well as media management program that looks good and is very easy to operate for the novices. It has got a multiple viewing mode which will help you identify the hidden files and to sort them in various different ways. You can add labels as well as assign a rating to all the items recognized by Adobe Bridge. With this application you

Category:     |    Added: 2 hours ago    |    View: 0
Wondershare Video Converter Ultimate Free Download - downloadwise.com

Wondershare Video Converter Ultimate Free Download. Full offline installer standalone setup of Wondershare Video Converter v10.4.3.198.

Wondershare Video Converter Ultimate is a comrepehensive application which can be used for converting your audio and video files into various different file formats which include 3GP, MOV, DAT and DVD etc. With this application you can easily extract the audio stream and can save it to the MP3 type and prepare it from iPhone and iPad etc. You can also download Wondershare Video Converter Ultimate 10.2.0.154 Portable.

Category:     |    Added: 2 hours ago    |    View: 0
IObit Driver Booster Pro Final 2019 Download - downloadwise.com

IObit Driver Booster Pro Final Download Latest Version. Full offline installer standalone setup of IObit Driver Booster Pro Final 6.3.0.276.

IObit Driver Booster Pro Final is an application which can be used for updating all the drivers as well as game components present in your computer. This impressive tool has got an automatic scan mode which will let you update all the drivers as well as game components so that you can experience the stability in the performance of your system and also very smooth gaming experience. You can also download AVG Driver Updater.

Category:     |    Added: 2 hours ago    |    View: 0
Wondershare Dr.Fone Toolkit for iOS / Android Download - downloadwise.com

Wondershare Dr.Fone Toolkit for iOS / Android Download. It is full offline installer standalone setup of Wondershare Dr.Fone v9.9.5.38.

Wondershare Dr.Fone iOS is an efficient application that has been developed for recovering the lost data from your iPhone, iPad and iPod touch devices. Retrieving the lost data is very simple and with just few mouse clicks you can perform the tasks easily. You can also download Wondershare Dr.Fone for Android.

Category:     |    Added: 3 hours ago    |    View: 0
Bluebeam Revo eXtreme 2018 Free Download - downloadwise.com

Bluebeam Revo eXtreme 2018 Free Download Latest Version. It is full offline installer standalone setup of Bluebeam Revo eXtreme 2018 v4.0.