l Encrypted messaging app Signal uses Google to bypass censorship
itMYti.com < New IT WebNews
Category: news    |    Added: 2016-12-23 05:55:05    |    View: 92

The app routes requests through Google's servers to make it harder for governments to block them

The Signal app uses domain fronting to evade censorship attempts.
Credit: Peter Sayer
"; adDivString = "
" + adString + "
"; IDG.GPT.defineGoogleTagSlot(slotName ,[[320,50],[300,250],[300,50]]); } placementDiff = applyInsert($(this), adDivString); if (DEBUG) { console.log("Just placed an ad and the placementDiff is: " + placementDiff); } placementTarget = cumulativeHeight + placementDiff + INTERMODULE_HEIGHT + AD_HEIGHT_BUFFER; } else if (moduleCounter < articleDRRModuleList.length){ var elementId = "drr-mod-"+moduleCounter; var moduleDivString = "
"; modules.push(elementId); placementDiff = applyInsert($(this), moduleDivString); if (DEBUG) { console.log("Just placed a module and the placementDiff is: " + placementDiff); } placementTarget = cumulativeHeight + placementDiff + INTERMODULE_HEIGHT + MODULE_HEIGHT_BUFFER; moduleCounter++; } loopCounter++; } // Avoid placing elements too soon due to non-large figures inflating the cumulative height if ($(this).is("figure") && !$(this).is("figure.large")) { cumulativeHeight += GRAF_HEIGHT; } else { cumulativeHeight += $(this).height() + GRAF_HEIGHT; } } }); // end $("#drr-container").children().each() // clone Related Stories module to come in after eighth para in article body for mobile breakpoint display var $relatedStories = $('.related-promo-wrapper'); if ($relatedStories.length) { var $relatedStoriesClone = $relatedStories.clone(); $relatedStoriesClone.insertAfter( "#drr-container > p:eq(7)"); } // For mobile only, place ad after second paragraph. if (firstMobileAdHtml) { $(firstMobileAdHtml).insertAfter("#drr-container > p:eq(1)"); } var $insiderPromo = $('.insider-promo-wrapper'); if ($insiderPromo.length) { var $insiderPromoClone = $insiderPromo.clone(); $insiderPromoClone.insertAfter( "#drr-container > p:eq(1)"); } IDG.GPT.trackOmniture(); // Add Right rail module content var placeModule = function( data ) { var placementId = $(data).attr("data-placement-id"); $( "#"+placementId ).html( data ); }; for (i=0; i" + adString + "
"; } /** * @param jqo Original jquery object target * @param divString The div to be inserted. * @return Difference in height between original placement target and final target. * Checks first 6 elements for an allowable placement (600 pixel window). * If none, place element in first location that does not follow a reject element. */ function applyInsert(jqo, divString) { if (DEBUG) { console.log("applyInsert at top and jqo index is: " + jqo.index()); } for (var i=0; i<=6; i++) { $thisElement = jqo.nextAll().andSelf().slice(i, i+1); if (DEBUG) { console.log("Checking first six and i is: " + i + " and this element index is " + $thisElement.index() ); } if ($thisElement.index() < 0) { break; } if (allowPlacement($thisElement)) { return addElement(jqo, $thisElement, divString); } } if (DEBUG) { console.log("No nearby allows so just place in first spot that is not after reject."); } var numElements = jqo.nextAll().length; var startIndex = jqo.index(); for (var i=startIndex; i<=numElements; i++) { var $element = $("#drr-container").children().eq(i); // This element is eligible when not null, not in placement index, and previous element is not reject if ($element != null && (placementIndex == null || placementIndex.indexOf(i) == -1) && !isReject($element.prev())) { return addElement(jqo, $element, divString); } } if (DEBUG) { console.log("Not going to place element: return 0."); } return 0; } /** * @param jqo Original jquery object * @param allowElement Element that is good placement for module/ad * @param divString The div to be inserted before the good element * @return placementHeightDiff Diff in height between original placement target and current target. * * If element is not too close to the end the insert the div before allowable element. * Add element index to placementIndex to keep track of which elements already have placements */ function addElement(jqo, allowElement, divString) { var offset = allowElement.index() - jqo.index(); if (DEBUG) { console.log("addElement: jqo index is " + jqo.index() + " allowElement index is " + allowElement.index()); } if (elementNotNearEnd(allowElement, RIGHT_PIXEL_WINDOW)) { allowElement.before(divString); if (DEBUG) { console.log("addElement: Adding " + allowElement.index() + " to placementIndex."); } placementIndex.push(allowElement.index()); if (offset == 0) { return 0; } else { return getHeightDifference(jqo,allowElement); } } else { if (DEBUG) { console.log("addElement: Near the end so do NOT add."); } return 0; } } function getHeightDifference(jqo,allowElement) { var offset = allowElement.index() - jqo.index(), height = 0, children = null; if (offset > 0) { children = $("#drr-container").children().slice(jqo.index(), allowElement.index()); } else { children = $("#drr-container").children().slice(allowElement.index(), jqo.index()); } if (children != null) { children.each(function(i) { if (DEBUG) { console.log("About to add this element's height to heigh diff offset"); console.log($(this)); } height += $(this).height() + GRAF_HEIGHT; }); } if (offset < 0) { height *= -1; } if (DEBUG) { console.log("getHeightDifference: offset was " + offset + " and height diff is : " + height); } return height; } function allowPlacement(jqo) { if (jqo.prev() != null && isReject(jqo.prev())) { return false; } return true; } function isReject(jqo) { if (jqo != null) { if (jqo.is('h2') || jqo.is('h3') || jqo.is('h4') || jqo.is('h5')) { if (DEBUG) { console.log("isReject: found header"); } return true; } } return false; } // Returns true if height of all elements after this one is more than 500; false otherwise function elementNotNearEnd(element, pixelWindow) { if (pixelWindow === null) { pixelWindow = 500; } if (element === null) { return false; } var remainingHeight = 0, children = $("#drr-container").children().slice(element.index()); if (children === null) { return false; } children.each(function(i){ remainingHeight += $(this).height(); }); if ( remainingHeight > pixelWindow) { return true; } else { if (DEBUG) { console.log("Element too close to end. Remaining height is: " + remainingHeight + " and window is " + pixelWindow); } return false; } } } // end function executeDRRMobile() function executeDRRDesktop() { var heroImgHeight = $('figure.hero-img').outerHeight(true); if (heroImgHeight === null) { heroImgHeight = 0; } var galleryItemHeight = $('figure.thm-gallery').outerHeight(true); if (galleryItemHeight === null) { galleryItemHeight = 0; } var atAglanceTop = $('.at-a-glance.top').height(); if (atAglanceTop === null) { atAglanceTop = 0; } var drrContainerHeight = $('div#drr-container').outerHeight(true); var topIMUheight = $('#topimu').height(); if (topIMUheight === 0) { topIMUheight = 600; } var relatedPromoHeight = $('div.related-promo-wrapper').outerHeight(true); if (relatedPromoHeight === null) { relatedPromoHeight = 0; } var videoHowtoHeight = $('div#video-howto-wrapper').outerHeight(true); if (videoHowtoHeight === null) { videoHowtoHeight = 0; } var teadsInreadHeight = $('div.teads-inread').height(); if (teadsInreadHeight === null) { teadsInreadHeight = 0; } var unrulyAdHeight = $('.unruly_in_article_placement').height(); if (unrulyAdHeight === null) { unrulyAdHeight = 0; } //just in case the in article ads are picked up... var collapsibleAdHeight = unrulyAdHeight + teadsInreadHeight; var workingRRheight = ( (heroImgHeight + galleryItemHeight + atAglanceTop + drrContainerHeight) - (topIMUheight + relatedPromoHeight + videoHowtoHeight) ); workingRRheight = workingRRheight - collapsibleAdHeight; var DEBUG = false; if (DEBUG) { console.log('-----working RR height = ' + workingRRheight); } var articleDRRModuleList = ["dealposts","products.latest-reviews"], moduleUrls = [], modules = [], moduleCounter = 0, loopCounter = 0; var adPositions = new Array(0,1,3); // IMU, IMU, module, IMU, module if (false) { var dealpostsIdx = articleDRRModuleList.indexOf("dealposts"); if (dealpostsIdx > -1) { articleDRRModuleList.splice(dealpostsIdx, 1); adPositions = [0, 1, 2]; } } for (var i=0; i 650) { numItems = 1; } if (workingRRheight > 1350) { numItems = 2; } if (workingRRheight > 2300) { numItems = 3; } if (workingRRheight > 2950) { numItems = 4; } if (workingRRheight > 3650) { numItems = 5; } for (var currIndex=0;currIndex
"; adDivString = "
" + adString + "
"; IDG.GPT.defineGoogleTagSlot(slotName ,[[320,50],[300,250],[300,50]]); } //$('#drr-container > p').first().before(adDivString); //$('#drr-top-ad').append(adDivString); $(adDivString).appendTo('#drr-top-ad'); if (DEBUG) { console.log("-----Just placed an AD currIndex = " + currIndex); } } else if (moduleCounter < articleDRRModuleList.length){ var elementId = "drr-mod-"+moduleCounter; var moduleDivString = "
"; modules.push(elementId); //$('#drr-container > p').first().before(moduleDivString); $('#drr-top-ad').append(moduleDivString); if (DEBUG) { console.log("-----Just placed a MODULE and currIndex = " + currIndex); } moduleCounter++; } } //end for loop IDG.GPT.trackOmniture(); // Add Right rail module content var placeModule = function( data ) { var placementId = $(data).attr("data-placement-id"); $( "#"+placementId ).html( data ); }; for (i=0; i" + adString + "
"; } } // end function executeDRRDesktop()

Developers of the popular Signal secure messaging app have started to use Google’s domain as a front to hide traffic to their service and to sidestep blocking attempts.

Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.

Open Whisper Systems, the company that develops Signal—a free, open-source app—faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple’s FaceTime and other voice-over-IP apps were also being blocked.

The solution from Signal’s developers was to implement a censorship circumvention technique known as domain fronting that was described in a 2015 paper by researchers from University of California, Berkeley, the Brave New Software project and Psiphon.

The technique involves sending requests to a “front domain” and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.

“In an HTTPS request, the destination domain name appears in three relevant places: in the DNS query, in the TLS Server Name Indication (SNI) extension and in the HTTP Host header,” the researchers said in their paper. “Ordinarily, the same domain name appears in all three places. In a domain-fronted request, however, the DNS query and SNI carry one name (the “front domain”), while the HTTP Host header, hidden from the censor by HTTPS encryption, carries another (the covert, forbidden destination).”

Their research revealed that many cloud service providers and content delivery networks allow HTTP host header redirection, including Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly and Akamai. However, most of them only allow it for domains that belong to their customers, so one must become a customer in order to use this technique.

Google, for example, allows redirection through the HTTP host header from google.com to appspot.com. This domain is used by Google App Engine, a service that allows users to create and host web applications on Google’s cloud platform.

This means that someone can create a simple reflector script, host it on Google App Engine and then use the HTTP host header trick to hide its location from censors. Someone monitoring user traffic will only see HTTPS requests going to www.google.com, but those requests will reach the reflector script on Google App Engine and will be forwarded to a hidden destination.

“With today’s release, domain fronting is enabled for Signal users who have a phone number with a country code from Egypt or the UAE,” Open Whisper Systems founder Moxie Marlinspike said Wednesday in a blog post. “When those users send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.”

Even if the censors decide to ban Google, the domain fronting implementation can be expanded to use other large-scale services as domain fronts. If this happens, enforcing a ban on Signal would be the equivalent of blocking a very large portion of the internet.

The anti-censorship feature is currently present in the latest version of Signal for Android. It’s also included in a beta version of the app for iOS that will be released in production soon.

The developers also plan future improvements that will allow the app to detect censorship automatically and switch to domain fronting even if the user has a phone number from a country where censorship is not normally present. This is intended to cover those cases where users travel to other countries where the app is blocked.

Signal is considered by security experts as one of the most secure messaging services around. It’s open-source end-to-end encryption protocol has also been adopted by other popular chat apps like Facebook Messenger and WhatsApp.

While the communication between users is encrypted end-to-end, the Signal app uses servers for contact discovery and these can be blocked by censors to prevent users from using the app.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.
source: Pcworld

Category: review    |    57 minutes ago    |    View: 12

Today we're revisiting a mid-range GPU battle between the Radeon RX 570 4GB and GeForce GTX 1060 3GB. It's been a little over a year since we compared these two head to head in an extensive 28 game battle, so we thought it was about time to take another look now that GPU prices seem to be coming back down to more reasonable prices.

Category: news    |    8 hours ago    |    View: 58

Sinclair Broadcast Group has been trying for months to broker a deal to buyout Tribune Media. Engadget reports the company recently proposed to “offload” 21 stations to show officials that it was not trying to stifle competition. However, the FCC&hellip;

Category: news    |    9 hours ago    |    View: 15

Pininfarina, the Italian car design firm best known for Ferrari’s iconic look, announced in March that it was developing its own all-electric hypercar. Not much was initially shared about the PFO but that has since changed as the design house&hellip;

Category: news    |    10 hours ago    |    View: 11

I have to say; when I saw Siemens retro-fitted 1965 autonomous Ford Mustang attempt the hill climb at the Goodwood Festival of Speed, I was quite unimpressed. In fact, I was somewhat embarrassed for the engineers as the car swerved&hellip;

Category: news    |    10 hours ago    |    View: 0

Amazon's annual day of outlandish deals and sales, Prime Day, has officially kicked off. Unfortunately, while customers are enjoying the fruits of Amazon's massive success, the company itself is facing some internal struggles.

Category: news    |    11 hours ago    |    View: 13

Samsung is expected to match Apple’s rumored trifecta of iPhones with a trio of Galaxy S10 devices packing a variety of screen sizes.

Category: news    |    12 hours ago    |    View: 24

Uber has had its fair share of problems over the years. It's faced down numerous federal investigations, class-action lawsuits, and scrutiny from the National Transportation Safety Board following a fatal March crash involving an autonomous Uber vehicle.

Category: news    |    13 hours ago    |    View: 10

In October of last year, Epic brought lawsuits against several cheaters in its smash-hit battle-royale game Fortnite. To be clear, these were not your average cheaters. These were people who allegedly profited by either providing hacks or promoting them. Most&hellip;

Category: news    |    13 hours ago    |    View: 0

Northern Springs is a land expansion for Fallout 4 that’s said to be larger than both Far Harbor and Nuka World, official DLCs straight from Bethesda. It’s located at the top left corner of the map and can be explored&hellip;

Category: news    |    14 hours ago    |    View: 16

Saving the environment seems to be the collective focus of the tech industry as of late. Even companies that compete quite heavily with each other -- such as Google and Apple -- are united by the steps they've taken to&hellip;




Download Latest PC Softwares

Category: download-managers    |    Added: 1 hour ago    |    View: 0
KeepVid Pro 7.3.0.2 + Portable Download - downloadwise.com

KeepVid Pro 7.3.0.2 + Portable Download Latest Version for Windows. It is full offline installer standalone setup of KeepVid Pro 7.3.0.2.

KeepVid Pro 7.3.0.2 is a very useful application that can be used for downloading audio and video content from different websites and after downloading it will also allow you to convert the files into various different file formats. Watching the videos as well as listening to the music online is an excellent idea but sometimes you are not connected to the Internet which won’t allow you to access your favorite content. This situation can be avoided by downloading the content from this program. You can also download Internet Download Manager IDM 6.28 Build 9.

Category: 3d-designing    |    Added: 10 hours ago    |    View: 4
Artlantis Studio 7.0.2.2 Free Download - downloadwise.com

Artlantis Studio 7.0.2.2 Free Download Latest Version for PC. Its full offline installer standalone setup of Artlantis Studio 7.0.2.2 for 64.

Artlantis Studio 7.0.2.2 is a very handy and ideal application that has been developed for the users who need to perform very high resolution rendering easily and in real time. With this application you can create a very highly professional 2D and 3D designs. This application also allows you to create panoramic images as well as animations. You can also download Abvent Artlantis Studio.

Category: system-tuning    |    Added: 17 hours ago    |    View: 6
O & O ShutUp10 1.6.1397.1 Free Download - downloadwise.com

O & O ShutUp10 1.6.1397.1 Free Download. A very handy application which can be used for disabling telemetry and for localization detection.

O & O ShutUp10 1.6.1397.1 is a very handy application which can be used for disabling telemetry and for localization detection. The Telemetry components in Windows 10 and the way they are affectingt he privacy of the users is a very controversial topic since the release of the most recent offering from Microsoft’s operating system. With this application you can manually tweak the security settings of Windows 10. You can also download Beyond Compare 4.2.5 + Portable.

Category: utilities    |    Added: 18 hours ago    |    View: 0
Display Driver Uninstaller 17.0.8.9 Free Download - downloadwise.com

Display Driver Uninstaller 17.0.8.9 Free Download Latest Version. Full offline installer standalone setup of Display Driver Uninstaller.

Display Driver Uninstaller 17.0.8.9 is a very handy application that has been developed to let you immediately uninstall NVIDIA, AMD as well as Intel display drivers. This application has not been equipped with complex settings or configuration parameters. You can also download IObit Uninstaller Pro 6.1.0.20.

Category: ironcad-design-collaboration-suite-2018-free-download    |    Added: 3 days ago    |    View: 23
IronCAD Design Collaboration Suite 2018 Free Download - downloadwise.com

IronCAD Design Collaboration Suite 2018 Free Download Latest Version for Windows. Full offline installer standalone setup of IronCAD Design.

IronCAD Design Collaboration Suite 2018 is a very handy and powerful set of tools that has been developed for the professionals as well as design engineers who are required to create and edit 2D and 3D models. This imposing application has got all the tools which are required for making your ideas a reality. You can also download progeCAD 2019 Professional.

Category: utilities    |    Added: 3 days ago    |    View: 3
Total Commander 9.20 Final + Portable Download - downloadwise.com

Total Commander 9.20 Final + Portable Download Latest Version for Windows. Full offline installer standalone setup of Total Commander 9.20.

Total Commander 9.20 Final + Portable is a very handy application which will allow you to replace your default method of the file browsing and management. Most of the activities now a days use computer and for file management Total Commander 9.20 Final + Portable is the application to look for. You can also download Total Commander Ultima Prime.

Category: utilities    |    Added: 3 days ago    |    View: 4
CCleaner Professional 5.44.6577 + Portable Free Download - downloadwise.com

CCleaner Professional 5.44.6577 + Portable Free Download New Setup. Its full offline installer standalone setup of CCleaner Professional.

CCleaner Professional 5.44.6577 + Portable is a very handy application which can be used for secure cleaning of your system. This application performs in-depth analysis of all the areas of your system. This application will detect the unused or the invalid entries that clog the Windows registry. You can also download CCleaner Professional 5.41.6446 + Portable.