On Tue, Dec 20, 2016 at 7:08 AM, Royce Williams <ro...@techsolvency.com> wrote:
[snip] > IMO, *operational, politics-free* discussion of items like these would > also be on topic for NANOG: > > - Some *operational* workarounds for country-wide blocking of > Facebook, Whatsapp, and Twitter [1], or Signal [2] [snip] > 2. > http://www.nytimes.com/aponline/2016/12/20/world/middleeast/ap-ml-egypt-app-blocked.html Steering things back towards the operational, the makers of Signal announced today [1] an update to Signal with a workaround for the blocking that I noted earlier. Support in iOS is still in beta. The technique (which was new to me) is called 'domain fronting' [2]. It works by distributing TLS-based components among domains for which blocking would cause wide-sweeping collateral damage if blocked (such as Google, Amazon S3, Akamai, etc.), making blocking less attractive. Since it's TLS, the Signal connections cannot be differentiated from other services in those domains. Signal's implementation of domain fronting is currently limited to countries where the blocking has been observed, but their post says that they're ramping up to make it available more broadly, and to automatically enable the feature when non-local phone numbers travel into areas subject to blocking. The cited domain-fronting paper [2] was co-authored by David Fifield, who has worked on nmap and Tor. Royce 1. https://whispersystems.org/blog/doodles-stickers-censorship/ 2. http://www.icir.org/vern/papers/meek-PETS-2015.pdf
