Rights Groups Seek Help Keeping Messaging Apps ‘Disguised’
Digital civil rights groups are writing to Congress next week to ask for help persuading internet giants Google and Amazon to reverse decisions they made that will make it harder for people to get around censorship controls worldwide.
At issue is the ongoing cat-and-mouse game between governments, such as Russia, Iran and China, and internet and messaging communications technology like Telegram and Signal, which are used to communicate outside of censors’ oversight.
In this case, encrypted messaging apps, such as Telegram and Signal, have been using a digital disguise known as “domain fronting.”
Disguising the final destination
As the encrypted message moves through networks, it appears to be going to an innocuous destination, such as google.com by routing through a Google server, rather than its true destination.
If a government acts against the domain google.com, it conceivably shuts down access to all services offered by the internet giant for everyone in the country.
Russia crackdown
Russia did just that in mid-April when it sought to crack down on Telegram.
But hackers can also use this disguise to mask malware, according to ZDNet.
In recent weeks, first Google and then Amazon Web Services said they would close the loopholes that allowed apps to use the disguise.
“No customer ever wants to find that someone else is masquerading as their innocent, ordinary domain,” said Amazon in a press release announcing better domain protections. Neither Google or Amazon responded for a request to comment.
Companies vote against being a disguise
Matthew Rosenfield, a co-author of the Signal protocol, said that “the idea behind domain fronting was that to block a single site, you’d have to block the rest of the internet as well. In the end, the rest of the internet didn’t like that plan.”
Amazon sent Signal an email telling it that its use of circumvention was against Amazon’s terms of service. In Middle East countries, such as Egypt, Oman and Qatar, Signal disguised itself as Souq.com, Amazon’s Arabic e-commerce platform.
Letter to Congress
The letter being sent to Congress will remind members of their stated support for encrypted communication tools and call on them to contact the technology giants to change their decision, according to sources.
Access Now, a digital-rights organization based in New York, identified about a dozen “human rights enabling technologies” that rely on domain fronting using Google.
Peter Micek, general counsel of Access Now, said in a statement that Google and Amazon have an obligation “to meet their human rights responsibilities and protect users at risk.”
“The market leaders that have the resources to fight for human rights must be just that — leaders,” he said.
…