Google updates App Engine but kills anti-censorship feature

Software quirk Domain-Fronting ends up in the bone orchard

App developers will no longer be able to use Domain-Fronting on Google after the company's planned update to their App Engine killed off the practice, reported The Verge.

The update in Google's network architecture was first spotted by developers of privacy-minded web browser Tor. It removes an approach that services like encrypted messaging platform Signal, anti-Chinese censorship tool GreatFire.org, and VPN services offered by Psiphon depended upon.

Domain-Fronting is an essential technique used by dozens of internet freedom tools designed to allow users to work around state-level internet censorship.

It is used to bypass censors by using Google as a proxy, forwarding traffic to their own servers through a Google.com domain. Instead of allowing a service to directly communicate with a server, potentially hiding it from state-level internet censors who might identify and block the connection, the request is forwarded through an innocuous domain or IP address range.

Advertisement
Advertisement - Article continues below

This allows services that would otherwise have their traffic blocked skate under the censors by appearing to come from Google.

The operators of anti-censorship group GreatFire.org tweeted their frustration at Google's decision.

"Google could end online censorship everywhere, in the blink of an eye, if it wanted. It's frustrating to see half-hearted efforts come out of Jigsaw and now this," the group said. 

Google has taken a firm stance on the matter and will not go back on its decision. A spokesperson for the company told The Verge that the decision was part of a planned software update and that the practice was never supported by Google.

"Domain fronting has never been a supported feature at Google," a company representative said. "Until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature."

Reinstating Domain-Fronting would essentially make it a feature. That would be welcomed by the many invaluable tools that help keep the internet open for people operating under oppressive governments, but this could open Google up to scrutiny from those same regimes and services that could be harmed by malicious domain fronting operations.

Image credit: Bigstock 

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019