X
CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

Signal says Amazon, Google will no longer help it evade censorship

Hot on the heels of Google's move last week, Amazon Web Services said it will also switch off functionality for domain fronting.

Abrar Al-Heeti Technology Reporter
Abrar Al-Heeti is a technology reporter for CNET, with an interest in phones, streaming, internet trends, entertainment, pop culture and digital accessibility. She's also worked for CNET's video, culture and news teams. She graduated with bachelor's and master's degrees in journalism from the University of Illinois at Urbana-Champaign. Though Illinois is home, she now loves San Francisco -- steep inclines and all.
Expertise Abrar has spent her career at CNET analyzing tech trends while also writing news, reviews and commentaries across mobile, streaming and online culture. Credentials
  • Named a Tech Media Trailblazer by the Consumer Technology Association in 2019, a winner of SPJ NorCal's Excellence in Journalism Awards in 2022 and has three times been a finalist in the LA Press Club's National Arts & Entertainment Journalism Awards.
See full bio
Abrar Al-Heeti
2 min read
Signal

Amazon is switching off functionality for domain fronting, and encrypted messaging app Signal isn't happy about it.

 Getty Images

Signal, a widely-used encrypted messaging app, said Tuesday it will stop employing a commonly-used method for avoiding censorship after two major cloud platforms turned off support for the practice.

The company behind the app said it could no longer use domain fronting, a method for disguising internet traffic that helps circumvent censorship. The decision came after Google and Amazon said they would turn off support for the functionality. 

"With Google Cloud and AWS (Amazon Web Services) out of the picture, it seems that domain fronting as a censorship circumvention technique is now largely non-viable in the countries where Signal had enabled this feature," Signal said in a statement. "The idea behind domain fronting was that to block a single site, you'd have to block the rest of the internet as well. In the end, the rest of the internet didn't like that plan."

Domain fronting allows encrypted messaging apps like Signal to funnel their traffic through a cloud provider, effectively concealing their traffic. Signal and a similar app, Telegram, have played critical roles in evading government censorship during movements like the Arab Spring earlier this decade. 

Access to Signal has been censored in Egypt, Oman, Qatar and UAE for the past 1 1/2 years, Signal says. It has responded by using domain fronting in those countries with Google App Engine. In order to block Signal, those countries would have to block google.com, which they weren't willing to do. That provided people in those nations with access to the app. 

Domain fronting has a side effect: hackers use it to obscure where their malware comes from. 

After Google shut down its domain fronting functionality, Signal switched to Amazon's CloudFront. Amazon soon made the announcement that it would disable unauthorized domain fronting.

In a post late last week, Amazon Web Services said "the new measures are designed to ensure that requests handled by CloudFront are handled on behalf of legitimate domain owners."

Signal says it's considering ideas for a more robust system, but that the changes happened suddenly and "developing new techniques will take time."

Amazon and Google didn't immediately respond to requests for comment.

First published May 1, 2:36 p.m. PT.
Update, May 3 at 10:30 a.m.: Clarifies details surrounding Amazon's disabling of domain fronting.