Google disables domain-fronting, removing ability to bypass state-level firewalls

An update to the Google App Engine has disabled a technique known as 'domain-fronting' which allowed blocked services to help users bypass state-level firewalls by passing internet traffic through a domain that isn't blocked by the government, thereby giving one free access to said blocked service.

Until recently, one could use Google's main domain - www.google.com - as a front to achieve domain-fronting, which allowed services that are active proponents of anti-censorship efforts, such as Signal and Psiphon VPN, to pass encrypted data in and out of a country pretending to be Google-specific traffic, though it has also been used by hackers to illicitly obtain information.

The update disabling this technique was caught by developers over at the Tor network in the middle of a rollout on April 13th. In a statement to The Verge, Google said:

"Domain-fronting has never been a supported feature at Google, but until recently it worked because of a quirk of our software stack. We’re constantly evolving our network, and as part of a planned software update, domain-fronting no longer works. We don’t have any plans to offer it as a feature."

What this essentially means is that Google can no longer be used as a proxy for people that want to route internet traffic through a Google domain to their own servers in order to avoid government censors. Given the vital function that domain-fronting serves in countries that exercise control over the inflow of data, anti-censorship parties are attempting to push Google to reconsider its decision regarding the matter. Nathan White, Senior Legislative Manager at Access Now, a digital rights nonprofit, said in a statement:

“Google has long claimed to support internet freedom around the world, and in many ways the company has been true to its beliefs. Allowing domain-fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue.”

There is a possibility that Google's closure of this 'service' is a result of Russia's recent efforts to ban Telegram, a messaging service, from the country. Telegram has made use of this loophole in Google's service, leading Russia to block Google IPs in the country to prevent its use.

But on the other hand, domain-fronting has been possible via services such as Microsoft's Azure cloud and Amazon Web Services, with no sign of a hasty retreat on their part. Google, however, has a history of trying a bit too hard to comply with state sanctions, so its move shouldn't come as a surprise to anyone.

Report a problem with article
Next Article 1524150201_capture

You can now visualize the spread of the #MeToo movement using Google Trends

Previous Article 1524110254_img_3490

Motorola announces the Moto G6, G6 Play, E5 Plus, and E5 Play [Update]

40 Comments - Add comment

Advertisement