In April, internet giants Google and Amazon both dropped ‘domain fronting’ from their web hosting services. Domain fronting is a technique used to bypass internet censorship, in places such as Iran, Russia, and China. In January, Iran tried to block messaging app Telegram.
Now, encrypted messaging platform Wickr is starting to roll out a service to its users that includes domain fronting spread across a variety of infrastructure, meaning that customers and soon free users should be able to use the feature to circumvent censorship.
On top of encryption, “there’s also the availability part of security,” Wickr CEO Joel Wallenstrom told Motherboard in a Wickr conference call. “You can’t have one without the other.”
This issue of connectivity has come up as Wickr has acquired more corporate customers, especially those that travel or have different business units around the world, Wallenstrom said (Wickr offers both free and paid versions). Wickr already uses end to end encryption for video, audio, and text, as well as conference calls.
“It’s not just is the data protected; it’s if the service is available,” Wallenstrom said. “There are just a whole host of networking issues that exist globally.”
Domain fronting essentially hides the destination of an internet user’s traffic by placing the domains of an unblocked service in the connection request, then including the real destination only after establishing an encrypted connection. For example, when some services such as the encrypted messaging app Signal were using domain fronting, the app connected to Google’s App Engine. Often, as was the case with Google and Amazon, domain fronting is not a formally supported feature of web hosting providers, but instead a sort-of hacky work around that those trying to beat censorship will take advantage of.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on email@example.com, or email firstname.lastname@example.org.
When looking into this issue, “We decided we’re not experts, and it would take us a long time to become experts,” Chris Lalonde, Wickr’s COO told Motherboard, referring to anti-censorship techniques. So the company teamed up with Psiphon, a project born out of internet freedom research project Citizen Lab, which develops relevant software and runs a related network.
Psiphon’s commercial model is to provide anti-censorship technology for international broadcasters, like German broadcaster Deutsche Welle and the BBC, and other organizations. The network doesn’t only use domain fronting; Psiphon has a number of its own protocols and deploys other obfuscation techniques to work users around censorship, Michael Hull, president at Psiphon, told Motherboard.
But adopting a measure for corporate customers can also benefit ordinary users. Wickr is deploying the Psiphon network functionality to its enterprise customers immediately, but over the next several weeks the company will roll it out to paying Pro and free users as well, Lalonde said. Free users will have a lower bandwidth of use, and the feature is not enabled by default, with users deciding when to switch it on, he added.
In July Senator Ron Wyden and Senator Marco Rubio wrote letters to Amazon and Google, asking them to reconsider dropping domain fronting.
“We respectfully urge you to reconsider your decision to prohibit domain fronting given the harm it will do to global internet freedom and the risk it will impose upon human rights activists, journalists, and others who rely on the internet freedom tools,” the letters read.