Google and Amazon have blocked “domain fronting,” a method that allows developers to mask their traffic online and get around state-level internet blocks.
Following Google App Engine’s move last month, Amazon Web Services has also announced it would discontinue the service and introduce “enhanced protections” to stop applications routing traffic through its cloud platform. Amazon said the termination was about removing a “malware” while Google noted domain fronting had “never been a supported feature.”
Digital rights advocates now say the discontinuation threatens to undermine freedom of speech online, and the ability of activists and human rights defenders to circumvent repressive censorship, internet shutdowns, and surveillance. Amid massive government blocking campaigns, domain fronting has been used by the encrypted communications app Signal, the anti-Chinese censorship non-profit GreatFire, the anonymous communication software Tor, besides virtual private networks (VPNs).
Domain fronting is especially critical in countries where governments hold a monopoly over the provision of mobile and internet services, and users cannot access certain sites without disguising their operations by using major cloud providers as a proxy. By virtue of using domain fronting as a technique, governments cannot shut down targeted services without blocking access to the whole suite of Google products including the search engine—a move that would draw more attention than if authorities blocked a specific site.
Peter Micek, the general counsel at digital advocacy Access Now, says they have found approximately a dozen human rights-enabling technologies which rely, in full or in part, on domain fronting that will now be affected. These programs and services include Signal, Lantern, Tor, obfs4 or the obfourscator, ScrambleSuit, meek, and Collateral Freedom.
It’s a particular problem across Africa where some of these anti-censorship tools have been crucial in helping users bypass government-mandated internet shutdowns. Over the last two years, at least a dozen African nations have blocked access to the internet and social media during politically sensitive or election times—a costly undertaking that heavily impacts businesses and economies. As such, users have used VPNs to skirt blockages in nations including The Gambia, Togo, Cameroon, Uganda, and Ethiopia.
While it’s not clear why the tech giants decided to take this move now, experts say there’s a security concern in allowing domain fronting given the allegations that a Russian state-sponsored group used the loophole in cyber attacks. Micek also says US-based companies “feel pressure” from their government “lest they fall afoul of US economic and political sanctions,” especially amid concerns of how the Russian government conducted a sophisticated campaign to influence the 2016 US elections.
For now, the termination has left anti-censorship services scurrying to find alternatives. And as the Signal team recently noted, the range of potential solutions has suddenly become “severely limited.”