Author: David Petersson / Source: The Next Web
Google, which has been long known for defending freedom of internet, recently removed access to a feature that was widely used to bypass censorship; domain fronting.
Activists claim Google is siding with censorship, while Google claims it was a regular update.
But what is the bigger picture? Should Google ignore the moral effects of its actions?Before I try to answer that, lets have a look at what domain fronting really is about.
Domain fronting primer
Domain fronting is a technique that hides the actual website the user is trying to connect to from network monitors. As such, it is used by both anti-filtering tools — such as Signal, Tor, and Psiphon — as well as malicious actors. Here is how it works:
You generally access websites via their URL — a human readable address that translates to an IP, used to locate the server. For instance, www.google.com might translate to 192.123.123.123. When censorship tools monitor outgoing traffic, they look for these URLs (and in some instances direct IPs) and if they detect any “forbidden” URLs, they shut off the connection.
The domain fronting technique masks the “forbidden” URL, and makes the traffic appear as if it’s a request for Google.
Historically, domain fronting is used by CDNs — Content Delivery Networks. CDNs are the systems that improve a website’s loading speed by serving the content from a location near the user.
For instance, if you’re in the US and try to access a website hosted in the UK, normally the transfer must cross the Atlantic every time, which makes it very slow. With a CDN, another server in the US will keep a copy of the UK website. Thus, you bypass the slow process and interact instead directly with a local server, which is much faster.
Of course, for this to work, the URL of the target website must translate to the CDN server’s address instead of its own IP. That means you and the users accessing the site are still calling the same URL but under the hood, the content is coming from a different location.
Next, the CDN must bring its content from the original website. It can cache a lot of files, but for dynamic content (like tweets that are updated every minute) this data must be available immediately. As such, the request to the CDN must be fronted to the actual website — and here is where domain fronting comes in.
The point is that the connection is not between the user and the forbidden website — it is between the user and the CDN, which is serving the contents of the forbidden website.
Domain fronting on Google
The Google App Engine is not a CDN. As such, it does not support domain fronting. But, you can host a website there, and use any other Google domain as a front (such as google.com, gmail.com, or…
The post Did Google stop domain fronting as a censorship move? appeared first on FeedBox.