Google updates App Engine to discontinue support for domain-fronting
What's the story
Google's App Engine no longer supports a practice called "domain-fronting" that allowed app developers to evade internet censorship.
It was particularly helpful in letting apps and other services get around state-level internet blocks.
This change in Google's network architecture can be problematic for several anti-censorship platforms like Signal, GreatFire.org and Psiphon's VPN services.
The update is rolling out across all Google services.
In Layman Terms
What is domain-fronting?
Domain-fronting can be understood as the ability to use Google as a proxy.
It allowed apps and websites to forward traffic to their servers through a Google.com domain. So it would appear to the censors that all the encrypted data is headed for Google.com.
Domain-fronting also allowed location spoofing, which is used by VPNs and any other service wanting to get across geo-restricted content.
Information
Domain-fronting allowed Signal to become indistinguishable from uncensored traffic
Domain-fronting majorly came into view in 2016 when secure chat app Signal publicly adopted it. It allowed users to send encrypted messages without being traced. To censors, they looked like a normal HTTPS request to Google.com.
Details
Domain-fronting was unofficial, won't become official in future either: Google
Technically, App Engine never officially supported domain-fronting. Google has now just modified the very framework that the feature was a by-product of, due to which all traces of unintended backend support have also been removed.
"Until recently it worked because of a quirk of our software stack. As part of a planned software update, domain-fronting no longer works," a company representative said.
Twitter Post
Edward Snowden is not happy
Google is killing an absolutely critical protection for people in places like Iran, China, and Russia trying to reach uncensored news and chat. That this can slide without any opposition from US policy-makers is the epitaph on the US internet freedom agenda's grave. https://t.co/l5OSg72zQ6
— Edward Snowden (@Snowden) April 19, 2018
Quote
And, Digital rights activists urge Google to reconsider
"Allowing domain fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue."