Google kills off domain fronting – and so secure comms just got tougher Google has made technical changes to its cloud infrastructure that have caused collateral damage to an anti-censorship technique called domain fronting. The technique, more a workaround than a supported feature, has become popular on App Engine, Google's platform-as-a-service product, over the past year or so. And now makers …
This. A hundred times this.
You can scream & gnash your teeth & shake your fist & whatever else you like, but it was a *bug* that got quashed. Google fixed a potential security hole that would ruin the day of anyone caught by its use, & for that you want to cry foul? What's next, critisizing MS for patching Windows to stop allowing remote code executeables?
YES the privacy aspect was a bit of a sore spot, but the WAY that privacy was caused (by sending traffic to a different domain) was a problem. A problem that had far reaching consequences that needed to be addressed (no pun intended). Google did it by removing the bug that allowed the host to be disguised. Would you still complain if you thought you were going to http://www.MyBank.com & instead found yourself on http://www.EvilSkriptKiddeezAnonymouz.com?
On one hand I agree with the folks that were using the bug to allow uncensored communication in censor-heavy locations, but on the other hand I can see that the bug that allowed such communication was a security flaw just waiting to be exploited. Patch the bug, find another means of uncensored communications, & move on. Don't scream at Google for fixing the bug, focus your energy on finding a better solution to the censorship.
"... I can see that the bug that allowed such communication was a security flaw just waiting to be exploited. Patch the bug, find another means of uncensored communications, & move on."
And then the "other means" gets found out and patched for the same reason. Repeat.
Is the only way to stay ahead of criminals to take all the nifty toys & tricks away from the good people?
Remember the political games being played by the likes of Facebook and Cambridge Analytica.
Who knows what is going on and to what extent your views are being collated by the State to weed out those with non-canonical opinions.
You have to ask yourself what was going at Cambridge Analytica during the week it took the Information Commissioner to get permission to inspect what remained of the data they were holding given the extended cleaning-up oppoutunity period between the announcement of the intention to raid and the raid itself.
YES the privacy aspect was a bit of a sore spot, but the WAY that privacy was caused (by sending traffic to a different domain) was a problem.
NO, it was NOT a problem and is not a security flaw.
At no time does a user, app or web server end up confused about what site they are accessing -- all the secure steps (https, certificates, etc) use the correct host names. The hack just means that people spying on the unencrypted initial steps of the connection set up see a different, uncontroversial, host name.
I think it is a shame that Google have stopped it working. I suspect that if they really wanted to, they could actually offer this as a (paid for) feature for sites which want to be accessible without their users revealing that they are contacting it.
Russia, for example, has shown willingness to block network addresses associated with large service providers like Google and Amazon when trying to silence the opposition.
Anyone who is of THAT particular opinion - some suggested reading: http://www.km.ru/v-rossii/2018/04/19/roskomnadzor/823725-telegram-shou-borba-s-terrorizmom-ili-reputatsiei
You will need to know Russian or peruse Google translate. The latter will probably produce garbage as there is way too many puns and colloquial phrases so you may still need someone who knows Великий и Могучий to help you. I have translated a few passages further down, make your own mind to what extent their media is censored.
The whole story of Telegram not about censorship, it is about control and future control (as rightly pointed by that article towards the end). It is "mutilating the freedom of the future generations". Same as what Rudd wants, same as what Comey wanted, same as what all the other similar busybodies want. They are scared shitless of the idea that the population talks and they do not know what they are talking about.
So on the "censorship" subject - here are some translations of what km.ru (a news site there with readership in the tens of millions if memory serves me right) says on the subject:
So, for starters it opens up with: "It is quite clear that our in power busybodies really needed that bucket of (dirty) cold water on their head or a hit with the wet mop from said bucket on the same head".
Further down: "It would have been very difficult to find a more demonstrable way to go face-forward into the mud. At this point there is a block on 15M addresses from Google, Amazon, E-bay, games, etc. That is trying to chase locusts with a Grad multiple rocket launcher. While, of course, it will probably reduce the health of the locusts a bit, there will be no fields and crops left that's for sure".
Now, let's show some really "censored" material: "What Lesha Navalny could not deliver, was done by Pavel Durov. To DIY a protest movement out of nowhere and one that is accelerating as well."
That does not end there: "This is the Russian state attempting to mutilate the freedoms of the future generations. That is way more serious than Navalny's "thieves and corrupt officials".
Does not look particularly censored and silenced (*) to me and most importantly - it puts the point exactly where it should. Something el reg has failed (in bold).
By the way - El reg, take note. The comparison of the Russian equivalent of Ofcom with Don Quixote feverish from inflammated haemorrhoids is a minor gem - definitely worth plagiarizing.
(*)If anything Putin on the QT supports opposition there so it does not look like he is the only game in town. If you analyse the pro-opposition posts on their forums you will notice all the tell-tale signs of one of their own troll factories at work. Why he is doing it and what is the game, however is a different and rather long story. One our ANALists have missed and one our propaganda constantly lies about.
@VRH:
I'm going to have to learn Russian at some point.
While western media in general tend to focus on their own bugbears, for those of us who are somewhat paranoid, I think we're all pretty much on the same page. Oligarchs have watched "The Hunger Games" and it's predecessor (Asian film, mid 90's, better plot and more terrifying for it's alignment to reality) and decided they like the idea.
As a species humans are designed to compete to survive. It makes us somewhat ugly, but it is what made us evolve.
The problem is that the oligarchy has to be rotated every so often, if this isn't done, then those on the top get too stupid and disconnected, and the rest of us could end up dying off, which will leave the oligarchy without life support, thus resulting in the species going extinct. So, we *do* need these obscure and secure methods of communication, even where and when the criminal types use them.
It really does not matter which oligarchy or tyrant or despot dictator you choose to point at, the disease is the same. And it is indeed a global thing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
