|By Le Williams | 2 years ago|
The Google App Engine has discontinued domain fronting, which enabled services to use Google’s network and bypass state-level internet deters.
Recent changes in Google’s network architecture indicate the process is ineffective. Discovered by Tor developer last week, the modification has been occurring across Google services and demonstrates a possible disruption of services for numerous anti-censorship tools, such as Psiphon’s VPN services, Signal, and GreatFire.org.
“Domain fronting has never been a supported feature at Google, but until recently it worked because of a quirk of our software stack”, a Google representative reported. “We’re constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don’t have any plans to offer it as a feature.”
Domain fronting supported developers towards proxy use through Google, forwarding traffic to their own servers through a Google.com domain. This was a critical element in avoiding state-level censorship, which blocks all traffic sent to a given service.
According to a recent FireEye report, the Kremlin-linked APT29 used domain fronting to smuggle information out of targets for two years. Conversely, digital rights groups are currently advising Google to reconsider the actions.
“Google has long claimed to support internet freedom around the world, and in many ways, the company has been true to its beliefs,” said Nathan White of Access Now. “Allowing domain fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue.”