- How to stream Packers vs. Lions on Monday Night Football Sunday 7:15 PM
- College students burned author’s books after she spoke about white privilege Sunday 6:28 PM
- Texas police officer fatally shoots Black woman in her own home Sunday 3:44 PM
- Milo Yiannopoulos’ website dangerous.com was sold Sunday 1:42 PM
- First YouTube comment to hit 1 million likes is on Billie Eilish’s ‘bad guy’ music video Sunday 12:36 PM
- Girl says she was fired over exposing how Panera makes its mac and cheese on TikTok Sunday 11:34 AM
- David Harbour teased fans about Hopper’s ‘Stranger Things’ fate on ‘SNL’ Sunday 10:24 AM
- Kacey Musgraves accused of cultural appropriation–and botching it Sunday 9:19 AM
- Rihanna defends Vogue writer who received backlash for ‘winging’ interview Sunday 8:36 AM
- Here are the best PC games to add to your list Sunday 8:20 AM
- How to stream ‘Power’ season 6, episode 8 Sunday 6:00 AM
- How to stream Steelers vs. Chargers on Sunday Night Football Saturday 7:20 PM
- Popular TikTok teens accused of pretending to be gay for clout Saturday 6:38 PM
- Scott Walker’s ‘$26 haircut’ dig at Alexandria Ocasio-Cortez backfires Saturday 4:46 PM
- Halle synagogue shooter allegedly posted manifesto on anime message board Saturday 4:06 PM
An update to the Google App Engine, the platform developers use to create web applications, puts an end to “domain fronting.” The tool, which gave apps the ability to hide their location, was used to circumvent state-wide censorship in countries like China or Egypt.
It worked by using Google’s network as a proxy to feed data through before that data reached the app’s own servers. The search giant’s encryption would then shield anyone from knowing where those requests were going next. If someone was taking advantage of domain fronting, it would appear as though all of their data requests would be going to and coming from Google.com.
This level of anonymity also opens the doors for hackers. Last year, security researchers at FireEye caught “Russian nation-state attackers” using the technique to gain backdoor access to computers.
It doesn’t appear this feature was created intentionally by Google but was rather a byproduct of providing developers the infrastructure required for sending app data. Google confirmed as much in a statement to the Verge, claiming domain fronting has “never been a supported feature at Google” and that it only worked because of a “quirk” in its software.
“We’re constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don’t have any plans to offer it as a feature,” Google said.
Signal, a messaging app known for its strong encryption, began supporting domain fronting natively in 2016 after it was blocked by Egypt. Along with other anti-censorship apps like GreatFire.org and Psiphon, Signal relied on the App Engine to give users a way to bypass censorship. We have reached out to Signal to find out if it will still offer the tool.
Nathan White of digital rights group Access Now criticized the Google update and urges the company to reinstate domain fronting.
“Google has long claimed to support internet freedom around the world, and in many ways the company has been true to its beliefs,” he told the Verge. “Allowing domain fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue.”
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.