[guardian-dev] Google Cloud dropped support for domain fronting

Hans-Christoph Steiner hans at guardianproject.info
Thu Apr 19 03:03:29 EDT 2018


First spotted by Tor developers on April 13th, the change has been
rolling out across Google services and threatens to disrupt services for
a number of anti-censorship tools, including Signal, GreatFire.org and
Psiphon's VPN services. Reached by The Verge, Google said the changes
were the result of a long-planned network update. "Domain fronting has
never been a supported feature at Google," a company representative
said, "but until recently it worked because of a quirk of our software
stack. We're constantly evolving our network, and as part of a planned
software update, domain fronting no longer works. We don't have any
plans to offer it as a feature."

Domain-fronting allowed developers to use Google as a proxy, forwarding
traffic to their own servers through a Google.com domain. That was
particularly important for evading state-level censorship, which might
try to block all the traffic sent to a given service. As long as the
service was using domain-fronting, all the in-country data requests
would appear as if they were headed for Google.com, with encryption
preventing censors from digging any deeper.


PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556

More information about the guardian-dev mailing list