Doodles, stickers, and censorship circumvention for Signal Android

moxie0 on 21 Dec 2016

The latest Signal for Android release includes support for adding doodles, stickers, and text to images.

Doodle status of Egyptian censorship

This release also includes support for censorship circumvention in Egypt and the United Arab Emirates.

Background

Over the weekend, we heard reports that Signal was not functioning reliably in Egypt or the United Arab Emirates. We investigated with the help of Signal users in those areas, and found that several ISPs were blocking communication with the Signal service and our website. It turns out that when some states can't snoop, they censor.

Censorship circumvention

In countries with a small number of ISPs that all apply filtering rules defined by the state, circumventing censorship can be difficult. After all, they can always turn off network access entirely. The goal for an app like Signal is to make disabling internet access the only way a government can disable Signal.

Today's Signal release uses a technique known as domain fronting. Many popular services and CDNs, such as Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly, and Akamai can be used to access Signal in ways that look indistinguishable from other uncensored traffic. The idea is that to block the target traffic, the censor would also have to block those entire services. With enough large scale services acting as domain fronts, disabling Signal starts to look like disabling the internet.

With today's release, domain fronting is enabled for Signal users who have a phone number with a country code from Egypt or the UAE. When those users send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.

Follow up releases will include detecting censorship and applying circumvention when needed (eg. so that when users with phone numbers from other countries visit places where censorship is being deployed, Signal will work without a VPN for them as well) and expanding the services that domain front for Signal.

A Signal iOS release with censorship circumvention is also available now in the beta channel, and will be in production shortly. As always, if you want to live on the edge, you can sign up for the Signal iOS beta channel by emailing support@whispersystems.org.

Want to get involved with Open Whisper Systems? We're hiring!