In a recent patch to the Google App Engine, the company has removed domain-fronting. The technique was frequently used by programs and users alike to bypass blocks put in place by governments to prevent traffic to some sites.
Domain-fronting is accomplished by directing all traffic through Google.com domains. This way, the whereabouts of the user is disguised, allowing them to view content that is otherwise blocked in their country.
The feature was widely used by supporters of a free and unrestricted internet. This included services such as Psiphon VPN and Signal, a messaging app that offers end-to-end encryption. However, hackers have also used Google’s domain-fronting to smuggle data. And unfortunately, they have remained undiscovered for a long time as their traffic looked to be directed to Google.
The update that removed domain-fronting was first noticed by Tor developers on Friday, 13th of April. A Google representative has given The Verge a statement, revealing that domain-fronting was a ‘quirk’ in their software, and was never meant to be a feature. The spokesperson added that the company does not intend to return domain-fronting or provide it as a supported feature.
The update and the statement means a major drawback to those looking to bypass internet censorship, as well as to supporters of a free and unrestricted internet. Anti-censorship activists have come out to urge the internet giant to reconsider the removal of the feature.
Senior Legislative Manager for Access Now (a non-profit organization in support of digital rights), Nathan White came forward with a statement, in which he says that the removal of the function is not in line with Google’s claimed support for internet freedom. White points out that Google’s domain-fronting allowed countless people to exercise their human right to a more free connection to the internet. White then urges the internet giant to remember their commitment to the issue and to bring back domain-fronting.
Following Russia’s crackdown on Telegram, during which they banned millions of IP addresses, it is not impossible that Google’s update was a response to that. Telegram also used Google’s domain-fronting to circumvent some of the bans, and consequently, Russia has banned a large number of Google IPs as well.
As opposed to this, the domain-fronting offered by Amazon Web Services and Microsoft Azure is still functional, with no hints of an incoming ‘update’ to disable them from their associated companies. Google is known to keep in line with statewide sanctions, so perhaps their move to disable their domain-fronting was also in compliance with them.