
Doodles, stickers, and censorship circumvention for Signal Android - stablemap
https://whispersystems.org/blog/doodles-stickers-censorship/
======
nickmccann
I found this quick read describing domain fronting interesting:
[http://blog.attackzero.net/2015/11/domain-fronting-and-
you.h...](http://blog.attackzero.net/2015/11/domain-fronting-and-you.html?m=1)

~~~
duskwuff
Surely the real domain name of the service will appear in the server
certificate?

~~~
temprature
The server returns the certificate of the name given in the SNI, which is the
fronted domain, not the real one.

------
colordrops
I posted this comment elsewhere but it was buried deep within a thread:

I'm not sure what to think about Signal. It's got some great supporters like
the EFF, but on Android, it requires about a dozen permissions, most
unnecessary. It also requires your phone number to register, and uses a Twilio
API at registration. WTF? What are peoples' thoughts on Silent Phone? It's
written by the creator of PGP, only requests permissions when it needs them
(at least on Android 6 and up), and stores encryption keys locally.

~~~
Sir_Cmpwn
I really don't like Signal, but I also really don't like Silent Phone. We seem
to be SoL.

~~~
tapoxi
XMPP + OTR?

~~~
matkam
Matrix ([https://riot.im](https://riot.im))

------
subliminalpanda
There are other countries in the MENA region that block signal as well due to
te VoIP functionality; My native country of Oman comes to mind. Will the anti-
censorship tech also work for users in this country? Country code is +968

~~~
cpach
If you mail Whisper Systems on the address at the end of the blog post they
might be able to fix that for you.

~~~
subliminalpanda
Thanks for that! I will.

------
ontoillogical
Do they need google/fastlys cooperation for this, or is it possible to do by
running a server in the google cloud, or via some redirect that fastly hosts?

~~~
temprature
No, anyone can set up a server on appspot and do this with Google.

The only cooperation needed from the host is apathy. They could take direct
action to stop it working (Cloudflare did this a few years back by requiring
that SNI matches the host header) or suspend the server running the reflector
(Google did this to the meek reflector running on Appspot that Tor Browser
used).

------
agnivade
Will it be able to circumvent the GFW of China ? Given the fact that they are
doing active probing now ?

