The Instant Messaging app Signal has rolled out a new update. This update focuses on the privacy of this app and it now uses Google’s domain for encrypting your messages. The company rolled out the update after reports started coming that that this app was not working in Egypt and the United Arab Emirates (UAE).
The messaging app examined the issue with the help of its users in those areas, and discovered that several Internet Service Providers (ISPs) were blocking the communication services of the Signal app and its website. “It turns out that when some states can’t snoop, they censor,” the developers of the Signal app stated.
The developers made a filtering system with domain fronting, a method that directs all messages through a standard domain name. It used Google’s domain for encrypting the messages. The method involves directing requests to a “front domain” and using the HTTP Host header to activate sending to a different domain. If done over HTTPS, such resending would be unseen to someone checking the traffic, because the HTTP Host header is sent once the HTTPS connection is started and is hence part of the encrypted traffic.
Now, if the governments of these countries want to ban Signal app, they would first have to block access to Google.
The objective for an app like Signal is to make restricting internet access the only method a government can deactivate Signal. With sufficient large-scale services working as domain fronts, blocking Signal starts to appear like banning the Internet.
According to the security experts, Signal is the most secure messaging app. It is free and Open Source, allowing the users to confirm its security by checking the code. It is the only instant messaging app that uses open source peer-reviewed cryptographic procedures to provide the security to the user data.