Amazon threatens to suspend Signal's AWS account over censorship circumvention

Amazon and Google are both coming out opposed to people using their services for domain fronting, to circumvent censorship.

Note that Signal is actively blocked in Egypt, Oman, UAE, and Iran. So, that sucks.

@Tlacaelel no it isn't. Your argument doesn't make any sense either.

Microsoft integrated the HTTPS protocol into Skype, too. Does this mean that CIA and NSA have backdoored Mastodon, since it also uses HTTPS?

@Tlacaelel @micahflee
Wow, where does that conclusion come from?!?!?
Microsoft, Whatsapp, (think) Facebook Messanger, and some google service, integrated the encription protocol created by openwhispers.(which is used by signal).

As did the xmpp world with it's version of it (OMEMO) and the Matrix world (olm)

It's an ecryption protocol, it can be adopted by different groups.

@Tlacaelel @micahflee

I have no ideia how they (the corporations) tweaked it or not, but in no way is the signal app, and it's development linked to them.

But as far as i am aware they dont contribute with code to signal.

And their networks are not federated with signal. Signal does not federate, it's one of the topics of this conversation

To say signal has a backdoor because it's encription protocol is also used by the company's mentioned above is absurd.

@Tlacaelel @micahflee
The protocol is open source can be reviewed.

My problem with signal it's not it's encription protocol. It's signal implementation, the option of a non federated system, and the tradeoffs in the name of convineance

@marsxyz I don't see how a federated Signal would have changed this situation at all. They'd just block the whole network, and Signal would still need censorship circumvention.

The fact that much of the web is centralized under cloud services like AWS and Google sucks, but at least it makes domain fronting possible -- assuming the companies are ok with it, which apparently they're not.

@micahflee @marsxyz you think that if signal had a working model similar to matrix, it would be just as easy to block it?

With federated servers, register in diferent servers, diferent domains, copies of the messages and room in every server that has a user participating in it (with the possibility of e2e).

There are many ways to do federation, and sure probabely the matrix model wouldn't server signal.

@maryjane @micahflee @marsxyz this makes me wonder if there is a way to make a social network or messenger based on the principles of a torrent network. Something like bitmessage maybe 🤔

@maryjane @micahflee @marsxyz What about the Tor network? Can that be completely blocked in those countries, even with all the methods they have to prevent that? If not that might be a last resort..

@lx @maryjane @marsxyz China and Iran have had some success blocking Tor. Users still can circumvent it with bridges, but it's an arms race and nothing as usable as Signal's domain fronting was.

Android users can probably use Signal over Tor without much trouble, but Tor doesn't have the best iOS support yet (for iOS API reasons), but they're working on that.

@lx @maryjane @marsxyz Another important consideration with Signal and federation is usability.

Their usability story is: 1) install the app, 2) send encrypted messages to any Signal users in your phone.

With federation that story would change to: 1) install the app, 2) choose a server, 3) create an account/manage creds, 4) ask for your contacts' usernames out-of-band to add them, 5) send messages to people on your contact list.

How would you add federation without sacrificing usability?

@micahflee @lx @maryjane @marsxyz Why wouldn't #4 be handled by the server? Since Signal ties things to phone numbers it seems like there should be a way to do it.

Outside of #4 it's not much different than the usability concerns of any other federated protocol.

@paladin1 @lx @maryjane @marsxyz

I don't think federated Signal could just use phone numbers as identifiers anymore (which would be nice, though maybe less usable). They need to include the server as well.

Like, if your phone number is +12223334444, how does my client know which server to send a message to? Your id would have to be or whatever instead.

Unless you have a "trusted" dispatcher server, but then it could do MITM attacks by redirecting to the wrong server

@micahflee @lx @maryjane @marsxyz I suppose that makes sense. I just had the thought that we might finagle some combination between DNS and P2P-type communication.

Like if you knew your friend's phone number and had a few servers to talk to you could query to see where they are. But that would be subject to MITM, as you said.

federation stuff Show more

@Nixfreak @lx @maryjane @marsxyz OnionBrowser is great, but there isn't a way to have a system Tor in the background like Orbot, or even a Tor client library you can link into your app. If you want Tor in an app, you need to bundle a copy of the full Tor server/client with your app, and do some hacky stuff to run it as a separate thread, because each app only gets one process. So Tor disconnects when you switch apps. They're working on improving this

@Beurt @maryjane @micahflee @marsxyz I heard of that too but I didn't get a chance to try it out with people yet 🤔

@micahflee @marsxyz

But the federate or not Signal, inspite of being important and one of the things that makes not liking it so much, is not the main point here form me.

The point for me is they are being screwed by AWS and google.

@micahflee @marsxyz Right. Centralization was actually a feature here―to block signal meant blocking Google and Amazon―behemoths of capitalism. It's a big deal that they're preventing this use of their system (especially by Signal) because it creates and directly causes undeniable ill in the world. Also, Moxie has some clear thoughts (can't find now) about the downsides of decentralization. He's not wrong about them. Most things are tradeoffs.

@K_REY_C It wouldn't be that bad if the protocols are designed properly. Mastodon for example is wasting so much bandwidth by sending the author's bio with every toot.


> The idea behind domain fronting was that to block a single site, you’d have to block the rest of the internet as well. In the end, the rest of the internet didn’t like that plan.

The "rest of the internet" being Google and Amazon. Interesting turn of phrase.

@marsxyz @micahflee
The matrix model would have the authorities playing whack a mole with thousands of homeservers, which would be on the whole futile. But users would also end up having to change homeservers pretty often, which would suck for usability, and many people would drop it.

privacy, techpol Show more

privacy, techpol Show more

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!