Home / Tech / News / Amazon Web Services starts blocking domain-fronting, following Google’s lead

Amazon Web Services starts blocking domain-fronting, following Google’s lead

A week after Google shut down a method for app developers to skirt internet censorship, Amazon is doing the same. In a post last week, Amazon Web Services announced that it would implement a new set of enhanced domain protections specifically designed to stop domain-fronting, a practice that lets developers disguise their traffic to evade network blocks.

In the post, Amazon characterized the change as an effort to stamp out malware. “Tools including malware can use this technique between completely unrelated domains to evade restrictions and blocks that can be imposed at the TLS/SSL layer,” the post explained. “No customer ever wants to find that someone else is masquerading as their innocent, ordinary domain.”

Domain-fronting works by using major cloud providers as a kind of proxy, making a data request seem like it’s heading to a major service like Google or Amazon only to be forwarded along to a third party once it reaches the broader internet. That’s useful for evading state-level internet blocks like Russia’s recent Telegram block, since state ISPs can’t tell which traffic is bound for the blocked service until it’s too late.

Unfortunately for circumvention tools, neither Amazon nor Google will let them pull that trick anymore. Amazon will still allow domain fronting within domains owned by the same customer (or more specifically, listed under the same SSL certificate), but customers can no longer use the technique to disguise where data is going, making it far less useful for blocked apps.


Source link

Check Also

China Attacks Hong Kong Protesters With Fake Social Posts

In response to widespread pro-democracy demonstrations in Hong Kong, the Chinese government launched an online …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.