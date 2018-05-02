AMAZON WEB SERVICES (AWS) has warned encrypted messaging app Signal, beloved of Edward Snowden, that it risks being kicked off its servers unless it stops using a practice known as domain fronting to disguise where traffic is coming from.

Signal is currently showing up as being hosted on Souq, a content delivery network owned by Amazon's CloudFront web service, where it recently switched after Google banned the same practice.

Domain fronting involves disguising web traffic from a specific source to seem like its part of a larger mass of general web traffic. By choosing someone big (like Google or Amazon) a country can't censor the messages without censoring the whole domain, and they can't risk that.

Proof if it were needed is the rather ineffectual way that Russia has blocked Telegram, but ended up screwing up a number of other major providers in the process.

Amazon announced its own ban last Friday, after which Moxie Marlinspike, owner of Open Whisper Systems, which makes Signal, posted the correspondence.

In it, Signal is warned: "You do not have permission from Amazon to use Souq.com for any purpose. Any use of Souq.com or any other domain to masquerade as another entity without express permission of the domain owner is in clear violation of the AWS Service Terms (Amazon CloudFront, Sec. 2.1: 'You must own or have all necessary rights to use any domain name or SSL certificate that you use in conjunction with Amazon CloudFront').

"It is also a violation of our Acceptable Use Policy by falsifying the origin of traffic and the unauthorized use of a domain."

It goes on to say that Signal is welcome on Amazon Web Services, but not if it's going to do this.

Marlinspike mourns that, in his eyes, the censors in countries that banned his service have "won". "Sadly," he broods, "they didn't have to do anything but wait".

Signal is already looking into alternative options to beat the censors. µ