Gregory's ServerWe have already started working on more advanced censorship circumvention techniques, but in order for these efforts to be most effective we need the big companies who are dragging their feet on moving away from plaintext SNI headers to start taking this problem more seriously.
|
17 comments
In the meantime, our team will continue to do everything we can to maintain and restore access to Signal. We appreciate your patience and support. @signalapp Signal Desktop desperately needs Signal Proxy support too as Signal proxies do seem to work in these situations.  @fanchig @signalapp Myanmar for longer https://explorer.ooni.org/chart/mat?probe_cc=MM&since=2024-07-10&until=2024-08-10&time_grain=day&axis_x=measurement_start_day&test_name=signal @signalapp It will see more adoption when the RFCs are finalized, they are currently technically not quite yet @durumcrustulum @signalapp last autumn Cloudflare did roll out ECH basically for everyone. Here's the announcement: https://blog.cloudflare.com/announcing-encrypted-client-hello But quickly had to pull the plug: https://community.cloudflare.com/t/early-hints-and-encrypted-client-hello-ech-are-currently-disabled-globally/567730 @signalapp Keep in mind that many highly censored countries you talk about just will ban ECH at all. So I don't think that your solution is viable.  @dinosm @network_is_reliable @signalapp Yes, but that's not practical if all mainstream sites use ECH. Adoption is critical to everybody's safety.  @dalias @dinosm @network_is_reliable @signalapp yeah it's the herd immunity effect for privacy @dalias @dinosm @signalapp As long as mainstream sites have to be back-compatible with previous TLS versions usage of ECH won't be practical at all as tool against censorship. And keep in mind that there are countries which already banned Google and Youtube. ECH will be just banned too. @network_is_reliable @signalapp The only way to "ban ECH" would be to ban the internet entirely. If ECH is part of the TLS handshake then you can't ban it any more than you can ban HTTPS. You would have to disallow any browser that uses it as standard, firewall off any traffic that uses it, and basically stop existing on the internet. And you'd still get fucked by a VPN. @krangled @signalapp ECH is just a TLS extension, and it is blocked in Russia, as I said. You can establish a connection without it, but ECH and eSNI (previous attempt) are banned. And yes, Russia is country which started to block Signal messenger today, and a few weeks ago started to slowdown and block Youtube. So yes, they can break the Internet as they want, despite the collateral damage. So relying on ECH is not an option for countries like Iran, Turkmenistan, China, Russia. @network_is_reliable @signalapp Reductionist tripe. By this non-logic we should just not give a shit about anything because at some level every government can just turn off the internet if they choose. Further, shitting on a technology because an abusive regime doesn't like it is as close to dictator-slurping as you can get without becoming a ballchinian. "Don't even try to improve, because Daddy Poots might have a big sad."  |
Solutions like Encrypted Client Hello (ECH) remove the plaintext server name from the TLS handshake, which makes it far more difficult for hostile ISPs to block access to the sites and services you care about — but this isn’t widely supported yet. We hope that starts to change.