It has faced enormous DDoS attacks by assumed nation-state adversaries, and following the election of Donald Trump, sign-ups at the service doubled. Users can navigate to the Tor network through: https://protonirockerxow.onion Today, ProtonMail is announcing the introduction of a Tor hidden service, or onion site, which will allow users to directly connect to their encrypted email accounts through the Tor network at the URL https://protonirockerxow.onion, which ProtonMail said it expended "considerable CPU time" to generate for the sake of finding a hash that was more human readable and less prone to phishing. Additionally, the onion site also has a valid SSL certificate issued to Proton Technologies AG by DigiCert.
This is a reasonably novel innovation as the classical Certificate Authority system isn't compatible with Tor, where onion addresses are self-generated rather than purchased from a registrar. Yen told The Register: "The problem is, if you act as your own CA, you run the issue of not trusting that certificate authority by default." As such, ProtonMail reached out to the Tor Project, which suggested it get in touch with DigiCert, who had previously provided the CA service for Facebook. "Given ProtonMail's recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this." said Yen. "Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step." In the coming months, the Tor Project stated it would be "making additional security and privacy enhancements to ProtonMail, including finishing some of the leftover items from our 2016 Security Roadmap". ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
In 2015, data dumps from Hacking Team showed that it sold exploits to Egypt, Russia, Saudi Arabia, Bahrain, and the United Arab Emirates. Similarly, in 2014, documents leaked online showing that software created by the controversial UK-based Gamma Group International was used to spy on computers that appeared to be located in the US, the UK, Germany, Russia, Iran, and Bahrain.
To block Signal messages, these countries would also have to block all of google.com." As described in a 2015 paper by researchers from the University of California, Berkeley, Psiphon, and Brave New Software, domain fronting relies on the use of different domain names at different application layers to evade censorship. In contrast to a typical HTTPS request, where the domain name is echoed across the DNS query, the TLS Server Name Indication (SNI) extension, and the HTTP Host header, a domain-fronted request includes a decoy domain and a real domain. The DNS query and SNI present the "front domain" while the HTTP Host header, inaccessible in transit thanks to HTTPS, contains the actual destination – presumably a domain that's disallowed or censored. When the front domain is something like "google.com," then blocking that domain would deny everyone on the censored network access to Google. According to Marlinspike, Open Whisper's goal is to make disabling the internet the only option for regimes that would disable Signal. Domain fronting requires a CDN, to receive the request on an edge server and forward the request to the domain in the HTTP host header, or a service that provides similar functionality, like Google's App Engine, through a reflection script. Such service typically isn't free.
The research paper cites costs ranging from $0.10–0.25 per GB among service providers like Google App Engine, Amazon CloudFront, Microsoft Azure, Fastly, and CloudFlare.
This may explain why Signal isn't making domain fronting a default everywhere. Marlinspike said an iOS version of Signal that supports domain fronting is available through Signal's beta channel and a stable version is expected soon.
Subsequent updates, he said, will improve censorship detection and circumvention and broaden the availability of domain fronting. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub
Developer Open Whisper Systems says the country is censoring its messaging and voice calling program.
Egypt has reportedly censored encrypted chat service Signal.
App developer Open Whisper Systems on Monday confirmed the transcontinental country is censoring its messaging and voice calling program.
We'll begin deploying censorship circumvention in Signal over the next several weeks. Until then, Tor or a VPN can be used to access Signal.— Open Whisper Systems (@whispersystems) December 19, 2016
The issue surfaced on Saturday, when IT specialist Ahmed Gharbeia tweeted about "wide reports" of Signal failure in Egypt.
"Everything is functioning normally on our end," Open Whisper Systems wrote in response, suggesting "something might be up" on the local network.
The firm reached out to the Open Observatory of Network Interference (OONI)—a global organization operating under the Tor Project to detect censorship, surveillance, and traffic manipulation on the Internet.
The project last week released two new software tests designed to examine the blocking of WhatsApp and Facebook Messenger, allowing anyone to monitor the accessibility of the apps and collect data as evidence.
Signal, a free app for Android, iOS, and desktop, is one of several messaging services to support end-to-end encryption—including Facebook's WhatsApp and Messenger. It is also one of several to come under fire from law enforcement officials who can't keep tabs on the conversations of suspected criminals.
Further details on the alleged censorship were not revealed; Open Whisper Systems did not immediately respond to PCMag's request for comment.
Constraints to encrypted social media are not new in Egypt: Facebook's free Internet service was shut down in December 2015 because the country's government could not spy on the browsing activities of local users.
The Egyptian Ministry of Communications and Information Technology also did not respond to a request for comment.
Open Whisper Systems recently ruffled some more government feathers with added support for disappearing messages. Users can determine how long—from five seconds to one week—a chat message is available to recipients before it self-destructs.