416 comments

[ 3.2 ms ] story [ 318 ms ] thread
How would you let users know about this proxy without letting their government know about it? Instead of platforms like twitter, how about randomly giving out random proxies in some header that the app could query on cloudflare or google or akamai? Does Signal already make use of any CDN's for out-of-band signalling and fail-over? If the Signal proxy could expose an obfuscated load metric, then the CDN could pick another proxy via health checks. The proxy could advertise itself via CDN's as well.
I think Signal is clearly recognising that nearly sny server or system they create will be blocked, which is why they recommended this being done on an individual layer.

From the article:

> A more discrete approach would be to only send the link via a DM or a non-public message. You can post something like this on your favorite social network:

> * #IRanASignalProxy Reply to this thread if you want the connection details, and follow me so I can DM you the link.*

(comment deleted)
No good; people working for the Iranian state will DM. Signal didn't think this through. No one should announce proxies via social media. Tell people how to set one up for friends and family.
There are plenty of people that don't have friends of family in Iran but would still like to help.
People working for the Iranian state generally would be discernible from their Twitter account, and by controlling the information you hand out you can also flag the hidden accounts that aren't easily recognized.

You also overestimate how committed Iran is to stopping this. Doing this in public risks the state finding out, but outside of times of crisis the state is usually pretty slow to respond. Keeping it private tanks participation rates.

There are about 700,000 people of Iranian descent in the Los Angeles area alone (the largest such community in the US). Most of them are in the US to escape the regime, and most of friends and family in Iran who they keep in touch with. The people in Iran also have their own networks.

So a down-low friends and family approach could reach a lot of people.

If you just filter the amount of those 700,000 down to how many are aware Signal exists, I bet we'd already be at a low enough number to see the problem with your plan.
> No good; people working for the Iranian state will DM.

They'll probably try, but it's not very scalable. It's tough to build and maintain a Twitter account with a history that looks like a real regular person, much less create a bunch of them fast with history that dates back before the day you started. If most of them make a modest effort to verify users, most of them should remain unblocked. It's all pretty decentralized, so it's not that big as deal if a few of them do get discovered and blocked.

That's the trick isn't it: having an entire population know something an oppressive government doesn't.

Even if you teach everyone how to deploy their own servers, then that's the knowledge the government will start targeting. You can make blocks expensive, i.e. blocking other major, useful services that would disrupt society too much for them to want to deal with, but this of course has its own costs.

It's censorship and surveillance all the way down.

As far as I know, Iran is much too open an society to actually prevent its citizens from knowing anything in particular.

That's not to say it's a free society or that censorship doesn't exist there, just that it's not the sort of regime that is particularly good at it.

If I had to guess, Iranian expats would be a likely set of people to start up proxy servers for their family and friends back home.

Yes, which is why Signal is doing a disservice by telling people to announce their proxies on Twitter. The expats should just tell their friends and family, and tell them to pass the word on only to people they trust.
But this doesn't stop them from doing that. If you have an expat friend or family member with a proxy, use theirs, if not, check the latest tweet with the hashtag and use that.
At some point, the easier option is for there to be a revolution or some sort of governmental change.
Easy to say when it is not your life or your families’ lives at risk.
True but not everyone is keen to experience the civil war that often accompanies such a change.
That's what lead to this mess in the first place!
(comment deleted)
That is precisely why I am suggesting using a CDN. Old school CDN that is. Back in the day, if you had Akamai, your site would just use one (or many) of their generic names. Nowadays you can use your own domain to front their network, but you don't have to. If Signal was using a few CDN's and cycled through many generic end-point names, then Iran would have to block all the CDN's which would be nearly the same as shutting off the internet. This would not have to be the default mode of Signal. It could be an option that the client suggests. "Hey, it appears we are blocked. Use alternate proxies?" Then cycle through many different CDN's using many generic end-point names. Some of the CDN's can also do layer 4 vips and not have to decrypt anything. They can just act as a TCP tunnel if need be, just costs more.
Generally speaking censorship by a government needs to be pretty poorly done at best. Taking out the bulk of the usage of Signal is easy, removing it completely is hard. Much better to apply minimum cost and effort where it counts most.
> How would you let users know about this proxy without letting their government know about it?

From the blog post, "A more discrete approach would be to only send the link via a DM or a non-public message."

> how about randomly giving out random proxies in some header that the app could query on cloudflare or google or akamai

That would "..increases the chance that Iranian censors will simply add those IPs to their block list"

It looks like the solution provided in the blog post is limited to helping folks run their own proxy for people they know.

Yup, I would run one but I don't know any Iranians...
I'm a big fan of the idea of independently-run proxy servers.

Caddy has a secure forward proxy plugin born out of a research project at Google that does something similar, but works with any clients that let you configure HTTP proxies, and doesn't terminate TLS: instead it tunnels it over TLS. The proxy server itself can also be probe-resistant, i.e. difficult to detect that a website is acting as a proxy.

I'm hoping more people can help test the patch to support Caddy v2: https://github.com/caddyserver/forwardproxy/pull/74

(Edit: Disclaimer - Don't use this in situations where your personal safety or freedom could be at risk... not yet. Not until more people with more experience can vet its implementation for bugs, and a very clear threat profile can drawn up. If you have experience with this, we'd love your help.)

how does something like this work against DPI? i guess not great?

>Don't use this in situations where your personal safety or freedom could be at risk

https://theintercept.com/2020/12/06/kashmir-social-media-pol... https://thewire.in/media/kashmir-journalist-auqib-javeed-pol...

reason why i have a general disregard for technologies that are based on some sort of "link" AFK, phone number or the stupid facebook real name policy. this is as of today being used to crack down on dissent. what you are saying is true but https://thenextweb.com/in/2020/01/08/kashmirs-police-want-pe... when you have your govt do this, how can you keep your signal account private? your phone is already listed. isnt it? cant the police see if you are on signal and if online means you are bypassing them somehow regardless of what you might be saying?

> how does something like this work against DPI? i guess not great?

No, it's pretty good. Think about it: all DPIs can see is an ordinary https connection. Since the traffic itself is encrypted, to discriminate this from normal web browsing the DPI device can only depend on metadata. Classic moves are:

1. Packet length pattern for TLS-in-TLS. 2. TLS fingerprinting.

The first could be defeated by adding padding to the first few packets of each of your connections. [1]

The second.. someone built a socks5 <-> https CONNECT proxy client [2] out of Chrome's codebase, which means it shares all the fingerprint with Chrome and you really can't tell.

[1] https://github.com/klzgrad/forwardproxy/commit/2350f380f8db2... [2] https://github.com/klzgrad/naiveproxy

Does this use TCP over TCP (painful in the face of packet loss[1]) or can you do something like using QUIC for the forward proxy to try to avoid breaking the tunneled TLS connection's retry timers?

[1]: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html

Http3 support is being talked about in an issue (am mobile so no link for you right now) but the first priority -- pending dev resources -- is to merge the v2 PR and vet for bugs.
It looks like a normal HTTP proxy supporting CONNECT (i.e. TLS over TLS), which wouldn't suffer from the problem you mention.

Note that TLS over TLS is _not_ the same thing as TCP over TCP. TCP over TCP is usually only a problem for VPNs or something similar (i.e. anything that sends raw IP packets over TCP).

Ah, that's the piece I was missing. Thanks.
White people are so naive that they believe the research sponsored by a giant advertisement company is net positive for the people of the world. Meanwhile Q lives in their closet
Or they could just let people host their own server instances. Would be considerably more censorship resistant from the start.
Or just use Element/Matrix which already lets you do that.
I feel like this answer to "how to make government censorship of private communications over the internet impossible" is more complex though than just "use element/matrix"

It seems like both signal and matrix choose "Human-meaningful" over "distributed" on Zooko's Triangle: https://en.wikipedia.org/wiki/Zooko%27s_triangle

Matrix is federated which I'd argue is pretty different than "distributed". Certainly the fact that federation is built-in makes matrix more resistant to lazy censors who are slow to block popular homeservers, but a concerted check-any-IP-and-if-it-seems-like-it-might-be-a-homeserver-then-block-it action by a censor would be harder to deal with.

Wouldn't a truly distributed/secure/really-super-hard-to-block protocol rely on non-meaningful addresses (i.e. public-key-derived like a tor hidden service) and some kind of interesting mesh setup (i.e. like tor) to route and deliver messages?

> Wouldn't a truly distributed/secure/really-super-hard-to-block protocol rely on non-meaningful addresses (i.e. public-key-derived like a tor hidden service) and some kind of interesting mesh setup (i.e. like tor) to route and deliver messages?

Yes. You just described Briar.

You're welcome to either use such a decentralised service or fork signal and add decentralisation / federation. Centralised services get more users by having a lower threshold of adoption.
What's the purpose of signal? Is it taking over the world or providing a service to people that care about their privacy and free (as in freedom) communication?
There are lots of purposes but dismantling mass surveillance is a major one. This requires 'taking over the world'.
... Creating a central point of failure / censorship?
Yeah so this latest attempt seems to want to “fix” that.

“Hey, let’s distribute connections (proxy servers) to our central point of failure so that we can get around the central point of failure. Genius!” /s

They want to have a monopoly on points of failure. We can censor but no one else.
Creating yet another walled garden.
Well... except in Iran, hence the strategy of decentralizing proxy servers.
> You're welcome to either use such a decentralised service or fork signal and add decentralisation / federation.

It's called XMPP. It predates Signal by ~15 years.

And the clients for XMPP still suck, 15 years later. You might find a good one on one OS after trying out several (install, test for a few days, repeat), but then when you want a client on your phone or another OS, you have to try the install/test cycle all over again.

In my experience, most of the clients just don’t do WEll everything a modern IM client needs.... group chat without needing to know a FQDN address, alerting on new messages/mentions, image and attachment support, encryption without wonky key management, multisession support (connecting simultaneously from multiple devices not leading to problems), on and on...

I used XMPP for years on iOS, android, Mac, windows, and linux. Hated it every day.

Conversations and it's forks are all very good clients, and their voice/video chat works perfectly once the XMPP server configures the turn server. Gajim got a lot better recently. I even managed to get Pidgin to a decent, albeit not perfect level.
And yet it hasn't become big yet.
It did, then the google reader effect kicked in. Google talk, whatsapp, facebook were all xmpp at one point, deliberately crippled, then nearly killed. See RSS.
Too bad, the Signal devs love centralization. One day people will realize Signal is just not the right solution for what they actually need.
As if it was that simple; no it's not as simple as decentralization > centralisation. You might not agree with everything (I don't) but this video provides some good points https://www.youtube.com/watch?v=Nj3YFprqAr8

I trust Signal to try their hardest to solve communication, spitting on them is not the solution.

I didn't watch the video but his article with the same title is almost entirely bad points.[1]

Email is end to end encrypted for people who make it a priority. It would be end to end encrypted for everyone if Google or Microsoft made it a priority.

The difference between XMPP and Signal is funding. Signal supports video on all platforms because Open Whisper Systems hired people to work on it. XMPP didn't because the popular clients are developed by volunteers.

People don't like using lots of messaging apps. So switching apps is much harder than changing your email address because you have to convince other people to switch.

Even Signal is moving away from using phone numbers.

[1] https://signal.org/blog/the-ecosystem-is-moving/

Signal's been "moving away from using phone numbers" for almost as long as it's been developed. They've burned tens of millions of dollars and have nothing to show for it on that front.

Also they insist of making piece of shit bloatware clients and actively kill every attempt for someone to fix it. Because Moxie is always right apparently.

I really hope the situation is just due to incompetence and hubris.

It's simple, very simple.

XMPP is by far more fluid, and "productive" when it comes adding new protocol features, or at least if you compare it with Signal.

Marlinspike is making up the problem.

A messaging client is as agile as its developers are, and in case of Signal, not that much.

Evolving a protocol, and developing new features is done by doing programming, and not by some philosophical discourses, and pooing over the competition on tech events.

The problem with this is that Signal is a huge success right now where other federated chat platforms have fallen. Sure, something like Matrix might win the war eventually but by being centralized Signal shipped and is providing a useful service to millions of people today.
There are lots of problems in matrix that hinder its adoption, federation is likely not the biggest of them.
Hmm, I have a family member going to seminary in Iran and he has been in contact with me over Signal (he moved our family chat to it over WhatsApp because of recent events).

Did this happen like literally today? Because otherwise I haven't heard of such a thing...

Why can't they just ship signal with a Tor client? This is precisely what Tor was built for.

They can donate some money to charities running Tor nodes while they're at it, or run some themselves.

Iran tried to censor Tor too, but it's pretty much impossible to do so fully. At least the Tor devs are usually on top of it, while Signal is inexperienced dealing with things like this.

Tor is is blocked in Iran.
if they block can block tor what makes you think they can't block these proxies? furthermore if you use tor you can use the existing network of bridges/relays as well as their pluggable transports protocol to avoid DPI/traffic analysis.
They can block these proxies. Thats why in the #IRanASignalProxy section they say to share in more discrete ways if you can.
Which to me is bad. They should run a service like Tor does to get private bridges. I don't know anyone in Iran but I have a server I could use for this. However I know zero people in Iran.
So you use the hashtag on a public tweet etc and say DM me for a proxy.
Iran is already blocking Tor. In general, if Signal provides some central way to use Tor together with Signal, the Iranian government can just run it on their machine, and block every IP address that it tries to connect to.

Iran can block these proxies, too, but this way there isn't any centralized listing of proxies. This proxy setup is simple enough that a single person could run a proxy for a few dozen of their friends, and the Iranian government might just never find out about it.

there are public and private bridges.
If I remember correctly from what my Iranian friends told me not long ago, there are indeed working bridges in Iran.
exactly, this article is exceptionally egregious at estimating state actor's tools agumented by HUMINT capabilities to hunt down anybody trying to subvert their iron curtain.

I fear that some naive Western expat will participate and find themselves in a hostage. Many countries in this don't have any treaties with Western nations, they dont have high regard for human rights either.

Tor has a very similar proxy setup that can be used to get around blocks like this.

https://2019.www.torproject.org/docs/bridges.html.en#Pluggab...

Yup. I just tested ~~the fdroid~~ signal (the non-google-play apk from signal's web site) with orbot (a tor VPN for android) and verified it works correctly for text messaging. As you say, using a bridge should make it difficult for iran to block. I wouldn't be surprised though if voice/video was too high latency or doesn't work at all. https://mobile.twitter.com/sporksmith/status/135738175783478...
Signal is taking a leaf out of Telegram's book here in crowd-sourcing censorship circumvention which has worked so well for Telegram in Russia, especially.

One could use censorship evading VPNs like Tor, Lantern, Shadowsocks, Psiphon in addition to using these proxies. They all have different evasion mechanisms.

The thing that works for user-run proxies is, it is like a hydra, you censor one proxy another crops up.

I'm worried that Iran is less concerned about collateral damage. Russia gave up because successfully banning Telegram would also ban significant parts of the internet that Russian businesses (etc.) depend on, so that was unworkable. I expect that Iran won't care quite as much.

Regardless, I hope this does actually end up working, and allows Iranians to use Signal without a prolonged cat-and-mouse game.

Tor is very easy to block, and relies on very similar proxies to circumvent that.
You probably haven't followed Tor development in the past years. obfs4 and snowflake a really cool circumvention methods that are orders of magnitude harder to detect and block than these "signal" TLS proxies.

The TLS proxy signal just advertised uses plaintext TLS SNI header to determine where to route the packets, which makes it really trivial to detect and/or block. The same cannot be said about tor.

I’m familiar with obfs4 and snowflake.

Signals TLS proxy is naive compared to obfs4, but at it’s core it’s a similar solution.

(comment deleted)
Iran isn't able to detect bridges using obfs4 with DPI as of now (as far as I know).

So no, it's not 'blocked'. They're just trying. Mostly by blocking bridges they know of.

What makes you think that it’s hard to block Tor? Even Kazakhstan blocked Tor many years ago. They’re using DPI: connection opens, client can write data, but can’t read anything which is frustrating from user PoV.
> What makes you think that it’s hard to block Tor?

The fact that it is?

There are secret bridges and Tor is able to disguise its traffic as other 'legitimate' protocols.

The bridges don't remain secret forever. All it takes is a government agency to ask the mailing list for one and then it's compromised. Once they're discovered, you can get into deep shit for trying to connect to that address.

My ex moved to China, and she told me that the only people who say Tor can't be blocked are people who have never lived in a country where the government is actively trying to block it. Just because you can connect to it doesn't mean you won't get a knock on the door in a month asking why.

Of course it's hard to censor Tor, but is it really hard to outright block it? Last time I looked into it, you could just fetch the list of edge nodes that have to be public by design and block all of those.
(comment deleted)
this is fine and dandy but when you have a state actor operating with such offensive tactics like india is currently engaged in kashmir, there isnt much these "proxies" can do. sorry. the idea of these proxies is all fun and nice but when a government can just whitelist the entire fucking internet and none of these nonsense works

https://www.theguardian.com/world/2020/jan/15/internet-parti...

https://thewire.in/rights/kashmir-internet-white-list-net-ne...

https://thewire.in/rights/modis-thought-control-firewall-in-...

>The reason the government wants to keep blocking full access to the internet in the Valley is its fear of civil disobedience.

and the ban is still in place although it is on high speed mobile internet today.

https://thekashmirwalla.com/2020/12/high-speed-internet-ban-...

not to forget there were reports of CISCO being brought in to build this fucking firewall

its weird that all the criticisms of the technique in this article is being downvoted without any rebuttal

people underestimate the security intelligence service of countries in this region. They have far more capacity than people in the West estimate.

It's irresponsible of HN to put people in potential harms way, Iran is at a breaking point, they have nothing to lose and will stop at nothing to stop exfiltration and access to internet.

yes. back after 5 august, i think i got my first crack at internet in february 2020 with 2G internet and a whitelist of "allowed websites". i found out in my own tests that ssh tunneling over random ports used to work. i had managed to set up a server on amazon aws, and i did a dirty ssh tunnel to that to get access to blocked websites. even that failed after some tries and changing networks.

>It's irresponsible of HN to put people in potential harms way, Iran is at a breaking point, they have nothing to lose and will stop at nothing to stop exfiltration and access to internet.

yes. shocked pikachu face gets a random HN reader nothing but people can die as a result of this. heck i have records of people who are locked up since last year because of "social media misuse" aka dissent

I think people on HN are mostly North Americans, they are generally very ignorant of the workings outside their own suburbs/city (we live in the best part of the world they say!)

So there is this bias towards other 3rd world countries. To many they are still a backwards, technologically illiterate countries yet somehow North Korea routinely dominates other wealthier nations in cyber security.

India's intelligence agency has always been competing with Pakistani, very much like the Iranian security forces & Israeli intelligence, these guys have been fighting battles the rest of the world will never hear about, so its foolish to underestimate their capabilities like we do on HN.

What is the state of the art on censorship resistance right now? This cat-and-mouse proxy fight never seems to go great for the good guys.

My last in-depth reading on it was the excellent 2016 SoK paper “Towards grounding censorship circumvention in empiricism” (http://www.cs.umd.edu/class/fall2018/cmsc818O/papers/sok-cen...)

The high level takeaway then seemed to be that researchers were not focusing efforts on measures that can actually help more people resist censors. Have we made progress since then?

There are relatively good solutions like dns fronting on Amazon or Google, but they frown upon being used that way.
(comment deleted)
Telegram got around Russian censors by constantly pushing new IPs for their servers with Google Cloud. Of course this is a cat and mouse game as well, but it worked out well for them, since Russia didn't want to block all of Google/AWS.

https://news.ycombinator.com/item?id=26028415

hey. i just thought of something. is it not possible for india or iran in this case to check your phone number and see if it is active on signal? if you are online means you are somehow bypassing their blocks. isnt then just a matter of tracking your cellphone and relevant xkcd applies ?https://xkcd.com/538/

this is looking like a zero sum game unless signal account is delinked from phone numbers because the govt can play cat and mouse game indefinitely

> is it not possible for india or iran in this case to check your phone number and see if it is active on signal?

WTF, why does signal require PII to use? Shouldn't it give you a public/private key pair on signup?

all they need to do is be in the approximate region of the cell signal through triangulation to figure out the phone numbers / unique identifiers attached to the phone.

then its a matter of time before they link real identity to the phone. With the wide availability of femtocells, all they need to do is get lucky once.

This puts operators of Signal proxies at potential harms way! Absolutely irresponsible for people on HN to downvote and downplay genuine security concerns.

oh. you are not joining all the dots here. an offensive govt already has KYC on cellphones. they can pull your details in a second. My reasoning. they have a list of say 100 users. every govt has lists. they check that list against signal users as "social graph" and voila, they know you are online or not. second, kyc documents show who you are so you are good as toast
How is a proxy operator in harm’s way? They aren’t in Iran, and the Iranian government understands the consequences of trying to do anything about it. Users are in no more danger than they’ve always been, and substantially less than if they didn’t have communications ability.
Damn, I've read the code. This won't work against an active probe. Censors just use signal domains and non-signal domains to test your proxy. If signal domains get passed and non-signal domains got denied, you are fucked. Besides, TLS in TLS is highly identifiable by simple packet length dpi. I'd hope there's better plan.
> Censors just use signal domains and non-signal domains to test your proxy.

If the censor already knows about your proxy they would have no reason to test it... The whole point is that there isn't a central list of proxies for them to easily block.

(comment deleted)
> there isn't

YET. I wonder if someone will find a simple way to map these with shodan.

This is the very same problem that Tor faced when Tor bridge use started to pick up in China around the late 2000s / early 2010s. You only needed a single Chinese user to connect to your server for it to be probed by the Chinese censors. Older versions of the obfs Tor bridge protocol could be detected by active probes and thus blocked very much like these Signal proxies. This is a cat and mouse game that Signal could very easily lose should Iran start to care about probing all new active connections that leave Iran.
No but look, they're blocking connections country-wide. Apparently they have government boxes installed on the outside lines. If you're looking at IP headers and deciding to drop or pass based on that, it's trivial to collect the IPs you don't yet know, check if they're running a proxy (Signal, Tor, I2P, whatever), then add them to the block list if they are.

If it's trivial to figure out (by doing a nice handshake) whether something is a certain kind of proxy, then the cat-and-mouse game is reduced from finding lots of mice to updating the cat system to test whether passing animals are mice and instantly wiping out the mice population.

TLS 1.3 supports (encrypted) padding bytes for Application Data; which could be used to normalize the packet lengths. Probably not accessibly via normal system TLS libraries though.

Although, if only Signal is making nice sized packets, that could be suspicous.

And based the log on my hand, probing is really "mainstream" now days. I have a Shadowsocks proxy instance started since Oct 20 last year, and it's been attacked

    $ docker logs shadowsocks 2>&1| grep "AEAD: repeat salt detected" | wc -l
    16468
times total. The last 6 happened less than 10 minutes ago. My expectation is, TLS will be probed even more, because the handshake parameters (the order of CipherSuite for example) itself could leak a lots of info about the client&server.

It's not easy to build a protocol that is cryptographically safe all while keep the traffic characterless/innocent. Could be a "World Changing Event" if somebody discovered a way through.

What happens when Iran's government itself runs a bunch of these proxies?
Even worse, what happens when they MITM all of the installs because the docker container has really bad security such as:

RUN wget http://nginx.org/download/nginx-1.18.0.tar.gz

https://github.com/signalapp/Signal-TLS-Proxy/blob/master/ng...

Installing via HTTP, with no verification of installer seems like a reallyyyyy bad idea.

I noticed the same thing, and filed an issue [1]. The first reply does not fill me with a lot of confidence (but it's unclear to me whether the person is affiliated with the project or not).

[1] https://github.com/signalapp/Signal-TLS-Proxy/issues/6

They have completely disabled issues on that repository. Wow I used to really like Signal...
And it seems they've fixed the issue, without any kind of public comment.... still not great: https://github.com/signalapp/Signal-TLS-Proxy/commit/39a97da...
I (partially) fixed this issue, and I'm not affiliated in any way with Signal. It's public (https://github.com/signalapp/Signal-TLS-Proxy/pull/2), and it looks like they welcome contributions, because they merged mine.
Sorry for not noticing your PR before filing the bug.

I still find the way they (partially) dealt with this a bit worrisome.

You'd be building and running these outside of Iran for them to work, which would limit the Iranian government's ability to perform the attack you describe.
If all the traffic going via the proxies is e2e encrypted is there much that can happen?
But the fact that you are in Iran and using Signal may get you added to a watchlist. They can trace the IP addresses connecting to the proxy server back to a household or phone, no?
I don't think Iran is as oppressive a regime as you make it out to be. AFIAK the act of using (or attempting to use) Signal is not illegal. The resources required to trace an IP and track down the user simply because they used a messaging app seems unfeasable. Not to mention IP addresses on mobile devices are highly dynamic especially if you're jumping between wifi and cellular. Correct me if I'm wrong but I think in practice it's pretty hard to link IP addresses to actual individuals.
Not much. It's 99% certain that Iran already has the IPs of all Signal users, and they haven't penalized people for using encrypted messaging as of now.
This is the kind of privacy initiatives we need. While we argue in America about deplatforming, Iran, China, and other authoritarian countries around the world are actually suppressing and punishing free communication. Kudos to Signal for this initiative.
America suppresses and punishes free communication, you just aren't aware of it because they control what you see when you live there.
(comment deleted)
This is going to be a game of cat and mouse...

And if you're the mouse, you really don't want to be hobbled by not having an auto-update mechanism in your proxy servers...

At the very least they could have made it load the config from https://signal.org on startup, or made an apt package that sysadmins can easily update with everything else.

In the long run, starlink will make it even harder for autocrat regimes to censor the internet. Russian authorities already try to ban connections to Starlink.
Yes I'm sure Starlink would never do something like censor traffic at some regime's behest. Elon Musk is famously independent and not at all beholden to funding from the U.S. and China.
Unfortunately, it's easy for governments to criminalise owning Starlink terminal equipment. Also, Starlink may be legally forced to deny service to users in certain geographical regions.
Iran's been having a tough time shutting down illicit satellite receivers.

> One woman in the Iranian capital, whose satellite dish was demolished by the police several months ago, told "Persian Letters" that the first thing she did the day after her apartment complex was raided was order a new dish and receiver.

> "That's the only fun we have here. There's nothing worth watching on [state television]," she said. "They can come and take my dish away. I will get a new one."

https://www.rferl.org/a/persian_letters_satellite_dishes_ira...

Unless the government can seize Starlink's assets, or shut down/harm their operations, they can't really tell Starlink to do anything. E.g. if they can shoot down satellites, they'd have influence.

This is especially true for economies that are as disconnected from the US as the Iranian one is.

The only thing a state has control over is payments from users. But if smuggling in transceiver equipment with pre paid traffic isn't that hard.

Starlink will need a license to broadcast in the country. And the dishes also need to transmit which will give away your position.
Dishes don't have to transmit, only if you want an upload channel. It's entirely thinkable that important content like websites or feeds by important influencers is pushed to all users.
This is the only benefit that comes to mind when weighing against obscuring the night sky. Heck even freeing Australians from Telestra's Iron grip would be an accomplishment.
If everyone announces their proxies the Iranian government will be monitoring those announcements and will be able to block traffic to them. It may be better for those with friends and family in Iran to run proxies and quietly inform only people they trust.
Not to mention you can get into significant legal trouble helping people sanctioned by the US.
> You can share your proxy with friends and family using this URL format: https://signal.tube/#<your_domain_name> […] The latest beta release of the Android app is registered to handle links from signal.tube.

This scheme is convenient for those with correctly configured devices, but comes at the cost to everyone else of increased risk of inadvertent leaks of the fact that they're attempting to circumvent the block. I'd be interested to hear more about what factored into the decision to make this trade-off.

Good point! I wonder why they didn't reverse the scheme, e.g. https://mydomain.example.org/#is-a-signal-proxy
AFAIK you can register URL handlers for a specific domain (signal.tube), but not for a specific hash. And you don't want Signal to appear as an alternative browser on every link.

Edit: On a second thought, I wonder if a custom scheme would have worked, e.g. signal-proxy://example.com?

If you click on one of the links it is using sgnl://signal.tube/#[domain] to deliver the proxy settings to the Signal app.
(comment deleted)
Everyone complaining this is just a cat-and-mouse game, it’s not a game these people choose to play. They either play it or their movement dies.
Of course it's a cat and mouse game.

That doesn't mean it's unwinnable. That means you create a lot of evasive mice and win.

Perfect is the enemy of the good. This is the kind of thing where winning is more important than a perfect strategy.

Be water.

There was an article in 2014: "Imagining a Rebel Firefox" ( https://medium.com/@efrensandoval/imagining-a-rebel-firefox-... ) which played with the idea if every firefox node would become tor(ish) gateway.

Is there no way to build this in the Signal clients themselves? Eg. on is on a wifi, try to upnp, ask the user if they'd wish to help.

No because mobile devices suck for P2P. Even on wifi and plugged in you likely couldn't force your app to stay open and the phone on. Easier to tell a bunch of people to run a docker container on a raspberry pi.
Signal should be federated. This censorship problem would not exist, or would be organically routed around, were the service federated.

Without federation, Signal is just another stepping stone in the long path of eventually abandoned instant messengers, all the way back from ICQ. We will get to an SMTP-like protocol, and email-like service, at some point. If not Signal, some other one.

I’m not so sure. Moxies reasons about how federation leads to protocol development slowing and then freezing are solid.

It’s why we re not using smtp for chat. SMTP can’t be extended enough so replacements are built instead. Similarly if signal federated, eventually it would freeze and a few years later users would move to wherever they could get new features.

Federation is a good thing but only when the protocol is finished or if there is a forcing mechanism to allow updates to the protocol. ethereum/Bitcoin are good examples as they have flag days that force the value of currency to be in the balance to keep the protocol moving forward.

I don't see what prevents updating as long as you don't care about fragmentation. You probably can't compile all brand new software on a very old Linux kernel, but who cares. I mean yeah, you'll have to care more about fragmentation, but it's not all or nothing. You'll still be able to update the protocol, you just have to make breaking changes less often.

I think XMPP is a better comparison than SMTP. In its heyday, XMPP had several clients, some with different proprietary extensions, and all the core functionality basically worked across all the clients. Though it turns out some of the messengers I thought were XMPP were actually different protocols that XMPP could work with. Imagine that. People still use it too, though it's not as popular as it was in the 2000s.

Honestly deltachat works great and its chat over smtp and imap.

Im not sure "chat" needs this much constant "innovation" at the protocol level. Most of the issues with email are client UX more so than actual protocol limitations.

> organically routed around

Do any SMTP servers still allow organic routing? I was under the impression that all modern servers have extremely cumbersome auth/dkim and its hard to not be GMail and still send a real msg and have it arrive

DKIM/SPF really aren't that bad. And you can not be Gmail and still get emails sent. Except Outlook/Hotmail/etc will randomly start blocking your emails, and only unblock your emails after you pester them enough.
So... federate but not really?

I'd heavily advise instead to run as many xmpp servers* as possible, and let people/friends use them.

*not matrix, unless one configures it to forget the data and only act as a message broker, like XMPP. For this specific use, it's better.

If Iran is blocking Signal but not other apps, namely Whatsapp, does this mean Iran has access to Whatsapp data?

I fully expect the US govt to have access to fb/whatsapp data (at least the metadata), but it's a bit surprising to me that Iran would too.

I think FB’s policy is to comply with local laws regardless of ethical concerns?
I think FB's policy is to _____(verb)_____ regardless of ethical concerns.

They certainly aren't complying with U.S. antitrust laws. They comply if it makes them money and don't comply if it doesn't make them money.

I doubt it. By the same reasoning they would also have access to iMessage and other apps that aren't banned. Not sure what WhatsApp or fb has to do with this.
Considering Apple put all data of Chinese users on Chinese servers to keep the CCP happy I have no doubt they’re perfectly happy and willing to comply with government requests elsewhere too.
Iran blocks every major foreign messaging app, except WhatsApp. Signal escaped it until now only because they had so few users. Also keep in mind that while WhatsApp claims to use the Signal protocol, they installed a backdoor that allows them to MITM conversations. So yes, I’d say it’s virtually guaranteed that WhatsApp is sending unencrypted message data to Iran, and of course to the US too.
> [WhatsApp] installed a backdoor that allows them to MITM conversations

Citation?

(comment deleted)
HN discussion of that post: https://news.ycombinator.com/item?id=13394900

I guess I'm coming down hard on one side of a controversial question, but in my mind, if it allows the server to intercept messages without users knowing about it under the default configuration, it's a backdoor.

“There’s no backdoor.”

— Perhaps the door is cracked (or ajar) and a microphone is listening in ... still?

Hmm, looks like these are just a few nginx rules, they might as well publish those.

Internet is a bad fit for this. I wish everyone was using yggdrasil, I2P, tor or something similar.

I mean: I could provide as many yggdrasil addresses as I wanted to. It would be possible to setup a few VPNs to connect separate networks (though potentially traceable).