Wickr Adds New Censorship Circumvention Feature to its Encrypted App
August 23 2018Wickr has added a new Open Secure Access capability to its instant messaging app, which the company says enables encrypted communications that is far more resilient to Internet traffic restrictions and censorship attempts than typical domain-fronting approaches.
The new feature is based on the open source Psiphon Internet censorship circumvention tool developed by the University of Toronto’s Citizen Lab for users of Windows and mobile devices. It uses domain fronting as just one of multiple techniques, including SSH and VPN technology, for directing encrypted traffic around blocking attempts.
“Think of it as a ‘smart VPN’ that relies on an agile and smart access engine that optimizes the Wickr app,” says Michael Hull, president of Psiphon. “In a nutshell, [Open Secure Access] enables Wickr users anywhere in the world — whether business teams or individuals — to stay connected and end-to-end secure.”
Wickr sees Open Secure Access as filling a void that Amazon and Google created earlier this year when they stopped supporting domain fronting on their platforms.
Domain fronting is a technique for hiding traffic to a specific host server and service by forwarding it through a proxy domain belonging to a Google, Amazon, or other ISP and content distribution network. Encrypted communications apps, like Signal and Telegram, and services, like The Onion Router (TOR), that are banned in certain countries, for instance, have used Google.com as a domain front for routing traffic to their servers.
A message sent via Signal would appear like regular HTTPS traffic to Google, while the actual domain to which it was headed would be encrypted in the HTTP host header and therefore invisible to a censor. To block the traffic, a censor would have to block all traffic to Google.com.
Many security researchers and privacy rights advocates have touted domain fronting as giving people — especially in oppressed societies — a way to access blocked apps and services. So Google’s and Amazon’s decision to disallow their domains from being used for domain fronting was widely considered as a major setback for Internet privacy and free speech.
The problem with traditional domain fronting is that it typically relies on the infrastructure of a single cloud provider — like a Google or an Amazon — to hide traffic, Hull says. “This practice inevitably faced restrictions as it gained popularity simply because it put providers’ customers at risk of losing service [and] connectivity as a result,” he says.
Wickr’s Secure Open Access is built to be adaptive and resilient to emerging traffic restrictions, according to the company. Instead of relying on a single cloud provider’s infrastructure, Secure Open Access uses thousands of servers worldwide to enable uninterrupted, end-to-end encrypted messaging, calling, and file and screen sharing.
When a user launches Secure Open Access on his or her mobile device, the client initiates connections with up to 10 different servers simultaneously. The servers are chosen at random from a cached list of servers and a mix of different protocols, according to Wikr.
The goal behind making multiple simultaneous connections is to minimize wait times in case certain servers or protocols are blocked. Wickr Open Secure Access also is designed to pick the closest data center and lower-latency direct connections over domain-fronted connections to speed communications.
“To accomplish what WickrSecure Open Access does, a user would have to run a few dozens of VPNs,” says Chris Lalonde, Wickr’s chief operating officer. Users would need to test how the VPNs work in a particular location before launching a secure communication application.
“With Wickr, they can now stay connected and continue to do work on any network, all in one app, on any device, by just enabling Secure Open Access feature,” he says.
Lalonde says Wickr’s new feature can help teams and organizations operating in any part of the world to communicate and collaborate securely without fear of interruption. “This capability is designed to mirror today’s global workforce that is traveling, collaborating across different geographies, and needs to protect business IP, sensitive data, and critical enterprise deals from countless threats and data breaches.”
Related Content:
- New Method Proposed for Secure Government Access to Encrypted Data
- Beyond Back Doors: Recalibrating The Encryption Policy Debate
- Encryption: A Backdoor For One Is A Backdoor For All
- 7 Critical Criteria for Data Encryption In The Cloud
Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info.
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
August 23 2018Wickr has added a new Open Secure Access capability to its instant messaging app, which the company says enables encrypted communications that is far more resilient to Internet traffic restrictions and censorship attempts than typical domain-fronting approaches.
The new feature is based on the open source Psiphon Internet censorship circumvention tool developed by the University of Toronto’s Citizen Lab for users of Windows and mobile devices. It uses domain fronting as just one of multiple techniques, including SSH and VPN technology, for directing encrypted traffic around blocking attempts.
“Think of it as a ‘smart VPN’ that relies on an agile and smart access engine that optimizes the Wickr app,” says Michael Hull, president of Psiphon. “In a nutshell, [Open Secure Access] enables Wickr users anywhere in the world — whether business teams or individuals — to stay connected and end-to-end secure.”
Wickr sees Open Secure Access as filling a void that Amazon and Google created earlier this year when they stopped supporting domain fronting on their platforms.
Domain fronting is a technique for hiding traffic to a specific host server and service by forwarding it through a proxy domain belonging to a Google, Amazon, or other ISP and content distribution network. Encrypted communications apps, like Signal and Telegram, and services, like The Onion Router (TOR), that are banned in certain countries, for instance, have used Google.com as a domain front for routing traffic to their servers.
A message sent via Signal would appear like regular HTTPS traffic to Google, while the actual domain to which it was headed would be encrypted in the HTTP host header and therefore invisible to a censor. To block the traffic, a censor would have to block all traffic to Google.com.
Many security researchers and privacy rights advocates have touted domain fronting as giving people — especially in oppressed societies — a way to access blocked apps and services. So Google’s and Amazon’s decision to disallow their domains from being used for domain fronting was widely considered as a major setback for Internet privacy and free speech.
The problem with traditional domain fronting is that it typically relies on the infrastructure of a single cloud provider — like a Google or an Amazon — to hide traffic, Hull says. “This practice inevitably faced restrictions as it gained popularity simply because it put providers’ customers at risk of losing service [and] connectivity as a result,” he says.
Wickr’s Secure Open Access is built to be adaptive and resilient to emerging traffic restrictions, according to the company. Instead of relying on a single cloud provider’s infrastructure, Secure Open Access uses thousands of servers worldwide to enable uninterrupted, end-to-end encrypted messaging, calling, and file and screen sharing.
When a user launches Secure Open Access on his or her mobile device, the client initiates connections with up to 10 different servers simultaneously. The servers are chosen at random from a cached list of servers and a mix of different protocols, according to Wikr.
The goal behind making multiple simultaneous connections is to minimize wait times in case certain servers or protocols are blocked. Wickr Open Secure Access also is designed to pick the closest data center and lower-latency direct connections over domain-fronted connections to speed communications.
“To accomplish what WickrSecure Open Access does, a user would have to run a few dozens of VPNs,” says Chris Lalonde, Wickr’s chief operating officer. Users would need to test how the VPNs work in a particular location before launching a secure communication application.
“With Wickr, they can now stay connected and continue to do work on any network, all in one app, on any device, by just enabling Secure Open Access feature,” he says.
Lalonde says Wickr’s new feature can help teams and organizations operating in any part of the world to communicate and collaborate securely without fear of interruption. “This capability is designed to mirror today’s global workforce that is traveling, collaborating across different geographies, and needs to protect business IP, sensitive data, and critical enterprise deals from countless threats and data breaches.”
Related Content:
- New Method Proposed for Secure Government Access to Encrypted Data
- Beyond Back Doors: Recalibrating The Encryption Policy Debate
- Encryption: A Backdoor For One Is A Backdoor For All
- 7 Critical Criteria for Data Encryption In The Cloud
Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info.
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio
