Inside the White House with D.C.'s most wired reporter. Sign up for Mike Allen's Axios AM.


Amazon threatens to cut off Signal encrypted chat

Graffiti reading "Use Signal" above an anarchy symbol.
Signal is a favorite app of dissidents and protestors worldwide, as seen in a 2017 Berkeley, Calif. protest. Photo: Elijah Nouvelag via Getty

The encrypted messaging app Signal said Tuesday it had been threatened by Amazon's cloud division after disguising Signal traffic as an Amazon site.

Why it matters: The Signal app, like most apps, used a trick called "domain fronting" to circumvent censorship measures by countries like Iran. Amazon banned domain fronting on Friday, leaving Signal and countless protesters worldwide in the lurch.

How it works: Apps running in the cloud can make it appear like their traffic comes from other servers using the same cloud infrastructure.

  • Domain fronting makes it impossible to filter out a single app from the rest of the apps and websites using the same cloud.
  • Amazon said appearing to come from an Amazon-owned domain violates Amazon Web Services' terms of service, according to Signal.

What they're saying: "The idea behind domain fronting was that to block a single site, you’d have to block the rest of the internet as well. In the end, the rest of the internet didn’t like that plan," Signal wrote in a blog post.

Amazon did not immediately respond for a request for comment.

More stories loading.