Wickr may have a workaround for Russia’s crackdown on encrypted chat
Encrypted chat apps aim to keep you communicating securely, but they have a problem: Some governments want to block them from operating entirely. What’s more, some parts of their services can be easily blocked on a local level by anyone with a Wi-Fi network.
To keep conversations flowing, encrypted communications app maker Wickr said Thursday it’s implementing new tools that make its app of the same name immune to blocking attempts. The company will partner with software maker Psiphon, the brainchild of anticensorship researchers at the Citizen Lab, to roll out Wickr Open Access.
The announcement comes during a tough time for encrypted messaging apps. Telegram is currently banned in both Russia and Iran. Signal announced earlier this year it could no longer use a common technique called domain fronting to evade attempts to block it. In addition, recent research shows users don’t actually understand what makes encrypted chat services secure and, as a result, might not put up a fight when governments try to weaken or ban them.
But Wickr says its app is now stronger than ever.
‘Users have a certain expectation that the products are going to work no matter where they are,’ said Wickr Chief Operating Officer Chris Lalonde. ‘That’s really critical.’
Encrypted apps and censorship
Makers of encrypted apps are already experienced at evading digital blockades put up by countries like Russia and Iran, both of which have banned Telegram’s encrypted chat service this year. But the recent loss of domain fronting through Google and Amazon took away one of the simplest methods to keep functioning where they’re not wanted.
The approach worked for anyone using hosting from one of the two companies because of a quirk of programing, said Jeremy Gillula, tech policy director at the Electronic Frontier Foundation, an open-internet advocacy group.
‘They never officially supported it,’ he said. ‘It was a byproduct.’
When someone tried to connect to a service like Signal, for example, it would happen in two stages. In the first stage, the web browser would send a request to connect securely to Amazon or Google, which was allowed. Once the secure connection was established, no one looking at the web traffic could see what happened next. That’s when the user’s browser would say, OK, take me to Signal.
Now information about the final destination is visible from the start of the user’s request, so it can’t hide behind the secure connection any longer.
Michael Hull, co-founder of Psiphon, had been working on censorship evasion for more than a decade when domain fronting ended at Amazon and Google.
‘We knew that that wasn’t going to last forever,’ Hull said.
Evading the blocking techniques
With Psiphon, Wickr says it has a more robust approach to getting around attempts to block it.
Most importantly, Psiphon’s tools let Wickr do something similar to domain fronting but in a more complex way. Instead of routing everything through one of two services (Amazon or Google), Psiphon has multiple possible connections available at once. It has a network of more than 3,500 servers and partnerships with several different companies to mask the final destination of a user’s request.
What’s more, the company has multiple protocols it can try to connect users to their desired web service, so if something isn’t working, there might be another technical approach that does.
In other words, if domain fronting worked on Amazon and Google by accident, it works on Psiphon by design.
With Psiphon, Wickr also tries to protect individuals from being recognized as frequent visitors to its service. That relies on Psiphon’s ability to break up requests sent from a user’s web browser to specific websites into segments of code, which are harder web monitoring programs to comb through for identifying information.