Application developers will no longer be able to use Google to avoid Internet censorship. Google App Engine is abandoning a practice called front-end, which allows services to use the Google network to avoid network blockages in countries like China and Iran.
A recent change in Google's network architecture means that the trick no longer works. Discovered for the first time by Tor developers on April 13, the change has been extended through Google services and threatens to disrupt services for a number of anti-censorship tools, including Signal, GreatFire.org and VPN services. of Psiphon.
"The facade of the domain has never been a supported feature in Google"
Asked by The Verge, Google said the changes were the result of a long-planned network update. "The dominance of the domain has never been a feature admitted to Google," said a company representative, "but until recently it was working due to a peculiarity of our software stack." We are constantly evolving our network and, as part of an update of planned software, the façade of the domain no longer works, we have no plan to offer it as a feature. "
The domain facade allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important to evade censorship at the state level, which could try to block all traffic sent to a particular service. Whenever the service uses the front domain, all the data requests in the country would appear as if they were directed to Google.com, with the encryption preventing the censors from going deeper.
Although it was never an explicit feature of Google's App Engine, domain advertising was widely publicized since Signal publicly adopted it in 2016. The technique was also used by state hackers: according to a recent FireEye report, the APT29 domain linked to the Kremlin – leading to smuggle information out of targets for two years.