SignalAug 9, 2024

We're aware of reports that access to Signal has been blocked in some countries. As a reminder, Signal's built-in censorship circumvention feature might be able to help if your connection is affected:

Signal Settings > Privacy > Advanced > Censorship circumvention (on)

Show threadSignalAug 9, 2024
We have already started working on more advanced censorship circumvention techniques, but in order for these efforts to be most effective we need the big companies who are dragging their feet on moving away from plaintext SNI headers to start taking this problem more seriously.
Show threadSignalAug 9, 2024
Solutions like Encrypted Client Hello (ECH) remove the plaintext server name from the TLS handshake, which makes it far more difficult for hostile ISPs to block access to the sites and services you care about — but this isn’t widely supported yet. We hope that starts to change.
Show threadNetwork is reliableAug 9, 2024
@signalapp Keep in mind that many highly censored countries you talk about just will ban ECH at all. So I don't think that your solution is viable.
Show threadDinoAug 9, 2024
@network_is_reliable @signalapp Can an operator ban ECH?
Show threadCassandrich
@dinosm @network_is_reliable @signalapp Yes, but that's not practical if all mainstream sites use ECH. Adoption is critical to everybody's safety.
Aug 9, 2024 at 8:00pmWeb
Show threadNetwork is reliableAug 9, 2024
@dalias @dinosm @signalapp As long as mainstream sites have to be back-compatible with previous TLS versions usage of ECH won't be practical at all as tool against censorship. And keep in mind that there are countries which already banned Google and Youtube. ECH will be just banned too.
Show threadCassandrichAug 9, 2024

@network_is_reliable @dinosm @signalapp Yes, for blocking it to become impractical, it may take client devices that refuse to connect without ECH - both to known C&C domains associated with the device/app, and, in browsers and such, to sites that have previously pinned that they support ECH.

I'm not sure if it's technically possible to deduce after the non-ECH handshake that an ECH-blocking downgrade attack was performed. If so, that makes it a lot easier to push ECH as "unblockable".

Show threadPeter BindelsAug 10, 2024
@dalias @network_is_reliable @dinosm @signalapp Very likely, same as tls1.3's use of clientrandom to flag downgrade to 1.2
Show threadIrenes (many)Aug 9, 2024
@dalias @dinosm @network_is_reliable @signalapp yeah it's the herd immunity effect for privacy
Show threadVal Packett 🧉Aug 10, 2024
@ireneista @dalias @dinosm @network_is_reliable @signalapp the hard problem in that game is, unfortunately, the rollout. totalitarian censors will write their DPI rules as the spec is written, turning the new feature into "blocked in X country" from day 1
Show threadIrenes (many)Aug 10, 2024
@valpackett @dalias @dinosm @network_is_reliable @signalapp yes absolutely, that's a real danger
Show threadErin 💽✨Aug 10, 2024
@ireneista @valpackett @dalias @dinosm @network_is_reliable @signalapp in fact that's basically been the case with ECH since the spec was in the early stages, sadly
Show threadkouhai, of the health issuesAug 10, 2024

@erincandescent @ireneista @valpackett tbh I think you’d probably need to force it via making it mandatory in TLS 1.4 or whatever

And even then!