SignalAug 9, 2024

We're aware of reports that access to Signal has been blocked in some countries. As a reminder, Signal's built-in censorship circumvention feature might be able to help if your connection is affected:

Signal Settings > Privacy > Advanced > Censorship circumvention (on)

Show threadSignalAug 9, 2024
We have already started working on more advanced censorship circumvention techniques, but in order for these efforts to be most effective we need the big companies who are dragging their feet on moving away from plaintext SNI headers to start taking this problem more seriously.
Show threadSignalAug 9, 2024
Solutions like Encrypted Client Hello (ECH) remove the plaintext server name from the TLS handshake, which makes it far more difficult for hostile ISPs to block access to the sites and services you care about — but this isn’t widely supported yet. We hope that starts to change.
Show threadDeirdre Connolly¹Aug 9, 2024
@signalapp It will see more adoption when the RFCs are finalized, they are currently technically not quite yet
Show threadPaul Wouters 🇪🇺🇨🇦Aug 10, 2024
@durumcrustulum @signalapp they will just block everything with ECH. And if enough ECH happens that makes that impossible, they will clamp down on DNS so you can’t pull ECH key material from DNS to do ECH.
Show threadrsalz
@letoams @durumcrustulum @signalapp Yes, we only get one chance to deploy it correctly globally
Aug 10, 2024 at 1:57pmWeb
Show threadchrysnNov 22, 2024
@rsalz @letoams @durumcrustulum Ideal ECH should be indistinguishable from GREASE (so that anyone blocking ECH would block a lot of regular traffic as well); skimming the draft it appears like that's the case.
Show threadrsalzNov 22, 2024
@chrysn @letoams @durumcrustulum It has a unique extension so is identifiable. We could not figure how how to make it indistinguishable. If the receiving server needs to know "oh this is ECH" than so can an on-path intermediate.
Show threadDeirdre Connolly¹Nov 22, 2024
@rsalz @chrysn @letoams yeah Rich is correct
Show threadDeirdre Connolly¹Nov 22, 2024
@rsalz @chrysn @letoams ECH is a privacy improvement but not censorship-resistant, nor designed to be
Show threadPaul Wouters 🇪🇺🇨🇦Nov 22, 2024
@durumcrustulum @rsalz @chrysn I somewhat disagree 😜
Show threadDeirdre Connolly¹Nov 22, 2024
@letoams @rsalz @chrysn i mean if it were designed for it it would look like elligator or other censorship-resistant designs out in the world - it doesn't
Show threadrsalzNov 23, 2024
@durumcrustulum @letoams @chrysn It's anti-cencorship in that "they" can't see WHERE you are going, only that you ARE going somewhere else. If the cleartext destination is a major CDN, or a hyperscaler, then our thinking is that "they" will not risk filtering. We shall see. ECH is fraught, and must be globally rolled out with care, else "they" will just block it.