Skip to main content

Why You Don't Need Google's Domain Fronting

Google’s removal of domain fronting emphasizes the need for solutions like Psiphon.

Google has confirmed that they will block domain fronting across Google domains and App Engine. For many apps and publishers, this represents a step backwards in the fight for internet freedom. While Psiphon has never relied on this Google service, many app developers continued to depend on the practice as a convenient and straightforward means of circumventing state-level censorship, despite the long-running speculation that Google would close this loophole (eg. Will Scott’s blog post in 2017).


While the announcement has been met with criticism from internet activists and service providers alike, Google has defended their decision, saying “domain fronting has never been a supported feature”.


Domain fronting has been a popular means of censorship circumvention for several years, being embraced by popular apps like Signal, who publicly adopted the practice in 2016. While using Google domains to front traffic does not require advanced technical knowledge, it is a half measure that relies on Google, without consultation, to provide infrastructure for something it was not designed to do. In short, using the Google App Engine for domain fronting meant taking advantage of an unsupported loophole. For this reason, the practice would inevitably face restrictions as it gained popularity.

In 2015, Cloudflare also ended domain fronting across its domains when it began matching the SNI and host header of web traffic, after its infrastructure was implicated in censorship circumvention.

Most recently, in a frenzied attempt to block Telegram, which has made use of this loophole, Russian censorship authority Roskomnadzor blocked an estimated 17 million IP addresses. The interference disrupted access to Gmail, Google search, Google Play, YouTube, and other Google services.

Domain fronting is hardly the preeminent censorship circumvention solution. In cases where Google itself is blocked, as it is in Iran, any site or application that used Google for domain fronting would be unavailable as well. Psiphon’s network relies on a wide variety of protocols and obfuscation techniques to deliver Internet freedom. The complex and ever-changing nature of our network protects against over-reliance on one technology or approach.

The importance of a diversified circumvention toolbox cannot be overstated - for apps like Signal, reliance on Google domain fronting resulted in the need for an immediate and complete shift to another CDN. Tools like Psiphon seek to mitigate this risk by implementing numerous protocols, thereby eliminating reliance on any one method. Both Telegram and Tor’s use of multiple domain fronts minimized the disturbance caused to their services.

Popular posts from this blog

Amid major network disruptions, 1.76M Psiphon users in Belarus

The Psiphon network supported a peak 1.76 million daily active users during significant network interference that started August 9th, a figure that represents nearly 1 in every 3 internet users. A large-scale disruption to international internet access was observed in Belarus, beginning during the contested presidential election on August 9th. Widespread filtering was reported across all Belarusian networks, affecting popular messaging apps including Telegram, Viber, and WhatsApp; social media platforms Facebook, Twitter, Instagram, and Youtube; major app markets including Google Play and the App Store; email providers Gmail, Mail.ru, and Yandex; maps, banking, online media, and many other services. Rolling blackouts of the mobile networks also occurred nightly between 6PM and 6AM. The majority of VPNs were reportedly blocked as a result of generalized SSL/TLS filtering. Tor direct connections were disrupted by the increased network change, while Tor bridge users reached a peak 8

Social Media and Internet Ban in Turkey

Following the detainment of 12 pro-Kurdish lawmakers from the Peoples’ Democratic Party (HDP) in the early hours of November 4 th , Facebook, Twitter, Instagram, YouTube, WhatsApp and Skype were blocked in Turkey . There were reports that Turk Telekom internet provider completely disabled access to the internet or throttled the connection to the point that it was impossible to connect. Despite lack of official decision about the restrictions, and BTK’s explanation that there was a technical problem throughout Turkey, Prime Minister Binali Yildirim made a statement later in the day and said “For security reasons, these kinds of measures can be taken time to time. These are temporary measures. Everything goes back to normal after the danger is eliminated.” Social media and internet bans ended the following evening in most of the country, but there were still some short-term connection problems during the weekend in some regions, and it was reported that some Turk Telekom users

Join us in Persian

Psiphon is pleased to announce the launch of its Persian language social media! We are proud to provide reliable and efficient connectivity in Iran, and have expanded our capacity to help improve user experience. These channels will open new avenues of communication and streamline the feedback process for Persian users around the world. We invite you to connect with us to receive updates about Psiphon, or to get in touch with our Persian language team! Find us on Twitter , Facebook and Instagram . شبکه‌های اجتماعی سایفون به زبان فارسی هم راه‌اندازی می‌شود. ما به تلاش برای فراهم کردن ارتباط مطمئن و موثر در ایران افتخار می‌کنیم و به دنبال بهبود ظرفیت کمک و بهتر‌کردن تجربه‌ کاربران در ایران هستیم. شبکه‌های اجتماعی .فارسی زبان سایفون مسیر‌های ارتباطی جدیدی را برای دریافت نظرات کاربران ایرانی باز می‌کند .برای ارتباط با ما  حساب فارسی سایفون در توییتر ،  صفحه فیس‌بوک  و  اینستاگرام  سایفون را دنبال کنید