Hacker News new | past | comments | ask | show | jobs | submit login

Not unless you MITM the connection, otherwise it wouldn't be an effective measure.

There's a pretty good write up I found here:

https://trac.torproject.org/projects/tor/wiki/doc/meek

commit for the ios version is here:

https://github.com/WhisperSystems/SignalServiceKit/commit/78...




Thanks for the links, informative. So the proxy app that the Egypt government would like to take down is

  signal-reflector-meek.appspot.com


No, per the linked check-in, the Egyptian govt would have to block OWSCensorshipConfigurationFrontingHost, which is "https://google.com". That is the domain looked up in DNS and included in the TLS Certificate's SNI field. These are the only domains that are sent plain-text.

"signal-reflector-meek.appspot.com" domain only shows up in the HTTP "Host" header, which is TLS encrypted, and thus not visible to the censors.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: