Amazon’s support of censorship-resistant “domain fronting” is likely going to end

Amazon are responding to pressures from Russia and China.

If you’re tired of censorship and surveillance, Join Reclaim The Net.

Amazon Web Services said that it is planning to change the way S3 storage service can be referenced in API and web requests. Is this going to facilitate censorship?

The plan, announced last week, was to eliminate path-style references on September 2020, breaking all S3 path-style links in the process, and impeding the use of the system as a safe-haven from censorship.

Store objects in AWS S3 are referenced in two different ways, the path-style, and the virtual-hosted style. If accessed using a browser, this is how the two styles look: (path-style) (virtual-hosted)

According to Samat Galimov, CTO of the Latvian videogame database RAWG, removing this feature will help Russia, China, and other countries censoring the internet:

“Path-style access is used to circumvent censorship. I can put my entire website under [the S3 subdomain] and the only way to block it in Russia or China will be to block the entirety of Amazon. This technique is called collateral freedom and is actively used right now. Please keep it working!”

“I am quite sure they are aware of anti-censorship usage of S3. Signal used AWS infrastructure to circumvent censorship and Amazon explicitly prohibited that.”

The practice mentioned by Galimov is known as domain fronting. Both Amazon and Google had to disable this feature partly due to pressures from the Russian government over Telegram’s domain fronting activity using both providers.

When asked by The Register whether it’s aware of the anti-censorship uses of path-style access, Amazon didn’t reply.

Jeff Barr, Chief Evangelist from AWS, replied to a few concerns in his blog this Wednesday. He acknowledged the lack of details provided in the company’s initial notice, however, makes no mention of S3’s anti-censorship capabilities. He claims that path-style will be supported for the buckets created on or before September 30, 2020. The buckets created after this date will have no choice but to use the virtual-hosted style.

“I am quite sure there are zero people who have experienced government internet censorship themselves who are making these decisions,” said Galimov. “Not even in the inner circle of people who make decisions, not even people who advise their inner circle. These decision makers are as isolated from their ‘constituency’ as medieval kings were. At the same time, I get that their real constituents are shareholders and we are just ‘users.’ It’s just so sad.”

Defend free speech and individual liberty online.

Push back against big tech and media gatekeepers…

What’s your email address?