[Report] How Signal Private Messenger App is Blocked Around the World - ooni-talk

22 Oct 2021


      Hello,
The OONI team published a new research report which shares OONI data and
analysis on the *blocking of the Signal Private Messenger App in Iran,
China, Cuba, and Uzbekistan*.
Read the report here:
https://ooni.org/post/2021-how-signal-private-messenger-blocked-around-the-w...
In April 2021, we released a new OONI Probe test for measuring the blocking
of the Signal Private Messenger App (https://ooni.org/nettest/signal). Since
then, OONI community members tested Signal worldwide every day,
contributing measurements as open data:
https://explorer.ooni.org/search?until=2021-10-23&since=2021-09-23&t...
We analyzed all Signal measurements collected from around the world *between
April 2021 to September 2021*. During this period, we found that the
testing of Signal primarily presented signs of blocking in Iran, China,
Cuba, and Uzbekistan.
*# Summary of Findings*
*## Iran*
In Iran, Signal was *tested on 32 AS networks*, consistently presenting
signs of blocking on most networks.
The block primarily appears to be performed at a DNS level by returning the
IP address 10.10.34.35, which is commonly used to serve the Iranian
blockpage.
*## China*
In China, Signal was *tested on 28 AS networks*, consistently presenting
signs of blocking on most networks. Signal blocking is implemented at the
DNS level, returning IP addresses inside of random IP ranges.
China appears to block Signal by means of *bidirectional DNS injection*, as
suggested by the fact that DNS queries from outside the country also result
in injected responses, even though they target a publicly routed IP in
China that does not run a DNS server.
*## Cuba*
In Cuba, Signal was *temporarily blocked in mid-July 2021* amid
anti-government protests.
OONI measurements show that the TLS handshake to the Signal backend service
failed consistently with a connection_reset error, likely indicating the
use of Deep Packet Inspection (DPI) technology targeting the SNI field of
the TLS handshake.
*## Uzbekistan*
In Uzbekistan, the testing of Signal presented *signs of blocking on 8 AS
networks*.
When attempting to perform a TLS handshake to all Signal backend services,
the connection constantly times out after writing the first data packet to
the network. This indicates that the blocking of Signal might be
implemented through the use of Deep Packet Inspection (DPI) technology
configured to selectively drop packets.
*# Circumvention*
Currently, *circumvention is enabled by default* for Signal users in *Iran,
Egypt, Oman, Qatar & the UAE*. In our view, this should probably be enabled
for Signal users in Uzbekistan, China, and Cuba too.
Signal users in other countries can:
* On iOS -> Enable the “Censorship Circumvention” setting
* On Android -> Use Signal TLS proxies:
https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support
You can help Android Signal users circumvent blocking (if they have a phone
number which is not from Iran, Egypt, Oman, Qatar & the UAE) by:
1. Running a Signal TLS proxy: https://github.com/signalapp/Signal-TLS-Proxy
2. Sharing the mobile deep link: https://signal.tube/#<your_host_name>
*# Ongoing measurement*
You can also help monitor the blocking of Signal by running OONI Probe (
https://ooni.org/install/) and contributing measurements (
https://explorer.ooni.org/search?until=2021-10-23&since=2021-09-23&t...)
as open data.
We thank OONI Probe users who contributed measurements, supporting this
study.
We also thank Signal for their tireless efforts in bringing end-to-end
encryption to the masses worldwide.
Please help share this study:
https://twitter.com/OpenObservatory/status/1451482874264309763
Thanks for reading!
Best,
OONI team.