Security
Headlines
HeadlinesLatestCVEs

Headline

WhatsApp Launches Proxy Tool to Fight Internet Censorship

Amid internet shutdowns in Iran, the encrypted messaging app is introducing proxy connections that can help people get online.

Wired
#web#ios#android#git#auth#sap

When repressive governments want to control their populations, citizens’ access to the internet is often one of the first things to go. Since 2016, 74 countries around the world have shut down the internet for tens of millions of people more than 900 times. In recent years, Iran shut down the internet to hide brutality against protesters. Russia rapidly increased its censorship after its full-scale invasion of Ukraine. And internet curfews in Myanmar left people in information blackouts.

Internet shutdowns, at their worst, can involve connections being completely shut, while censorship measures can block access to specific websites or apps. Disrupting the internet is widely considered a tactic to undermine people’s human rights. There are multiple ways people can try to dodge censorship and internet shutdowns—although, there’s no one simple way to restore connectivity for millions of people at once.

Tools to help people get around censorship are increasing. Today, WhatsApp—Meta’s end-to-end encrypted messenger that’s used by more than 2 billion people a month—is expanding its anti-censorship measures.

In particular, the company is making it possible for people facing censorship to use WhatsApp through proxy connections, potentially allowing them to communicate when a country has blocked the app. “Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely,” the company says in a blog post announcing the feature.

Proxies can help people avoid censorship by essentially disguising their traffic. If WhatsApp is blocked in a country, for example, officials doing the blocking are likely to stop devices communicating with WhatsApp’s infrastructure. When someone connects to a proxy server, their traffic is routed through this server before being passed to WhatsApp. The extra step dodges filters and blocks that may have been put in place.

Natalia Krapiva, tech legal counsel at internet rights nonprofit Access Now, says Meta’s tool is a step in the right direction. “WhatsApp can be viewed as a critical infrastructure in many countries, so when it goes offline, either because of targeted blockings or blanket internet shutdowns, people suffer as they are left unable to communicate and access life-saving information during critical events and crises,” Krapiva says. WhatsApp says its encryption, which ensures nobody can snoop on your messages, including Meta, isn’t impacted by using a proxy.

WhatsApp isn’t the first messaging platform to allow proxy connections, but the platform’s scale makes it significant. Encrypted chat app Signal also allows people to set up and run proxy servers. It launched the service for Android in February 2021 and then on iOS in September 2022, both in response to Iran’s blocking of Signal.

WhatsApp says it is also launching proxy connections now because of the ongoing internet disruption in Iran. The country has been shutting down the internet for several months, following nationwide protests over the death of 22-year-old Mahsa Amini, who died in police custody. Iran’s internet blackouts and blocking of services, including WhatsApp, have further crippled its economy and drawn international scorn. (Analysts forecast that internet shutdowns cost the world $24 billion in 2022.)

The company says it started putting the capability for proxies to be used in WhatsApp in the final few months of 2022 and is launching it now as most people are using a version of its app that can support proxies. In its blog post, the company says internet disruptions, like Iran’s, “deny people’s human rights and cut people off from receiving urgent help.”

To connect to a WhatsApp proxy, people need to have the proxy’s details. These can usually be found, when proxies are running, by searching social media. (Proxies aren’t effective during full internet shutdowns where there is no connectivity). Proxy details can be entered in WhatsApp’s iOS and Android apps through the Storage and Data menu, which is found in the app’s settings. WhatsApp says people wanting to set up proxy servers can use ports 80, 443, or 5222, and a domain or subdomain that points to the server’s IP address—it has published detailed documentation on its GitHub page.

As the number of internet shutdowns and disruptions has increased in recent years, the available censorship circumvention tools have risen as well. Most commonly, anonymity service Tor and VPNs are used to get around government censorship, blocking, or filtering of apps and websites. However, new tools are also appearing: Samizdat Online allows Russians to access blocked news websites without any technical knowledge, and the CENO browser is built on peer-to-peer sharing technology, which the organization says reduces the reliance on international networks.

Ksenia Ermoshina, a user experience researcher for CENO and researcher with the Center for Internet and Society CNRS and Citizen Lab, says CENO has been widely used during Iran’s shutdowns, and WhatsApp’s introduction of proxies may also help people communicate where the app is blocked. Ermoshina says proxies helped to keep Telegram online in Russia in 2018 when the country unsuccessfully tried to block the messaging app.

There are some limitations to proxies though, Ermoshina says. “They can slow down your traffic considerably, in terms of calls, for example, or file sharing.” Connections via proxies can also be blocked if authorities discover their details. “VPNs and proxies are part of cat-and-mouse tools,” Ermoshina says. Their developers are always trying to evade censors. The more people that run proxy servers, the harder it is for governments to take them all down.

For people who are looking to avoid censorship, it is likely that a mix of anti-censorship tools will be useful. People should research the tools they are planning to use in the event of a future shutdown, if possible, and consider any risk that may be unique to them. “Different users will have different needs, threat models, and technical skills, so one tool will not fit all,” Access Now’s Krapiva says. “I do hope that Meta will ensure that they provide guidance to their users on what proxy servers can and cannot do, however, and how to use them securely, as the kinds of people who are likely going to be needing this feature the most will also tend to be the most at risk.”

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist