TLS 1.3 is Coming – an Opportunity for Amazon, Google and Microsoft to End Censorship

Privacy News:

SNI is also used for another purpose. It allows censored services to “look like” uncensored ones to automated censorship systems. These systems mistake a banned website as a permitted one and allow it to load, rather than blocking the user or redirecting them to a more friendly government approved content.

Currently, SNI in TLS 1.2 has a flaw that allows censors to differentiate between a “real” service and a “fake” service if they are savvy enough to figure it out. Interestingly, SNI in TLS 1.3 fixes this problem by hiding all of the information about the service behind encryption.

This means that services like VPNs and Tor can bypass censorship systems entirely by impersonating servers at Google, Amazon, or Microsoft. These three names are actually very important to the censorship issues of 2018 and beyond, because they are, in essence, a majority of the Internet we know. If Google Cloud, Amazon Web Services, and Microsoft Azure allow domain fronting with TLS 1.3, censorship countries like China are faced with a binary choice. They can either block gigantic swaths of the Internet (and face enormous backlash) or allow SNI to work, which means a serious setback for censorship around the world.