privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-24 04:11:05 +00:00
Code Issues Activity

feat!: Add blog back to main repository (#2704)

Browse Source 
Signed-off-by: kimg45 <138676274+kimg45@users.noreply.github.com>
Signed-off-by: blacklight447 <niek@privacyguides.org>
Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com>
This commit is contained in:
Jonah Aragon
2024-08-07 22:30:58 -05:00
parent 95d6ec9fd4
commit 1496586617
68 changed files with 2986 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
blog/posts/warning-about-signal-proxies.md Normal file
View File

@@ -0,0 +1,29 @@
---
date:
created: 2022-10-15
categories:
- News
authors:
- jonah
tags:
- PSA
- Signal
- Instant Messengers
links:
- Signal Configuration Guide: https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/
- Real-Time Communication: https://www.privacyguides.org/real-time-communication/
license: BY-SA
---
# A Warning About Signal Proxies in Iran and Other Oppressive Countries
People looking to use [Signal Proxies](https://www.signal.org/blog/run-a-proxy/) to bypass censorship programs should be aware of a number of issues with Signals current proxy implementation. Currently, Signal does not tunnel all application traffic through the specified proxy, which means authorities could still track people using Signal.<!-- more -->
[This has been an issue since TLS proxies were added and has not yet been fixed](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479):
> The latest version of the Android app (v5.3.12 at this time) fails to route all the traffic to the TLS proxy. There are DNS leaks in the app, and its trivial for the censors to learn what IP addresses are connecting to Signal. [...]
>
> When the app connects to the Signal server, it first looks up the IP of the Signal servers via DNS, and immediately after, it resolves the IP of the TLS proxy, also with DNS. This is an unexpected behavior that allows the censors to discover proxies by only monitoring the DNS traffic. [...]
There are also a number of other problems with their TLS proxies (such as [outdated dependencies](https://privsec.dev/apps/update-your-signal-tls-proxy/)) which have not been resolved.
Currently, we believe Signals TLS Proxies are an incomplete solution to the problems they try to solve. Instead, we recommend using Orbot in conjunction with Molly, an alternative Signal client which natively supports SOCKS proxies, to fully tunnel your Signal traffic over the Tor network. For more information please check out our [Signal configuration guide](https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/).