privacyguides.org/blog/posts/warning-about-signal-proxies.md
Jonah Aragon 1496586617
feat!: Add blog back to main repository (#2704)
Signed-off-by: kimg45 <138676274+kimg45@users.noreply.github.com>
Signed-off-by: blacklight447 <niek@privacyguides.org>
Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com>
2024-08-12 13:08:40 -05:00

30 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
date:
created: 2022-10-15
categories:
- News
authors:
- jonah
tags:
- PSA
- Signal
- Instant Messengers
links:
- Signal Configuration Guide: https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/
- Real-Time Communication: https://www.privacyguides.org/real-time-communication/
license: BY-SA
---
# A Warning About Signal Proxies in Iran and Other Oppressive Countries
People looking to use [Signal Proxies](https://www.signal.org/blog/run-a-proxy/) to bypass censorship programs should be aware of a number of issues with Signals current proxy implementation. Currently, Signal does not tunnel all application traffic through the specified proxy, which means authorities could still track people using Signal.<!-- more -->
[This has been an issue since TLS proxies were added and has not yet been fixed](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479):
> The latest version of the Android app (v5.3.12 at this time) fails to route all the traffic to the TLS proxy. There are DNS leaks in the app, and its trivial for the censors to learn what IP addresses are connecting to Signal. [...]
>
> When the app connects to the Signal server, it first looks up the IP of the Signal servers via DNS, and immediately after, it resolves the IP of the TLS proxy, also with DNS. This is an unexpected behavior that allows the censors to discover proxies by only monitoring the DNS traffic. [...]
There are also a number of other problems with their TLS proxies (such as [outdated dependencies](https://privsec.dev/apps/update-your-signal-tls-proxy/)) which have not been resolved.
Currently, we believe Signals TLS Proxies are an incomplete solution to the problems they try to solve. Instead, we recommend using Orbot in conjunction with Molly, an alternative Signal client which natively supports SOCKS proxies, to fully tunnel your Signal traffic over the Tor network. For more information please check out our [Signal configuration guide](https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/).