Signal is asking its users to set up Signal proxy servers to help people access the encrypted messaging application in countries where the government has blocked the platform for reasons ranging from promoting “terrorist and extremist” sentiment to fomenting “civil war.”
Reports that the encrypted messaging app was being blocked in Russia and Venezuela first emerged when internet traffic monitoring platform Netblocks confirmed a drop in reachability of its users, thus marking the latest moves by both governments to suppress dissent.
Signal’s Blocking in Venezuela
In Venezuela, the blockage followed a disputed presidential election last month that sparked protests and arrests. President Nicolas Maduro, who the U.S. and others say rigged the vote, ordered regulator Conatel to also block Twitter, now known as X, claiming that it promotes civil war. NetBlocks reported that Signal became inaccessible on multiple internet providers in the country, confirming user reports of disruption.
Russia’s Roskomnadzor Follows Suit
Russia’s communications regulator, Roskomnadzor, also accused Signal of violating Russian law and restricted the app’s backends on most internet providers Friday. A statement from Roskomnadzor’s press service read:
“Access to the messenger Signal is restricted due to violation of the requirements of Russian legislation, the fulfillment of which is necessary to prevent the use of messenger for terrorist and extremist purposes.”
New Signal accounts cannot be registered in Russia without a VPN, according to Reuters.
Russia has been tightening its grip on internet control in recent times. Even tech giants like Apple have not been able to resist it. The Cupertino-based giant recently removed several Virtual Private Network (VPN) applications from its App Store in response to a request by Roskomnadzor.
The deleted VPN apps – belonging to ProtonVPN, Red Shield VPN, NordVPN, and Le VPN – were popular tools used by Russians to bypass government-imposed internet censorship. Red Shield VPN and Le VPN confirmed the removals, sharing messages from Apple stating the apps were deleted per “demand from Roskomnadzor” for containing “content considered illegal in Russia.” VPNs create encrypted tunnels for internet traffic, allowing users to access blocked websites and applications anonymously by masking their location.
Blocking Linked to Kyiv’s Kursk Offensive?
Experts including independent geopolitical analyst Viktor Kovalenko, who focuses on Ukraine and Russia, called the Signal app block an attempt to stop Russians from sharing videos, photos and news about the invasion of the Kursk region by Ukrainian forces and to stop possible coordination of subsequent anti-Kremlin actions.
Mariëlle Wijermars, assistant professor in internet governance at Maastricht University, who specializes in Russian politics and internet censorship, seconded Kovalenko’s assumption tying the blockage to the attack in Kursk.
The Russian defense ministry said on Friday it was “continuing to repel” Ukraine’s military, which reports suggest is operating more than six miles inside Russia – the deepest advance by Kyiv since Moscow launched its full-scale invasion of Ukraine in February 2022. Ukraine did not confirm these reports, but President Volodymyr Zelensky said this week that Moscow must “feel” the consequences of its actions.
Signal Responds with Signal Proxy Censorship Circumvention Feature
As voices of concerned users started flooding various social media platforms, Signal acknowledged the censorship of its messaging platform. “Several countries have recently blocked Signal, leaving their residents without a trusted and safe place to communicate,” Signal President Meredith Whittaker said.
But her team already had a plan B in place. “If you can, please set up a Signal proxy server to help people access Signal in places where their government has blocked us,” Whittaker asked Signal app users in other countries.
“To help in this situation, Signal provides a built-in censorship circumvention feature and also includes support for a simple TLS proxy that can bypass these blocks in many circumstances and let people communicate privately,” she added.
Signal’s built-in censorship circumvention can be accessed through Settings > Privacy > Advanced > Censorship circumvention.
Available on both Android and iOS, Signal’s TLS proxy helps bypass network blocks and securely route traffic. Anyone can set up a proxy server using just four steps:
To run a Signal TLS proxy, users need a host that has ports 80 and 443 available and a domain name that points to that host.
- Install Docker by following the instructions at https://docs.docker.com/engine/install/
- Clone this repository
./init-certificate.shdocker compose up --detach
Voila! Your proxy is running. You can share this with the URL https://signal.tube/#<your_host_name> and users from blocked regions can connect by simply tapping the provided URL.
Once your Signal proxy is running, use the hashtag #SignalProxy on social media to help others find it, Whittaker suggested. But publicly sharing the exact proxy link can attract unwanted attention from censors. Instead, announce your proxy’s existence and offer to share connection details privately via direct message (DM) or a non-public channel, she suggested.
Example: “Running a #SignalProxy to help bypass censorship. Reply here or DM for connection details.”
Automatic and Manual Configuration
Signal apps are registered to handle links from the “signal.tube” domain, enabling automatic proxy configuration upon tapping a link from any app. But users can also configure proxy information manually within the app:
-
- Android: Settings > Data and storage > Proxy > Use proxy
- iOS: Settings > Privacy > Advanced > Proxy > Use Proxy
Technical Details of Signal Proxy
- Unlike standard HTTP proxies, connections to Signal’s TLS Proxy resemble regular encrypted web traffic.
- No “CONNECT” method is used, hiding proxy usage from censors.
- Valid TLS certificates for every proxy server make traffic fingerprinting difficult.
- The entire system aims for maximum invisibility from censors.
Data Flow
- Signal client establishes a standard TLS connection with the proxy.
- The proxy forwards all received bytes to the actual Signal service.
- Non-Signal traffic gets blocked.
- The Signal client negotiates a standard TLS connection with Signal endpoints through the tunnel.
Security
The proxy operator remains blind to content due to the existing end-to-end encryption and additional traffic opacity within the tunnel.
