A Warning About Signal Proxies in Iran and Other Oppressive Countries

People looking to use Signal Proxies to bypass censorship programs should be aware of a number of issues with Signal’s current proxy implementation. Currently, Signal does not tunnel all application traffic through the specified proxy, which means authorities could still track people using Signal.


This is a companion discussion topic for the original entry at https://blog.privacyguides.org/2022/10/15/warning-about-signal-proxies/

People looking to use Signal Proxies to bypass censorship programs should be aware of a number of issues with Signal’s current proxy implementation. Currently, Signal does not tunnel all application traffic through the specified proxy, which means authorities could still track people using Signal. This has been an issue since TLS proxies were added and has not yet been fixed:

There are also a number of other problems with their TLS proxies (such as outdated dependencies) which have not been resolved.

Currently, we believe Signal’s TLS Proxies are an incomplete solution to the problems they try to solve. Instead, we recommend using Orbot in conjunction with Molly, an alternative Signal client which natively supports SOCKS proxies, to fully tunnel your Signal traffic over the Tor network. For more information please check out our Signal configuration guide:

9 Likes

Hey there!

That is really good to know, thank you for sharing!

2 Likes

I’ve come across a few disconcerting posts from someone supposedly in Iran claiming that they are unable to connect to VPNs or Tor even with snowflake enabled.

Perhaps it’s some phishing method, since they’re asking for some “access key” for Outline VPN, but I don’t know anything about access keys and Outline VPN, or the logistics required to phish someone with either. I’m leaning towards it being real.

Sources:

Let’s just use Session. It’s better in many ways. I don’t want to deny the usefulness and security of Signal, but in terms of privacy, I think we can agree that Session is better than Signal. Matrix is fine too, but I would prefer to use a client other than Element, as, to my knowledge, it has not been audited in a considerable time, the company does not offer transparency reports (to my knowledge, I insist. If I’m wrong, I’d appreciate a correction).

1 Like

There could be a lot of reasons for this. The Tor network has been under attack lately and many nodes are at 100% traffic and limited, so Tor connections are often very slow lately. It’s easy to see how frequent disconnects and slowness might lead someone to believe Tor is being blocked when it technically might not be. A VPN would certainly be faster than Tor, even if it’s less safe.

Outline VPN is basically just a Shadowsocks client developed by Google. It’s legitimate, but obviously you need to trust your traffic with an Outline provider just as much as any other VPN provider, so I’m not sure I would trust the keys in those Reddit post replies necessarily. But if you have no choice, you have no choice… I wrote about Outline VPN a few years ago if you’re interested:

1 Like