Some Signal domains not proxied when censorship circumvention is on

[UjuiUjuMandan]

• [x] I have searched open and closed issues for duplicates
• [x] I am submitting a bug report for existing functionality that does not work as intended
• [x] I have read https://github.com/signalapp/Signal-Android/wiki/Submitting-useful-bug-reports
• [x] This isn't a feature request or a discussion topic

---

Bug description

signal.org should not be dialed at all in censored countries.

Steps to reproduce

• Enable censorship circumvention
• Use tcpdump or PCAPDroid or any capture software to log Signal
• Search or grep signal

Actual result: These signal domain appeared:

• updates2.signal.org
• cdsi.signal.org
• svr2.signal.org

Expected result: Nothing shoud appear.

svr2 appears when verifying PIN.

Note that cdsi and svr2 should be proxied as it appears in domain fronting configurations.

https://github.com/signalapp/Signal-Android/blob/5579df66ced70285446456cd05eb566ee0d48915/app/src/main/java/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.kt#L81

https://github.com/signalapp/Signal-Android/blob/5579df66ced70285446456cd05eb566ee0d48915/app/src/main/java/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.kt#L82

Screenshots

Device info

Device: Google Pixel 7 Android version: 14 Signal version: 7.16.3

Link to debug log

N/A

[Hasshu]

Censorship circumvention has stopped working for me the other day; tried two different ISPs (wired and cellular) to no avail. Could this leak be part of the problem?

[UjuiUjuMandan]

Censorship circumvention has stopped working for me the other day; tried two different ISPs (wired and cellular) to no avail. Could this leak be part of the problem?

Not direct reason. I assume Google is not blocked on your side? Check if any of the following front domain is then.

• https://github.githubassets.com
• https://pinterest.com
• https://www.redditstatic.com

[Hasshu]

I assume Google is not blocked on your side?

Fortunately, not yet! Oddly enough, the other three domains appear to be reachable from here as well.

[greyson-signal]

@Hasshu Any way you could get us a log? Settings > Help > Debuglog. If you can't upload it, you can save the log locally with the three-dot menu in the top right and upload it here.

[Hasshu]

@greyson-signal Having seen what the logs look like, I'm not sure I feel comfortable sharing that much information, even it it's not quite personally identifiable. Sorry for not being helpful here.

For what it's worth, all the outgoing messages never get past the sending phase with a throbber spinning endlessly (while everything works just fine over Tor). Also, as far as I know, I'm not the only one in these parts for whom censorship circumvention has stopped working recently. I suspect that deep packet inspection may be involved...