diff --git a/src/Network/OWSCensorshipConfiguration.h b/src/Network/OWSCensorshipConfiguration.h
index 03a46da61..b1f363db7 100644
--- a/src/Network/OWSCensorshipConfiguration.h
+++ b/src/Network/OWSCensorshipConfiguration.h
@@ -7,7 +7,7 @@ NS_ASSUME_NONNULL_BEGIN
 
 @interface OWSCensorshipConfiguration : NSObject
 
-- (NSString *)frontingHost;
+- (NSString *)frontingHost:(NSString *)e164PhonNumber;
 - (NSString *)reflectorHost;
 - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber;
 
diff --git a/src/Network/OWSCensorshipConfiguration.m b/src/Network/OWSCensorshipConfiguration.m
index 466547aa8..e09096a06 100644
--- a/src/Network/OWSCensorshipConfiguration.m
+++ b/src/Network/OWSCensorshipConfiguration.m
@@ -3,17 +3,33 @@
 
 #import "OWSCensorshipConfiguration.h"
 #import "TSStorageManager.h"
+#import "Asserts.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
-NSString *const OWSCensorshipConfigurationFrontingHost = @"https://google.com";
 NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-meek.appspot.com";
 
 @implementation OWSCensorshipConfiguration
 
-- (NSString *)frontingHost
+- (NSString *)frontingHost:(NSString *)e164PhonNumber
 {
-    return OWSCensorshipConfigurationFrontingHost;
+    OWSAssert(e164PhonNumber.length > 0);
+    
+    NSString *domain = nil;
+    for (NSString *countryCode in self.censoredCountryCodes) {
+        if ([e164PhonNumber hasPrefix:countryCode]) {
+            domain = self.censoredCountryCodes[countryCode];
+        }
+    }
+    
+    // Fronting should only be used for countries specified in censoredCountryCodes,
+    // all of which have a domain specified.
+    OWSAssert(domain);
+    if (!domain) {
+        domain = @"google.com";
+    }
+    
+    return [@"https://" stringByAppendingString:domain];
 }
 
 - (NSString *)reflectorHost
@@ -21,13 +37,33 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee
     return OWSCensorshipConfigurationReflectorHost;
 }
 
-- (NSArray<NSString *> *)censoredCountryCodes
+- (NSDictionary<NSString *, NSString *> *)censoredCountryCodes
 {
-    // Reports of censorship in:
-    // Egypt
-    // UAE
-    return @[@"+20",
-             @"+971"];
+    // The set of countries for which domain fronting should be used.
+    //
+    // For each country, we should add the appropriate google domain,
+    // per:  https://en.wikipedia.org/wiki/List_of_Google_domains
+    //
+    // If we ever use any non-google domains for domain fronting,
+    // remember to:
+    //
+    // a) Add the appropriate pinning certificate(s) in
+    //    SignalServiceKit.podspec.
+    // b) Update reflectorHost accordingly.
+    return @{
+             // Egypt
+             @"+20": @"google.com.eg",
+             // Cuba
+             @"+53": @"google.com.cu",
+             // Oman
+             @"+968": @"google.com.om",
+             // UAE
+             @"+971": @"google.ae",
+             // Iran
+             //
+             // There does not appear to be a specific Google domain for Iran.
+             @"+98": @"google.com",
+             };
 }
 
 - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber
diff --git a/src/Network/OWSSignalService.m b/src/Network/OWSSignalService.m
index 30a6b08cd..f6067ba16 100644
--- a/src/Network/OWSSignalService.m
+++ b/src/Network/OWSSignalService.m
@@ -1,12 +1,14 @@
 // Created by Michael Kirk on 12/20/16.
 // Copyright © 2016 Open Whisper Systems. All rights reserved.
 
+#import <AFNetworking/AFHTTPSessionManager.h>
+
 #import "OWSSignalService.h"
 #import "OWSCensorshipConfiguration.h"
 #import "OWSHTTPSecurityPolicy.h"
 #import "TSConstants.h"
 #import "TSAccountManager.h"
-#import <AFNetworking/AFHTTPSessionManager.h>
+#import "Asserts.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -69,8 +71,11 @@ NS_ASSUME_NONNULL_BEGIN
 
 - (AFHTTPSessionManager *)reflectorHTTPSessionManager
 {
+    NSString *localNumber = [TSAccountManager localNumber];
+    OWSAssert(localNumber.length > 0);
+
     // Target fronting domain
-    NSURL *baseURL = [[NSURL alloc] initWithString:self.censorshipConfiguration.frontingHost];
+    NSURL *baseURL = [[NSURL alloc] initWithString:[self.censorshipConfiguration frontingHost:localNumber]];
     NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
     AFHTTPSessionManager *sessionManager =
         [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL sessionConfiguration:sessionConf];
diff --git a/src/Util/Asserts.h b/src/Util/Asserts.h
new file mode 100755
index 000000000..6b94d56ac
--- /dev/null
+++ b/src/Util/Asserts.h
@@ -0,0 +1,30 @@
+//
+//  Asserts.h
+//
+//  Copyright (c) 2016 Open Whisper Systems. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+#ifndef OWSAssert
+
+#ifdef DEBUG
+
+#define USE_ASSERTS
+
+#define CONVERT_TO_STRING(X) #X
+#define CONVERT_EXPR_TO_STRING(X) CONVERT_TO_STRING(X)
+
+#define OWSAssert(X) \
+if (!(X)) { \
+NSLog(@"Assertion failed: %s", CONVERT_EXPR_TO_STRING(X)); \
+NSAssert(0, @"Assertion failed: %s", CONVERT_EXPR_TO_STRING(X)); \
+}
+
+#else
+
+#define OWSAssert(X)
+
+#endif
+
+#endif
diff --git a/src/Util/Cryptography.m b/src/Util/Cryptography.m
index e454a6f79..22db2b09d 100755
--- a/src/Util/Cryptography.m
+++ b/src/Util/Cryptography.m
@@ -10,7 +10,6 @@
 #import <CommonCrypto/CommonHMAC.h>
 
 #import "Cryptography.h"
-
 #import "NSData+Base64.h"
 
 #define HMAC256_KEY_LENGTH 32