The Best Way Through the Great Firewall of China

eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."

Out of Date

[Ragein (901507)]

It is worth noting that the report was released in 07 and "Some of the data is now out of date"

Re:

[tritonman (998572)]

Also, one of the "downsides" they fail to report is the fact that if you get caught you'll go missing and end up as an organ doner.

Re:Out of Date

[L4t3r4lu5 (1216702)]

i wud bt dey cut of al my fngrs.

Re:Out of Date

[hosecoat (877680)]

It is worth noting that the report was released in 07 and "Some of the data is now out of date"

They mentioned the the "downside is the long loading times."

Re:

[ihatewinXP (638000)]

I just left Beijing in November (each province and city has different protocols and sites that are to be blocked - its not just one Great Firewall) and can pass on what I have seen.

Most people (foreign and Chinese) just use an ever evolving list of proxy sites for "that one site" that is being blocked for whatever reason. I remember having to finally give up on http://postsecret.com/ [postsecret.com] as Chinese censors had seen the name and apparently added it to the list sight unseen. http://flyproxy.com/ [flyproxy.com] was the most used

Re:

[Ruede (824831)]

JAP -- german government or better said their intelligence service has a direct interface to it... so what is better chinese or german gov watching your porn downloads?

Re:Some conclusions from the paper

[eln (21727)]

Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.

Re:

[Samah (729132)]

Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.

That's "fazed". Although I'd expect the German government would be pretty worried once China starts using depolarised positronic tachyon beams to phase them out of existence. ;)

Re:

[smoker2 (750216)]

Please define fazed then.

Re:

[Klaus_1250 (987230)]

That is not entirely correct. They can request a wiretap of JAP-client with a warrant... which is not much different from your normal Internet connection and phone.

Re:

[v1 (525388)]

secret multiplayer javascript spreadsheet game

Interesting until you get too big that even moving a single step is very costly, then you just end up being a stationary fixture, like a dragon that nobody wants to get too close to.

Isn't it stupid to...

[Nutria (679911)]

... give the PRC better information on how people piercer the GWoC?

The Obvious Solution

[ShawnCplus (1083617)]

I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.

Re:

[Samah (729132)]

I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.

I think the most obvious solution would be to pour sweet and sour pork on their heads.

Not really

[drinkypoo (153816)]

of course, the huge downside is the long loading times.

No, the huge downside is that if anyone decides you're a problem, your circumvention methods are illegal and easy to detect.

Re:

[ZeroExistenZ (721849)]

Do you mean I should mod him down?

He's already modded to +5 insightful... Maybe he's being overmodded to your suggestion...

Tunnel SOCKS through SSH?

[RT Alec (608475)]

I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.

Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.

Re:Tunnel SOCKS through SSH?

[Piranhaa (672441)]

Remember your dns queries still go through by regular, unencrypted, means... That 'could' draw attention to whoever is using it. A friend of mine gives access to his SSH server for tunneling for his buddy is Saudi Arabia - just needs to be careful.

Re:Tunnel SOCKS through SSH?

[Anonymous Coward]

firefox has a setting to route DNS requests through the socks proxy as well.

network.proxy.socks_remote_dns

Re:

[jroysdon (201893)]

Remove your DNS server settings from your system. No DNS leakage. You just hard-code the SSH server IP either in your hosts file or the SSH client.

All encryption requires permission from the Party

[Anonymous Bullard (62082)]

In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.

Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.

Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...

Re:

[King_TJ (85913)]

How does the Chinese government view the use of such software as OpenVPN?

Is that also an illegal encryption technology for individuals?

Re:All encryption requires permission from the Par

[electrosoccertux (874415)]

It depends on where your nationality resides. It is accepted and assumed that Americans/The West (TM) will use encryption because they see us as being very concerned about privacy and protective of our business secrets et al. So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc. A Chinese citizen, on the other hand, would have more trouble getting away with it.

Re:

[Anonymous Bullard (62082)]

In case some people aren't aware of the realities in the PRC, all "laws" have been de facto written by the Chinese Communist Party and they are also subject to interpretation by the "courts" which are under direct rule of the Party. There is no separation whatsoever between the Party's executive and judicial arms, which is one of the reasons why the "People's Republic" of China is classified as an authoritarian state.

Re:All encryption requires permission from the Par

[gzipped_tar (1151931)]

I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)

As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).

Re:

[xant (99438)]

Assuming this is true, and another commenter has called this into question, so what? If you're using privacy software to punch through the Great Firewall, you are by definition doing something the government doesn't like, and probably several things. If you can get your hands on Tor in the first place, you might as well use it.

Re:

[ZorinLynx (31751)]

So Chinese citizens can't use SSH? You must log into systems using cleartext?

Wow, this seems like it could potentially cause lots of security problems.

Also, given how easy it is to use encryption without even knowing (Skype uses it, for instance), it must be scary to be a Chinese computer geek. o.O

Though I suspect that these laws are only enforced if a citizen becomes a Problem(TM) for the state. Still scary, though, as you can probably become a Problem(TM) doing fairly innocuous things.

Re:All encryption requires permission from the Par

[exponential (1415291)]

In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.

You have either been misinformed or are deliberately making stuff up for some reason. I have ran sshd and apached (with encryption) on my own computer for years. I use GnuPG to communicate with my friends. But I have NEVER been required to acquire permission from the "Party", nor have I given my decryption keys to anybody.

As much as I despise my communist government, spreading blatant lies like this is not going to help bring about its demise. If anything it only makes more of your "mindless hordes of ultra-nationalists", because your so-obviously-made-up description of china can be translated and circulated on the chinese bulletin boards as "proof" that westerners want nothing but the "down-fall of China", and how "ignorant" they are of "the great achievements made by the Chinese people under the leadership of the Communist party". Yes I know this is very laughable, but that's the sad truth, and it has happened very often in the past few years. Things like this can easily be used to provoke nationalist and anti-western sentiment in China, which will make the work of those brave individuals who tirelessly try to promot the values of human right, freedom, democracy, etc. (the "symbolic" values of the western world) in China more difficult than it already is.

Think they missed a one or two downsides...

[sunking2 (521698)]

Like getting arrested, or run over by a tank, or being re-educated.

the people in china

[Anonymous Coward]

Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.

I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".

Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.

And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.

Re:the people in china

[sakdoctor (1087155)]

Mod this AC up.

The firewall isn't a technical problem, it's 100% a social one. One person circumventing it is trivial, probably always will be, what's impenetrable is the doublethink force field around almost everyone's head.

Re:

[circletimessquare (444983)]

insecurity is a natural aspect of human psychology. it is not taught. it requires no prerequisite except normal social development. everyone is insecure to some extent or another, in every culture, who has ever lived (except for the pathological, which again, is organic, and is not cultural)

My experience in China (Nov. 2008)

[nkovacs (1199463)]

I went to China for vacation November 2008. It was crazy watching the U.S. election from the Yengtze river.

Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).

Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.

Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.

This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.

I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.

In case anyone is interested here is a tracert going to a banned site.

C:\>tracert wikileak.org

Tracing route to wikileak.org [72.1.201.156]
over a maximum of 30 hops:

1 490 ms 298 ms 298 ms 220.192.136.4
2 298 ms 299 ms 299 ms 220.192.136.251
3 298 ms 280 ms * 61.242.160.182
4 280 ms 342 ms 296 ms 211.94.54.205
5 432 ms 439 ms 439 ms 211.94.56.105
6 438 ms 459 ms 459 ms 211.94.55.5
7 358 ms * 1107 ms 211.94.39.98
8 499 ms 480 ms 479 ms 211.94.55.250
9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]

10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
2]
11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
97]
12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
1]
13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
14]
14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
]
15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]

16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
4.255.38]
21 578 ms 559 ms 559 ms 142.46.128.14
22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
23 * *

Re:My experience in China (Nov. 2008)

[julian67 (1022593)]

"This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored?"

apt-get install tor privoxy

I've been in countries where use of any method to circumvent state censorship is criminal, all known proxies are blocked, all proxifying/anonymising software websites are blocked, tor.eff.org is blocked and so on. But there are Debian mirrors hosted by the state funded university. No more censorship :-)

Re:

[nkovacs (1199463)]

"This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored?"

apt-get install tor privoxy

I've been in countries where use of any method to circumvent state censorship is criminal, all known proxies are blocked, all proxifying/anonymising software websites are blocked, tor.eff.org is blocked and so on. But there are Debian mirrors hosted by the state funded university. No more censorship :-)

That implies you have a choice of which OS to use which just isn't the case in China. Most people use a cyber cafe connection running on Windows XP. Most Chinese simply can't afford the cost of a computer of their own. Nor could they afford the cost of an internet connection of their own.

Re:

[julian67 (1022593)]

Thank you for your comment. You may well be right. My point really was that the state which imposes the restrictions may also be subsidising the circumvention of those restrictions. Even (especially?) in China socio-economic class and tacit social/political compliance matters more than almost anything else when it comes to the freedom and ability to communicate. I'm not sure how sophisticated is the management and regulation of public computers in China but assuming it's not perfect then it should be pos

Re:

[Anonymous Coward]

Umm dude, from the traceroute you posted, your data is getting all the way to OTTAWA, Canada from the looks of it. Shit Shaw cable is a Canadian ISP for GDsakes! Doesn't look like china was filtering your traceroute anyhow. Of course, they could be applying the filters at a different level, or only on certain protocols, etc.. But that traceroute doesn't really ... to quote a meme "mean what you think it means"

there's always sneakernet

[circletimessquare (444983)]

http://yro.slashdot.org/article.pl?sid=08/03/06/1717242 [slashdot.org]

if this strikes many of you as too low tech, recall that most of western liberal notions such as freedom of the press and freedom of expression were established BEFORE the internet. obviously! but we in the west have become so addicted and enamored of the permanence and instantaneousness of the internet, we almost can't imagine life before it, or a struggle for freedom without this aid. but the struggle for basic human dignity can and will happen, even without the net

life without a free net retards progress, but doesn't stop it. progress on basic human rights WILL come to china eventually. the grumpy old men in beijing can't hold on forever. they are human, they make mistakes. the best they can do is make the rightful fight for basic human rights in china a painful one for their fellow chinese

to any "faithful" chinese reading this message: i didn't know being a proud chinese meant being a dumb chinese. but if you defend the policies of the grumpy old technocrats to keep the average chinese's media strictly controlled, that's what exactly what you do. the only way to a strong china is a free china. if you think just an authoritarian ultracapitalist china is a strong china, whoa boy, watch what happens as the world economy continues to shrink. china is not immune to the inevitable lessons of history about economic recessions and draconian governemnts. enjoy your defensive posture

Why SSH When Virtual Private Networking Works?

[amasiancrasian (1132031)]

If you have a home virtual private networking service setup, or if you have access to a company virtual private networking service, why not just connect to your VPN? Problem is solved, connection is encrypted, and without the potential of tunnel hell or application incompatibility of port forwarding and tunneling.

Having said that, the censors at China are not that concerned of English offending content; it's more that they're worried about the uneducated public being incited by content online since content

Re:Best way:

[houghi (78078)]

I used rootshell.be in the past. I now can use xs4all.nl. These are obviously outside my country and do not include my own machines, nor my employers.

And although the technical solution might be easy, the way to get that is not as easy. Would you give a Chinese person ssh access to your machine? What about an Iraqi? Afghan? Somebody from the south of France with a nickname of ETA001?

You could be under closer investigation from your own government.

I am even hesitant to give people ssh access that I know personally, let alone somebody I never have seen or heard of.

Re:

[Idiomatick (976696)]

Lol why wouldn't you trust chinese people? Its not like you'll get shipped off to china for breaking their laws. Iraqi's and Afghani's are understandable because only rich people have internet and if they want to circumvent the filters in place it would be questionable why. Same with the french person, the laws are fairly lax so hes likely only circumventing child porn laws. But in China there is a chance they are circumventing a law for a possibly useful cause. Like tattle-tailing on the government. Given

Re:Best way:

[Xtravar (725372)]

I think the point he's making is that he doesn't trust anybody to use his internet connection.

Sharing domestically, he could be charged with kiddie porn.

Sharing internationally, he could be charged with treason/terrorism.

Re:

[houghi (78078)]

How do I know I am supporting freedom of speech and not aid in any illegal activity where _I_ will be the one who pays the price.
About the French person: you missed the link with the ETA. You know, the terrorists from Spain who have killed people.

Nice also to see that you make no difference between countries (neither did I) yet you say that for Iraqi and Afghans is somehow OK. So difference is OK for you.

And the racist part is pretty silly. I have not treated anybody different. I treat them all equally, inc

Re:

[horza (87255)]

The French used to have a complete ban on encryption until recently [findarticles.com]. The UK in the mid-90s were pushing for a key escrow system, where all individuals would have to lodge a copy of their private key with the government, and were very close to succeeding. Instead we now have the RIPA, where you have to disclose your key when asked or go to jail. The only way to safely store a stranger's data on your machine is if it's encrypted and you have no access to the key. Even then ISPs are monitoring what you are dow

Re:

[Chrisq (894406)]

Dress as a woman and they'll let you through. Scotsmen traditionally wear skirts to this day.

Re:

[smoker2 (750216)]

Fuck you, Jimmy !

Re:SSH anyone

[CarpetShark (865376)]

If I recall correctly, Chani (of KDE fame) once blogged about having difficulty even using SSH from inside China.

Re:

[Mister Whirly (964219)]

With the added bonus that since so many people are doing it, the Chinese government can pick and choose the people they find objectionable to selectively prosecute and punish.

Re:

[NotBornYesterday (1093817)]

Ignoring your whining, anti-US tone for a moment, your post does (surprisingly) have interesting implications.

Although the RIAA /etc would fume over it, and although the US govt would grumble, I would guess that there is probably a sizeable number of regular folks in the US who would love to have the Chinese take on various DRM schemes. That might well be the next killer app. Let's face it, China is already the epicenter for mass piracy of software and other IP from the US and elsewhere, and the offic

OpenVPN in UDP on port 53

[Nicolas MONNET (4727)]

is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.