The Best Way Through the Great Firewall of China 118
eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."
Out of Date (Score:5, Insightful)
Some conclusions from the paper (Score:1, Redundant)
Tor can be recommended for widespread circumvention use, but only for expert users concerned about anonymity. Increased use of the tool might trigger blocking that Tor is not yet ready to defend itself against.
JAP can be recommended for use only by users who don't need anonymity or who understand the anonymity implications of JAP network composition and know to choose one of the non-default networks.
Psiphon can be recommended for widespread client and server use, but
Re: (Score:3, Informative)
Re:Some conclusions from the paper (Score:5, Funny)
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
Re: (Score:1)
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
Seriously? Chinese pr0n is even weirder, IMO. I'd give you a copy of the comprehensive study I wrote on the subject, but the pages are all stuck together...
Re: (Score:1, Informative)
Pet peeve of mine: phased != fazed.
Re: (Score:2)
Re: (Score:2, Funny)
#define fazed "to disturb the composure of"
Hope this helps.
Re: (Score:2)
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
That's "fazed". Although I'd expect the German government would be pretty worried once China starts using depolarised positronic tachyon beams to phase them out of existence. ;)
Re: (Score:2)
Re: (Score:2)
secret multiplayer javascript spreadsheet game
Interesting until you get too big that even moving a single step is very costly, then you just end up being a stationary fixture, like a dragon that nobody wants to get too close to.
Re: (Score:2, Informative)
Re:Out of Date (Score:5, Funny)
Re: (Score:2)
The dirty bastards! They took some of the keys from his keyboard to boot!
Re: (Score:1)
end up as an organ doner.
Like...a kebab made from human organs? Freaky.
Re:Out of Date (Score:5, Funny)
It is worth noting that the report was released in 07 and "Some of the data is now out of date"
They mentioned the the "downside is the long loading times."
Re: (Score:3, Informative)
I just left Beijing in November (each province and city has different protocols and sites that are to be blocked - its not just one Great Firewall) and can pass on what I have seen.
Most people (foreign and Chinese) just use an ever evolving list of proxy sites for "that one site" that is being blocked for whatever reason. I remember having to finally give up on http://postsecret.com/ [postsecret.com] as Chinese censors had seen the name and apparently added it to the list sight unseen. http://flyproxy.com/ [flyproxy.com] was the most used
Re:SSH anyone (Score:4, Informative)
If I recall correctly, Chani (of KDE fame) once blogged about having difficulty even using SSH from inside China.
Re: (Score:1)
I used it about two years ago when I was in China without a problem. I also believe I was on an unrestricted / less restricted line at a University as a foreign teacher.
I used my students in my classes like a human scanner. I would assign them to do reports on things, knowing there where only certain sorts of sites they would likly find the info at that perhaps might contain unrelated info, and then the next day when 100 students reported back they could not finish the assignment I could at least get a sens
Best way: (Score:1)
Know someone on the outside and arrange SSH access with them.
Comment removed (Score:4, Insightful)
Re: (Score:2)
Re:Best way: (Score:5, Informative)
I think the point he's making is that he doesn't trust anybody to use his internet connection.
Sharing domestically, he could be charged with kiddie porn.
Sharing internationally, he could be charged with treason/terrorism.
Re: (Score:2)
Re: (Score:3, Interesting)
The French used to have a complete ban on encryption until recently [findarticles.com]. The UK in the mid-90s were pushing for a key escrow system, where all individuals would have to lodge a copy of their private key with the government, and were very close to succeeding. Instead we now have the RIPA, where you have to disclose your key when asked or go to jail. The only way to safely store a stranger's data on your machine is if it's encrypted and you have no access to the key. Even then ISPs are monitoring what you are dow
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Isn't it stupid to... (Score:2)
... give the PRC better information on how people piercer the GWoC?
Re: (Score:2)
Isn't it stupid to assume that the PRC don't know all of the ways the G(F)WoC can be pierced?
Of course not.
The Obvious Solution (Score:2)
Re: (Score:1)
I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.
Mao says it can't be done, but Genghis Khan!
Re: (Score:2)
I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.
I think the most obvious solution would be to pour sweet and sour pork on their heads.
Whatever (Score:1, Informative)
A friend of mine lives in Beijing, apparently the great firewall is load of PR fluff, which anyone -- including barely tech-literate people -- work around by using public proxies.
Granted, it is lame, it does have a chilling effect on free speech, but mostly it's just a PR stunt by the Chinese government.
Re: (Score:2)
Not really (Score:5, Insightful)
of course, the huge downside is the long loading times.
No, the huge downside is that if anyone decides you're a problem, your circumvention methods are illegal and easy to detect.
Re: (Score:2)
He's already modded to +5 insightful... Maybe he's being overmodded to your suggestion...
Tunnel SOCKS through SSH? (Score:4, Interesting)
I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.
Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.
Re:Tunnel SOCKS through SSH? (Score:4, Interesting)
Remember your dns queries still go through by regular, unencrypted, means... That 'could' draw attention to whoever is using it. A friend of mine gives access to his SSH server for tunneling for his buddy is Saudi Arabia - just needs to be careful.
Re:Tunnel SOCKS through SSH? (Score:4, Informative)
firefox has a setting to route DNS requests through the socks proxy as well.
network.proxy.socks_remote_dns
Re: (Score:2)
Remove your DNS server settings from your system. No DNS leakage. You just hard-code the SSH server IP either in your hosts file or the SSH client.
All encryption requires permission from the Party (Score:3, Interesting)
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.
Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...
Re: (Score:2)
How does the Chinese government view the use of such software as OpenVPN?
Is that also an illegal encryption technology for individuals?
Re:All encryption requires permission from the Par (Score:4, Informative)
It depends on where your nationality resides. It is accepted and assumed that Americans/The West (TM) will use encryption because they see us as being very concerned about privacy and protective of our business secrets et al. So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc. A Chinese citizen, on the other hand, would have more trouble getting away with it.
CCP's rules on foreigners' use of crypto in PRC (Score:1, Troll)
Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China.
Announcement of State Encryption Administration
(No. 9)
The Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China are hereby promulgated and shall come into force as of May 1, 2007.
State Encryption Administration
March 24, 2007
Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China
Article 1 For the purpose of regulating the u
Re: (Score:2)
In case some people aren't aware of the realities in the PRC, all "laws" have been de facto written by the Chinese Communist Party and they are also subject to interpretation by the "courts" which are under direct rule of the Party. There is no separation whatsoever between the Party's executive and judicial arms, which is one of the reasons why the "People's Republic" of China is classified as an authoritarian state.
Re:All encryption requires permission from the Par (Score:5, Interesting)
I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)
As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).
Re: (Score:1, Troll)
Thanks for your constructive query. :-)
I've many Chinese friends who are as worried about the FQ phenomenom as I am. It's always unpleasant to be shouted down or having your message buried for ideological reasons.
Anyway, I'm not sure if you noticed but elsewhere in this thread I posted the regulations governing foreign-based organizations' (like businesses and NGOs) and foreign individuals' use of crypto in the PRC. The laws governing PRC nationals' use of crypto are said to be nearly identical. But as is o
Re: (Score:2)
Just a footnote: There is plenty of information regarding PRC's laws regulating foreigners' and in particular foreign businesses' encryption rules, but very little in terms of specifics about the same laws concerning Chinese nationals. I have, however, followed the debate and read many a newspaper article (outside China) over the years and like in the case of "state secrets", it may be that the lack of debate (naturally also within China) is partially due to intentional obfuscation over what is permitted an
Re: (Score:2)
Assuming this is true, and another commenter has called this into question, so what? If you're using privacy software to punch through the Great Firewall, you are by definition doing something the government doesn't like, and probably several things. If you can get your hands on Tor in the first place, you might as well use it.
Re: (Score:2)
So Chinese citizens can't use SSH? You must log into systems using cleartext?
Wow, this seems like it could potentially cause lots of security problems.
Also, given how easy it is to use encryption without even knowing (Skype uses it, for instance), it must be scary to be a Chinese computer geek. o.O
Though I suspect that these laws are only enforced if a citizen becomes a Problem(TM) for the state. Still scary, though, as you can probably become a Problem(TM) doing fairly innocuous things.
Re:All encryption requires permission from the Par (Score:5, Insightful)
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
You have either been misinformed or are deliberately making stuff up for some reason. I have ran sshd and apached (with encryption) on my own computer for years. I use GnuPG to communicate with my friends. But I have NEVER been required to acquire permission from the "Party", nor have I given my decryption keys to anybody.
As much as I despise my communist government, spreading blatant lies like this is not going to help bring about its demise. If anything it only makes more of your "mindless hordes of ultra-nationalists", because your so-obviously-made-up description of china can be translated and circulated on the chinese bulletin boards as "proof" that westerners want nothing but the "down-fall of China", and how "ignorant" they are of "the great achievements made by the Chinese people under the leadership of the Communist party". Yes I know this is very laughable, but that's the sad truth, and it has happened very often in the past few years. Things like this can easily be used to provoke nationalist and anti-western sentiment in China, which will make the work of those brave individuals who tirelessly try to promot the values of human right, freedom, democracy, etc. (the "symbolic" values of the western world) in China more difficult than it already is.
Re: (Score:1)
Re: (Score:1, Troll)
Dear sir, what exact blatant lies did I write, and why did the post make you so angry?
What exactly does the PRC law say about Chinese nationals' right to use encryption (or lack thereof)?
I am also aware that especially in the larger cities of China proper the Han-Chinese people (who are not suspected of any "a
Re: (Score:1)
Re: (Score:1, Troll)
Thank you for kindly pointing out that HTTPS is a protocol, not a cipher. It is the latter that actually encrypts the traffic.
Now, is it actually legal under the PRC's laws to use ciphers not specifically approved by the State authorities?
Are Chinese individuals or organizations inside the PRC allowed to freely operate servers with strong encryption of their choice and without permission from the State? Which authority within the PRC is allowed to grant certificates?
Are the State's routers/filters able to r
Re: (Score:1)
Answer to question 1 :Yes,there is no law prohibiting that, cipher alone is not a problem for them. Simply posting articles related to encryption technology also never get you caught, in fact, cryptography courses are taught in a number of colleges and Universities, in my University, Bruce Schneier's book is used uncensored,along with all of the original programs provided in a printed form.
Answer to question 2 :Theoretically, the law requires you to apply for a certificate even if you just want to operate
Think they missed a one or two downsides... (Score:4, Insightful)
Re: (Score:1)
You know they charge your family for the re-education costs (one bullet)
the people in china (Score:5, Interesting)
Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".
Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.
And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.
Re:the people in china (Score:4, Insightful)
Mod this AC up.
The firewall isn't a technical problem, it's 100% a social one. One person circumventing it is trivial, probably always will be, what's impenetrable is the doublethink force field around almost everyone's head.
Re: (Score:1)
Very well put, although I think as long as China keeps getting manufacturing business they won't care so much about tourism
Re: (Score:2)
insecurity is a natural aspect of human psychology. it is not taught. it requires no prerequisite except normal social development. everyone is insecure to some extent or another, in every culture, who has ever lived (except for the pathological, which again, is organic, and is not cultural)
Re: (Score:1, Interesting)
Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material
When I went there everybody knew about it. Try asking them using the term "June Fourth Movement".
Not everybody refers to it as the "Tiananmen Square Massacre".
The people in the USA (Score:1, Insightful)
Dont even want to be free from the televsion, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about the USA towards a US citizen who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Americans websites about the war in Iraq, video's, the wikipedia, but all they said that is was fake material ma
Re: (Score:2)
Um, no.
Tune into any TV news network in the United States and you'll almost certainly hear someone complaining about the government in short order.
Take Rush Limbaugh for example. Since Obama was elected he's been attacking Obama and his administration nonstop in very harsh language. He hasn't been hauled off to the gulag yet. Neither has Keith Olberman, who spent 8 years calling President Bush the "Worst Person in the World".
In the PRC (calling these thugs "China" just lends them legitimacy) these guys woul
My experience in China (Nov. 2008) (Score:5, Interesting)
Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).
Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.
Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.
This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.
I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.
In case anyone is interested here is a tracert going to a banned site.
C:\>tracert wikileak.org
Tracing route to wikileak.org [72.1.201.156]
over a maximum of 30 hops:
1 490 ms 298 ms 298 ms 220.192.136.4
2 298 ms 299 ms 299 ms 220.192.136.251
3 298 ms 280 ms * 61.242.160.182
4 280 ms 342 ms 296 ms 211.94.54.205
5 432 ms 439 ms 439 ms 211.94.56.105
6 438 ms 459 ms 459 ms 211.94.55.5
7 358 ms * 1107 ms 211.94.39.98
8 499 ms 480 ms 479 ms 211.94.55.250
9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]
10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
2]
11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
97]
12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
1]
13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
14]
14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
]
15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]
16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
4.255.38]
21 578 ms 559 ms 559 ms 142.46.128.14
22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
23 * *
Re: (Score:1)
Re:My experience in China (Nov. 2008) (Score:5, Informative)
"This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored?"
apt-get install tor privoxy
I've been in countries where use of any method to circumvent state censorship is criminal, all known proxies are blocked, all proxifying/anonymising software websites are blocked, tor.eff.org is blocked and so on. But there are Debian mirrors hosted by the state funded university. No more censorship :-)
Re: (Score:2, Insightful)
"This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored?"
apt-get install tor privoxy
I've been in countries where use of any method to circumvent state censorship is criminal, all known proxies are blocked, all proxifying/anonymising software websites are blocked, tor.eff.org is blocked and so on. But there are Debian mirrors hosted by the state funded university. No more censorship :-)
That implies you have a choice of which OS to use which just isn't the case in China. Most people use a cyber cafe connection running on Windows XP. Most Chinese simply can't afford the cost of a computer of their own. Nor could they afford the cost of an internet connection of their own.
Re: (Score:2)
Re: (Score:3, Insightful)
Umm dude, from the traceroute you posted, your data is getting all the way to OTTAWA, Canada from the looks of it. Shit Shaw cable is a Canadian ISP for GDsakes! Doesn't look like china was filtering your traceroute anyhow. Of course, they could be applying the filters at a different level, or only on certain protocols, etc.. But that traceroute doesn't really ... to quote a meme "mean what you think it means"
Re: (Score:1)
there's always sneakernet (Score:4, Insightful)
http://yro.slashdot.org/article.pl?sid=08/03/06/1717242 [slashdot.org]
if this strikes many of you as too low tech, recall that most of western liberal notions such as freedom of the press and freedom of expression were established BEFORE the internet. obviously! but we in the west have become so addicted and enamored of the permanence and instantaneousness of the internet, we almost can't imagine life before it, or a struggle for freedom without this aid. but the struggle for basic human dignity can and will happen, even without the net
life without a free net retards progress, but doesn't stop it. progress on basic human rights WILL come to china eventually. the grumpy old men in beijing can't hold on forever. they are human, they make mistakes. the best they can do is make the rightful fight for basic human rights in china a painful one for their fellow chinese
to any "faithful" chinese reading this message: i didn't know being a proud chinese meant being a dumb chinese. but if you defend the policies of the grumpy old technocrats to keep the average chinese's media strictly controlled, that's what exactly what you do. the only way to a strong china is a free china. if you think just an authoritarian ultracapitalist china is a strong china, whoa boy, watch what happens as the world economy continues to shrink. china is not immune to the inevitable lessons of history about economic recessions and draconian governemnts. enjoy your defensive posture
SSH server (Score:1)
When I need to avoid a Firewall I use a SSH proxy server. How easy it is to use depends on every applications.
You can use any port you want, but the downside is you need to have a SSH server somewhere on the outside.
OpenVPN in UDP on port 53 (Score:3, Interesting)
is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.
Re: (Score:1)
Interesting.
Still my WRT54GL on tomato can act as a proxy server wherever I am.
I still have to find a firewall that is able to block me. All I need is port 80 to work.
Why SSH When Virtual Private Networking Works? (Score:2, Insightful)
If you have a home virtual private networking service setup, or if you have access to a company virtual private networking service, why not just connect to your VPN? Problem is solved, connection is encrypted, and without the potential of tunnel hell or application incompatibility of port forwarding and tunneling.
Having said that, the censors at China are not that concerned of English offending content; it's more that they're worried about the uneducated public being incited by content online since content
Re: (Score:1)
Won't work if only port 80 or 443 are open. SSH can work with any Firewall, while VPN might break the connection.
Re: (Score:2)
Although the RIAA
Bah, sensationalist propaganda! (Score:1)
I recently returned from 6 months in Beijing where I reliably used my OpenVPN connection to an Amazon EC2 server whenever I needed something "special". Don't get me wrong, the great firewall is a pain in the ass, and they don't have the infrastructure (intentionally) to support that much traffic flowing in and
picidae (Score:1)
- is a proxy service which "creates an image of the website
the actual page to use (the proxy) is:
http://pici.picidae.net/ [picidae.net]
is it even possible to control this with a firewall?
DONT run Tor inside China (Score:1)
self destruct
worksforme (Score:1)
On my recent trip to Beijing, I was able to access any site I normally would have in my regular browsing, had no troubles getting and sending mail via TLS on IMAP and SMTP and I was able to ssh into servers halfway around the world easily (if with a little latency). I even tested my VPN connection back to a server in Canada and had no problems whatsoever.
While there still may be some restrictions, I didn't see any.
My 0.02