Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Censorship Technology

The Best Way Through the Great Firewall of China 118

eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."
This discussion has been archived. No new comments can be posted.

The Best Way Through the Great Firewall of China

Comments Filter:
  • Out of Date (Score:5, Insightful)

    by Ragein ( 901507 ) on Thursday March 05, 2009 @09:27AM (#27076791)
    It is worth noting that the report was released in 07 and "Some of the data is now out of date"
    • Some conclusions from the paper:

      Tor can be recommended for widespread circumvention use, but only for expert users concerned about anonymity. Increased use of the tool might trigger blocking that Tor is not yet ready to defend itself against.

      JAP can be recommended for use only by users who don't need anonymity or who understand the anonymity implications of JAP network composition and know to choose one of the non-default networks.

      Psiphon can be recommended for widespread client and server use, but
      • Re: (Score:3, Informative)

        by Ruede ( 824831 )
        JAP -- german government or better said their intelligence service has a direct interface to it... so what is better chinese or german gov watching your porn downloads?
        • by eln ( 21727 ) on Thursday March 05, 2009 @10:54AM (#27077801)

          Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.

          • by rarity ( 165626 )

            Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.

            Seriously? Chinese pr0n is even weirder, IMO. I'd give you a copy of the comprehensive study I wrote on the subject, but the pages are all stuck together...

          • Re: (Score:1, Informative)

            Pet peeve of mine: phased != fazed.

          • by Samah ( 729132 )

            Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.

            That's "fazed". Although I'd expect the German government would be pretty worried once China starts using depolarised positronic tachyon beams to phase them out of existence. ;)

        • That is not entirely correct. They can request a wiretap of JAP-client with a warrant... which is not much different from your normal Internet connection and phone.
      • by v1 ( 525388 )

        secret multiplayer javascript spreadsheet game

        Interesting until you get too big that even moving a single step is very costly, then you just end up being a stationary fixture, like a dragon that nobody wants to get too close to.

    • Re: (Score:2, Informative)

      by tritonman ( 998572 )
      Also, one of the "downsides" they fail to report is the fact that if you get caught you'll go missing and end up as an organ doner.
    • by hosecoat ( 877680 ) on Thursday March 05, 2009 @10:58AM (#27077867) Homepage

      It is worth noting that the report was released in 07 and "Some of the data is now out of date"

      They mentioned the the "downside is the long loading times."

    • Re: (Score:3, Informative)

      by ihatewinXP ( 638000 )

      I just left Beijing in November (each province and city has different protocols and sites that are to be blocked - its not just one Great Firewall) and can pass on what I have seen.

      Most people (foreign and Chinese) just use an ever evolving list of proxy sites for "that one site" that is being blocked for whatever reason. I remember having to finally give up on http://postsecret.com/ [postsecret.com] as Chinese censors had seen the name and apparently added it to the list sight unseen. http://flyproxy.com/ [flyproxy.com] was the most used

  • Know someone on the outside and arrange SSH access with them.

    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Thursday March 05, 2009 @09:42AM (#27076951)
      Comment removed based on user account deletion
      • Lol why wouldn't you trust chinese people? Its not like you'll get shipped off to china for breaking their laws. Iraqi's and Afghani's are understandable because only rich people have internet and if they want to circumvent the filters in place it would be questionable why. Same with the french person, the laws are fairly lax so hes likely only circumventing child porn laws. But in China there is a chance they are circumventing a law for a possibly useful cause. Like tattle-tailing on the government. Given
        • Re:Best way: (Score:5, Informative)

          by Xtravar ( 725372 ) on Thursday March 05, 2009 @10:43AM (#27077647) Homepage Journal

          I think the point he's making is that he doesn't trust anybody to use his internet connection.

          Sharing domestically, he could be charged with kiddie porn.

          Sharing internationally, he could be charged with treason/terrorism.

        • Comment removed based on user account deletion
        • Re: (Score:3, Interesting)

          by horza ( 87255 )

          The French used to have a complete ban on encryption until recently [findarticles.com]. The UK in the mid-90s were pushing for a key escrow system, where all individuals would have to lodge a copy of their private key with the government, and were very close to succeeding. Instead we now have the RIPA, where you have to disclose your key when asked or go to jail. The only way to safely store a stranger's data on your machine is if it's encrypted and you have no access to the key. Even then ISPs are monitoring what you are dow

  • ... give the PRC better information on how people piercer the GWoC?

  • I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.
    • I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.

      Mao says it can't be done, but Genghis Khan!

    • by Samah ( 729132 )

      I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.

      I think the most obvious solution would be to pour sweet and sour pork on their heads.

  • Whatever (Score:1, Informative)

    by Anonymous Coward

    A friend of mine lives in Beijing, apparently the great firewall is load of PR fluff, which anyone -- including barely tech-literate people -- work around by using public proxies.

    Granted, it is lame, it does have a chilling effect on free speech, but mostly it's just a PR stunt by the Chinese government.

    • With the added bonus that since so many people are doing it, the Chinese government can pick and choose the people they find objectionable to selectively prosecute and punish.
  • Not really (Score:5, Insightful)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday March 05, 2009 @09:47AM (#27076983) Homepage Journal

    of course, the huge downside is the long loading times.

    No, the huge downside is that if anyone decides you're a problem, your circumvention methods are illegal and easy to detect.

  • by RT Alec ( 608475 ) <alec@slashdot.chuck l e . com> on Thursday March 05, 2009 @09:59AM (#27077101) Homepage Journal

    I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.

    Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.

  • by Anonymous Bullard ( 62082 ) on Thursday March 05, 2009 @10:01AM (#27077123) Homepage

    In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.

    Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.

    Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...

    • by King_TJ ( 85913 )

      How does the Chinese government view the use of such software as OpenVPN?

      Is that also an illegal encryption technology for individuals?

      • by electrosoccertux ( 874415 ) on Thursday March 05, 2009 @10:32AM (#27077479)

        It depends on where your nationality resides. It is accepted and assumed that Americans/The West (TM) will use encryption because they see us as being very concerned about privacy and protective of our business secrets et al. So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc. A Chinese citizen, on the other hand, would have more trouble getting away with it.

    • by gzipped_tar ( 1151931 ) on Thursday March 05, 2009 @11:05AM (#27077959) Journal

      I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)

      As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).

      • Re: (Score:1, Troll)

        Thanks for your constructive query. :-)

        I've many Chinese friends who are as worried about the FQ phenomenom as I am. It's always unpleasant to be shouted down or having your message buried for ideological reasons.

        Anyway, I'm not sure if you noticed but elsewhere in this thread I posted the regulations governing foreign-based organizations' (like businesses and NGOs) and foreign individuals' use of crypto in the PRC. The laws governing PRC nationals' use of crypto are said to be nearly identical. But as is o

      • Just a footnote: There is plenty of information regarding PRC's laws regulating foreigners' and in particular foreign businesses' encryption rules, but very little in terms of specifics about the same laws concerning Chinese nationals. I have, however, followed the debate and read many a newspaper article (outside China) over the years and like in the case of "state secrets", it may be that the lack of debate (naturally also within China) is partially due to intentional obfuscation over what is permitted an

    • by xant ( 99438 )

      Assuming this is true, and another commenter has called this into question, so what? If you're using privacy software to punch through the Great Firewall, you are by definition doing something the government doesn't like, and probably several things. If you can get your hands on Tor in the first place, you might as well use it.

    • So Chinese citizens can't use SSH? You must log into systems using cleartext?

      Wow, this seems like it could potentially cause lots of security problems.

      Also, given how easy it is to use encryption without even knowing (Skype uses it, for instance), it must be scary to be a Chinese computer geek. o.O

      Though I suspect that these laws are only enforced if a citizen becomes a Problem(TM) for the state. Still scary, though, as you can probably become a Problem(TM) doing fairly innocuous things.

    • by exponential ( 1415291 ) on Thursday March 05, 2009 @12:38PM (#27079501)

      In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.

      You have either been misinformed or are deliberately making stuff up for some reason. I have ran sshd and apached (with encryption) on my own computer for years. I use GnuPG to communicate with my friends. But I have NEVER been required to acquire permission from the "Party", nor have I given my decryption keys to anybody.

      As much as I despise my communist government, spreading blatant lies like this is not going to help bring about its demise. If anything it only makes more of your "mindless hordes of ultra-nationalists", because your so-obviously-made-up description of china can be translated and circulated on the chinese bulletin boards as "proof" that westerners want nothing but the "down-fall of China", and how "ignorant" they are of "the great achievements made by the Chinese people under the leadership of the Communist party". Yes I know this is very laughable, but that's the sad truth, and it has happened very often in the past few years. Things like this can easily be used to provoke nationalist and anti-western sentiment in China, which will make the work of those brave individuals who tirelessly try to promot the values of human right, freedom, democracy, etc. (the "symbolic" values of the western world) in China more difficult than it already is.

      • I have no mod points,anybody mod parent up?
      • Re: (Score:1, Troll)

        You have either been misinformed or are deliberately making stuff up for some reason... spreading blatant lies like this is not going to help... because your so-obviously-made-up description of china

        Dear sir, what exact blatant lies did I write, and why did the post make you so angry?

        What exactly does the PRC law say about Chinese nationals' right to use encryption (or lack thereof)?

        I am also aware that especially in the larger cities of China proper the Han-Chinese people (who are not suspected of any "a

        • I hope you realize that nearly all of the computers with access to the internet today are equipped with encryption software-a browser supporting HTTPS protocol.Thanks.
          • Re: (Score:1, Troll)

            Thank you for kindly pointing out that HTTPS is a protocol, not a cipher. It is the latter that actually encrypts the traffic.

            Now, is it actually legal under the PRC's laws to use ciphers not specifically approved by the State authorities?

            Are Chinese individuals or organizations inside the PRC allowed to freely operate servers with strong encryption of their choice and without permission from the State? Which authority within the PRC is allowed to grant certificates?

            Are the State's routers/filters able to r

            • Answer to question 1 :Yes,there is no law prohibiting that, cipher alone is not a problem for them. Simply posting articles related to encryption technology also never get you caught, in fact, cryptography courses are taught in a number of colleges and Universities, in my University, Bruce Schneier's book is used uncensored,along with all of the original programs provided in a printed form.

              Answer to question 2 :Theoretically, the law requires you to apply for a certificate even if you just want to operate

  • by sunking2 ( 521698 ) on Thursday March 05, 2009 @10:08AM (#27077181)
    Like getting arrested, or run over by a tank, or being re-educated.
  • the people in china (Score:5, Interesting)

    by Anonymous Coward on Thursday March 05, 2009 @10:31AM (#27077469)

    Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.

    I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".

    Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.

    And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.

    • by sakdoctor ( 1087155 ) on Thursday March 05, 2009 @11:17AM (#27078135) Homepage

      Mod this AC up.

      The firewall isn't a technical problem, it's 100% a social one. One person circumventing it is trivial, probably always will be, what's impenetrable is the doublethink force field around almost everyone's head.

    • Very well put, although I think as long as China keeps getting manufacturing business they won't care so much about tourism

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material

      When I went there everybody knew about it. Try asking them using the term "June Fourth Movement".

      Not everybody refers to it as the "Tiananmen Square Massacre".

    • by Anonymous Coward

      Dont even want to be free from the televsion, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about the USA towards a US citizen who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.

      I showed some Americans websites about the war in Iraq, video's, the wikipedia, but all they said that is was fake material ma

  • by nkovacs ( 1199463 ) on Thursday March 05, 2009 @10:39AM (#27077581)
    I went to China for vacation November 2008. It was crazy watching the U.S. election from the Yengtze river.

    Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).

    Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.

    Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.

    This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.

    I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.

    In case anyone is interested here is a tracert going to a banned site.

    C:\>tracert wikileak.org

    Tracing route to wikileak.org [72.1.201.156]
    over a maximum of 30 hops:

    1 490 ms 298 ms 298 ms 220.192.136.4
    2 298 ms 299 ms 299 ms 220.192.136.251
    3 298 ms 280 ms * 61.242.160.182
    4 280 ms 342 ms 296 ms 211.94.54.205
    5 432 ms 439 ms 439 ms 211.94.56.105
    6 438 ms 459 ms 459 ms 211.94.55.5
    7 358 ms * 1107 ms 211.94.39.98
    8 499 ms 480 ms 479 ms 211.94.55.250
    9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]

    10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
    2]
    11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
    97]
    12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
    1]
    13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
    14]
    14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
    ]
    15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]

    16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
    17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
    18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
    19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
    20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
    4.255.38]
    21 578 ms 559 ms 559 ms 142.46.128.14
    22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
    23 * *
    • 8k/s? Did you connect the internet using a mobile?
    • by julian67 ( 1022593 ) on Thursday March 05, 2009 @12:26PM (#27079293)

      "This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored?"

      apt-get install tor privoxy

      I've been in countries where use of any method to circumvent state censorship is criminal, all known proxies are blocked, all proxifying/anonymising software websites are blocked, tor.eff.org is blocked and so on. But there are Debian mirrors hosted by the state funded university. No more censorship :-)

      • Re: (Score:2, Insightful)

        by nkovacs ( 1199463 )

        "This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored?"

        apt-get install tor privoxy

        I've been in countries where use of any method to circumvent state censorship is criminal, all known proxies are blocked, all proxifying/anonymising software websites are blocked, tor.eff.org is blocked and so on. But there are Debian mirrors hosted by the state funded university. No more censorship :-)

        That implies you have a choice of which OS to use which just isn't the case in China. Most people use a cyber cafe connection running on Windows XP. Most Chinese simply can't afford the cost of a computer of their own. Nor could they afford the cost of an internet connection of their own.

        • Thank you for your comment. You may well be right. My point really was that the state which imposes the restrictions may also be subsidising the circumvention of those restrictions. Even (especially?) in China socio-economic class and tacit social/political compliance matters more than almost anything else when it comes to the freedom and ability to communicate. I'm not sure how sophisticated is the management and regulation of public computers in China but assuming it's not perfect then it should be pos
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Umm dude, from the traceroute you posted, your data is getting all the way to OTTAWA, Canada from the looks of it. Shit Shaw cable is a Canadian ISP for GDsakes! Doesn't look like china was filtering your traceroute anyhow. Of course, they could be applying the filters at a different level, or only on certain protocols, etc.. But that traceroute doesn't really ... to quote a meme "mean what you think it means"

    • One way to solve this chicken and egg problem is to preload Tor onto a USB stick. http://entertainment.slashdot.org/article.pl?sid=07/07/28/2321219 [slashdot.org]
  • http://yro.slashdot.org/article.pl?sid=08/03/06/1717242 [slashdot.org]

    if this strikes many of you as too low tech, recall that most of western liberal notions such as freedom of the press and freedom of expression were established BEFORE the internet. obviously! but we in the west have become so addicted and enamored of the permanence and instantaneousness of the internet, we almost can't imagine life before it, or a struggle for freedom without this aid. but the struggle for basic human dignity can and will happen, even without the net

    life without a free net retards progress, but doesn't stop it. progress on basic human rights WILL come to china eventually. the grumpy old men in beijing can't hold on forever. they are human, they make mistakes. the best they can do is make the rightful fight for basic human rights in china a painful one for their fellow chinese

    to any "faithful" chinese reading this message: i didn't know being a proud chinese meant being a dumb chinese. but if you defend the policies of the grumpy old technocrats to keep the average chinese's media strictly controlled, that's what exactly what you do. the only way to a strong china is a free china. if you think just an authoritarian ultracapitalist china is a strong china, whoa boy, watch what happens as the world economy continues to shrink. china is not immune to the inevitable lessons of history about economic recessions and draconian governemnts. enjoy your defensive posture

  • When I need to avoid a Firewall I use a SSH proxy server. How easy it is to use depends on every applications.

    You can use any port you want, but the downside is you need to have a SSH server somewhere on the outside.

    • is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.

      • by Krneki ( 1192201 )

        Interesting.

        Still my WRT54GL on tomato can act as a proxy server wherever I am.

        I still have to find a firewall that is able to block me. All I need is port 80 to work.

  • If you have a home virtual private networking service setup, or if you have access to a company virtual private networking service, why not just connect to your VPN? Problem is solved, connection is encrypted, and without the potential of tunnel hell or application incompatibility of port forwarding and tunneling.

    Having said that, the censors at China are not that concerned of English offending content; it's more that they're worried about the uneducated public being incited by content online since content

    • by Krneki ( 1192201 )

      Won't work if only port 80 or 443 are open. SSH can work with any Firewall, while VPN might break the connection.

  • Everyone who does anything technical in China (I'm talking of Chinese people here), knows to use a VPN to tunnel out to Japan or somewhere similar. If it's "illegal" you certainly wouldn't know it.

    I recently returned from 6 months in Beijing where I reliably used my OpenVPN connection to an Amazon EC2 server whenever I needed something "special". Don't get me wrong, the great firewall is a pain in the ass, and they don't have the infrastructure (intentionally) to support that much traffic flowing in and
  • http://www.picidae.net/ [picidae.net]
    - is a proxy service which "creates an image of the website ... To make surfing on that image possible, pici-server analyses the web site and puts links via image maps onto the image where they can be seen on the web site. So one can click in the web browser with the mouse onto the links like on the "true" web page"

    the actual page to use (the proxy) is:
    http://pici.picidae.net/ [picidae.net]

    is it even possible to control this with a firewall?
  • On my recent trip to Beijing, I was able to access any site I normally would have in my regular browsing, had no troubles getting and sending mail via TLS on IMAP and SMTP and I was able to ssh into servers halfway around the world easily (if with a little latency). I even tested my VPN connection back to a server in Canada and had no problems whatsoever.

    While there still may be some restrictions, I didn't see any.

    My 0.02

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...