Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
China Censorship IT Technology

China's Great Firewall is Blocking Around 311K Domains, 41K by Accident (therecord.media) 33

In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of China's Great Firewall internet censorship capabilities. From a report: In a research project that lasted nine months, from April to December 2020, academics developed a system called GFWatch that accessed domains from inside and outside China's internet space and then measured how the Great Firewall (GFW) would tamper with the connection at the DNS level in order to prevent Chinese users from accessing a domain, or an external entity accessing Chinese internal sites.

Using GFWatch, researchers said they tested 534 million distinct domains, accessing around 411 million domains on a daily basis in order to record and then verify that the blocks were persistent. After nine months of compiling data, they found that China's Great Firewall currently blocks around 311,000 domains, with 270,000 blocks working as intended, while 41,000 domains appear to have been blocked by accident. The research team said these latter domains appear to have been blocked accidentally when Chinese authorities tried to block a shorter domain and used a broad DNS filtering regular expression (regex) that did not account for situations where that shorter domain was also part of a longer domain name, indirectly banning other sites. For example, researchers said that when Chinese authorities blocked access to reddit.com, they also accidentally blocked access to booksreddit.com, geareddit.com, and 1,087 other sites.

This discussion has been archived. No new comments can be posted.

China's Great Firewall is Blocking Around 311K Domains, 41K by Accident

Comments Filter:
  • then maybe they should leave

    • by Luckyo ( 1726890 ) on Monday July 12, 2021 @11:29AM (#61575507)

      Do you also leave your house when someone is a guest and behaves in ways you don't like?

      Or do you just kick them out and close the door?

      Reality is, they have every right to do what they do. They're a sovereign nation, and not a vassal state. It's only vassal states that get dictated what they can and cannot do in within the national borders by foreigners.

      Which is exactly why we should continue to critique them for totalitarian information control, but not be a pants on the head retarded ideologues of "well they should leave" while doing so. There's no reason for them to leave. They have shown that they can maintain information control while being a part of the internet. It's a win:win situation for them. It's a problem for us, but as mentioned above, they're not a vassal state of ours. And it's a problem for their people, but this is a Communist government. Being against it's own people is the default position for any Communist government.

      • Do you also leave your house when someone is a guest and behaves in ways you don't like?

        No, I open fire on them. Of course I leave my house if they won't leave.

        Or do you just kick them out and close the door?

        Making this a contest of strength is a bad idea if the lout is bigger than me, or at least big enough to pose a problem. That's why we call the police to deal with antisocial people rather than getting in fist fights.

        Reality is, they have every right to do what they do.

        I wasn't talking about international law, which there is almost none for the Internet beyond contract law for peering agreements.

        Which is exactly why we should continue to critique them for totalitarian information control

        mhrm.

        but not be a pants on the head retarded ideologues of "well they should leave" while doing so.

        I can't tell if you're being hyperbolic or if you have difficulty with reading comprehens

        • by Pascoea ( 968200 )

          Oh I'm certain they don't want to leave. But I do think we should devise some standards for behavior that are compatible with a world-wide phenomenon that has brought us firmly into the Information Age.

          And what is the solution when a country doesn't abide by the standards? Kick them off "The Internet"?

          • Sanctions are a well understood process in resolving disputes. It's not the first step, but you can eventually get there if a nation does not comply. Might take an actual treaty to establish what the standards even are.

            Practically speaking the US won't do anything about China. That will be up to other countries to decide. The US effectively has bowed out of dealing with China. I mean if we won't pressure them to abide by maritime law, why would we care if they take more than they give to the effectively unr

            • The US literally can't sanction China.
              I work for a vast US multinational that makes nearly $1 billion in profits every year from its China holdings.

              I can imagine what the shareholders would say if some idiot decided they can't have that money any more.

  • A list of every blocked domain.

    Kinda like a Great Wall of Shame.

    • by Luckyo ( 1726890 )

      The propaganda concept as implemented by CCP is different. They prefer to simply remove offending elements from public knowledge alltogether. What you don't know can't hurt you.

      It's modelled the original Stalinist approach. And they're not even the worst when it comes to implementing this model. North Korea also uses the same model, but goes significantly further.

  • It occurred to me that one way to make it more difficult to block DNS entries would be to distribute DNS database that utilizes homomorphic encryption/execution, taking in encrypted requests and spitting out IP addresses. This means you wouldn't actually be able to tell what was requested nor what entries are for. The idea is impractical for multiple reasons but it just seemed like a neat idea.

  • Outright blocking is one thing but what I'm more curious about is in flight content modification.
  • How do they know what is an accident or not? You can't just make assumptions because you then embrace your own biases.

  • There are connections that are not behind "the firewall". And, yes, they're authorised, and are run by the same Chinese household-name orgs that run other connections (well, one of them anyway). They're not "unlimited" bandwidth, but 40GB/month isn't terrible, for ~$27... speed is so-so, but good enough for video streaming so I can watch YouTube and other online video services.

No hardware designer should be allowed to produce any piece of hardware until three software guys have signed off for it. -- Andy Tanenbaum

Working...