China's Great Firewall is Blocking Around 311K Domains, 41K by Accident (therecord.media) 33
In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of China's Great Firewall internet censorship capabilities. From a report: In a research project that lasted nine months, from April to December 2020, academics developed a system called GFWatch that accessed domains from inside and outside China's internet space and then measured how the Great Firewall (GFW) would tamper with the connection at the DNS level in order to prevent Chinese users from accessing a domain, or an external entity accessing Chinese internal sites.
Using GFWatch, researchers said they tested 534 million distinct domains, accessing around 411 million domains on a daily basis in order to record and then verify that the blocks were persistent. After nine months of compiling data, they found that China's Great Firewall currently blocks around 311,000 domains, with 270,000 blocks working as intended, while 41,000 domains appear to have been blocked by accident. The research team said these latter domains appear to have been blocked accidentally when Chinese authorities tried to block a shorter domain and used a broad DNS filtering regular expression (regex) that did not account for situations where that shorter domain was also part of a longer domain name, indirectly banning other sites. For example, researchers said that when Chinese authorities blocked access to reddit.com, they also accidentally blocked access to booksreddit.com, geareddit.com, and 1,087 other sites.
Using GFWatch, researchers said they tested 534 million distinct domains, accessing around 411 million domains on a daily basis in order to record and then verify that the blocks were persistent. After nine months of compiling data, they found that China's Great Firewall currently blocks around 311,000 domains, with 270,000 blocks working as intended, while 41,000 domains appear to have been blocked by accident. The research team said these latter domains appear to have been blocked accidentally when Chinese authorities tried to block a shorter domain and used a broad DNS filtering regular expression (regex) that did not account for situations where that shorter domain was also part of a longer domain name, indirectly banning other sites. For example, researchers said that when Chinese authorities blocked access to reddit.com, they also accidentally blocked access to booksreddit.com, geareddit.com, and 1,087 other sites.
if they don't like the internet (Score:2, Funny)
then maybe they should leave
Re:if they don't like the internet (Score:5, Insightful)
Do you also leave your house when someone is a guest and behaves in ways you don't like?
Or do you just kick them out and close the door?
Reality is, they have every right to do what they do. They're a sovereign nation, and not a vassal state. It's only vassal states that get dictated what they can and cannot do in within the national borders by foreigners.
Which is exactly why we should continue to critique them for totalitarian information control, but not be a pants on the head retarded ideologues of "well they should leave" while doing so. There's no reason for them to leave. They have shown that they can maintain information control while being a part of the internet. It's a win:win situation for them. It's a problem for us, but as mentioned above, they're not a vassal state of ours. And it's a problem for their people, but this is a Communist government. Being against it's own people is the default position for any Communist government.
Re: (Score:1)
Do you also leave your house when someone is a guest and behaves in ways you don't like?
No, I open fire on them. Of course I leave my house if they won't leave.
Or do you just kick them out and close the door?
Making this a contest of strength is a bad idea if the lout is bigger than me, or at least big enough to pose a problem. That's why we call the police to deal with antisocial people rather than getting in fist fights.
Reality is, they have every right to do what they do.
I wasn't talking about international law, which there is almost none for the Internet beyond contract law for peering agreements.
Which is exactly why we should continue to critique them for totalitarian information control
mhrm.
but not be a pants on the head retarded ideologues of "well they should leave" while doing so.
I can't tell if you're being hyperbolic or if you have difficulty with reading comprehens
Re: (Score:2)
Oh I'm certain they don't want to leave. But I do think we should devise some standards for behavior that are compatible with a world-wide phenomenon that has brought us firmly into the Information Age.
And what is the solution when a country doesn't abide by the standards? Kick them off "The Internet"?
Re: (Score:2)
Sanctions are a well understood process in resolving disputes. It's not the first step, but you can eventually get there if a nation does not comply. Might take an actual treaty to establish what the standards even are.
Practically speaking the US won't do anything about China. That will be up to other countries to decide. The US effectively has bowed out of dealing with China. I mean if we won't pressure them to abide by maritime law, why would we care if they take more than they give to the effectively unr
Re: (Score:2)
I work for a vast US multinational that makes nearly $1 billion in profits every year from its China holdings.
I can imagine what the shareholders would say if some idiot decided they can't have that money any more.
Re:41K by Accident... (Score:5, Insightful)
No, it's just "good enough". There's a certain tolerance for error in any project, and in this one, they have a very low tolerance for errors in direction of not censoring what they think needs to be censored. Which naturally leads to very high tolerance for errors in the other direction, censoring things that they don't think needs censoring.
They should just post weekly or monthly (Score:2)
A list of every blocked domain.
Kinda like a Great Wall of Shame.
Re: (Score:3)
The propaganda concept as implemented by CCP is different. They prefer to simply remove offending elements from public knowledge alltogether. What you don't know can't hurt you.
It's modelled the original Stalinist approach. And they're not even the worst when it comes to implementing this model. North Korea also uses the same model, but goes significantly further.
Re: (Score:2)
And as you can see, this aggravated the local China troll. When China trolls get aggravated and personal, it usually mean you hit the nail on the head.
Re: (Score:1)
One can get in big trouble in China for trying to work around censorship. If it's blocked they probably find a Plan B and just live with it. Most are used to living under authoritarianism and know not to rock the boat.
Re: What about circumvention? (Score:5, Interesting)
Not really big trouble. You would have to be doing something bad with it to really get any attention.
I live in China and regularly circumvent the GFW. The tools you use commonly are broken but if you keep looking in the niches, you often find solutions which is why I won't say what works as much as what doesn't. I also have never paid though the most annoying sites are ones that require 2FA like steam guard for steam community.
I also download files that are banned here via torrents. I have even bought English copies of banned books online which were shipped to me.
Almost all tech workers use VPN too.
The bans and blocks don't exist to stop people, merely to enforce a pattern on the largest sum. If I go to Reddit to read about news and hear anti-China rhetoric, so what? Just so long as I don't parrot that on my WeChat, especially to a large following.
Re: (Score:1)
Just because you succeeded in avoiding getting snagged doesn't mean others have. Those who didn't wouldn't be around to post their success on Slashdot. They may just disappear or be threatened into silence such that you'd never know. Like any bureaucracy, the Thought Police are just plodding and slow, but they do find many targets.
Re: What about circumvention? (Score:1)
Lol, if they are nowhere to be found, how do you know they even exist?
Re: (Score:1)
I meant family and friends don't know what happened to them. Often they are put into prison on trumped up charges, and can only write letters with approved content.
Re: What about circumvention? (Score:2)
You have no clue what you are talking about. I tried my best to give a personally informed answer on the objective of the GFW, which actually censorship is primarily a bonus feature, and you reject that with your conspiracy theory.
No, when people get arrested for this shit, you generally hear about it even in China because what makes the "thought police" effective is fear. You know that same irrational impulse driving your perspective. Fear is the mind killer and once you see past that with the Chinese gove
Re: What about circumvention? (Score:2)
A lot of people complain about self-censorship and individual freedoms. Yet there is never rioting over parental controls. What makes it okay to block porn sites for a 17 year old (or really anything the parent wants) but not to do the same for adults? See the conclusion is at some point people can handle interpreting more complex information. How does that happen -- education. So the Chinese government is viewed by it's own people as a parent and because many Chinese are not educated enough, the VFW has a
Homomorphic DNS? (Score:2)
It occurred to me that one way to make it more difficult to block DNS entries would be to distribute DNS database that utilizes homomorphic encryption/execution, taking in encrypted requests and spitting out IP addresses. This means you wouldn't actually be able to tell what was requested nor what entries are for. The idea is impractical for multiple reasons but it just seemed like a neat idea.
I'm curious about modifcation (Score:2)
Re: I'm curious about modifcation (Score:2)
Virtually none. Too computational my complex. However the other purpose of the GFW is adaptive threat detection. You can find open access papers about the AI methods employed but I bet it's still only part of the picture.
Accident? (Score:1)
How do they know what is an accident or not? You can't just make assumptions because you then embrace your own biases.
Re: (Score:2)
Never attribute to malice what is adequately explained by incompetence.
The admins of the Great Firewall just made a clbuttic mistake.
https://what.thedailywtf.com/t... [thedailywtf.com]
Not all connections are behind the firewall. (Score:1)
There are connections that are not behind "the firewall". And, yes, they're authorised, and are run by the same Chinese household-name orgs that run other connections (well, one of them anyway). They're not "unlimited" bandwidth, but 40GB/month isn't terrible, for ~$27... speed is so-so, but good enough for video streaming so I can watch YouTube and other online video services.