Slashdot Mirror
Great Firewall Of China Marches Forward
geophile writes: "This article in Salon says that China will be building its own 'very own information superhighway.'" The story basically repeats the optimistic-sounding promises of the Chinese government that the new system will be faster, safer, brighter and fight cavities, too, though it does mention in passing that the Chinese "government routinely blocks Web sites of foreign news organizations and groups it opposes." Speaking practically, how easily can the worldwide dataflow be arrested in a country as populous and geographically diffuse as China?
I don't care HOW large the country is, the number of actual links going into the country are fairly limited, and can easily be restricted by restricting all communication across the boundry except for a set of government controled proxies which handle filtering the traffic and insuring that nothing naughty gets through.
Nicholas C Weaver
nweaver@cs.berkeley.edu
Test your net with Netalyzr
When I was in China a couple months ago I found it very easy to see sites like CNN.com by using anonymous proxies. Some of them even used secure SSL encryption and the Chinese firewall didn't detect anything. The sites came up fine.
I have my doubts about enforcing something like censorship on the net.
-----------
Resume
Football Sports Contest - Win $500 for having an e
I don't think the data can necessarily be easily arrested, but it can be monitored. A few showy 'examples' can be made of people to keep others in line, sort of the way the U.S. Internal Revenue Service announces prosecutions during tax season. Besides the governmental monitoring, there will also be the neighbors. There are 'block captains' who keep tabs on who's up to what (one of the ways China enforces its draconian "one-child" policy). I'm sure there will be ways around the blockades, but anyone wanting to access forbidden information is going to have to want it pretty badly. As a point of comparison, think of possessing a gun in New York City. It's possible, but the consequences of discovery could be dire.
I don't have the exact figures off the top of my head anymore but sometime around 97 or so, China's main internet links to the rest of the world were two 45Mbps links, one from Beijing and one from Shanghai. Almost all outgoing traffic went through these two pipes and were filtered by the ISP in charge. There were a few other small links, like 1.5 Mbps or 128kbps, but these were usually owned by a university or government organization and traffic was rarely routed through them. The general populace used those two main pipes out of China and it sure got congested during peak hours.
Since then, I'm sure more bandwidth has been added but it is still all under the control of the (government controlled) ISPs. At these chokepoints, you can implement all the firewalling and filtering you care for.
If you want to be serious, look at a corporation. You may have 5,000 people all working for the same company, but only one internet link. You set the filter/firewall there and you've got control of what come in from the outside world (supposedly).
China vouches for security through obscurity. By keeping you from seeing something, they think that you won't know it's there. But it's rediculous. It's like pretending that a security flaw in a computer doesn't exist. If you don't tell a person it's not there, then they won't find it. We all know how wrong that is.
The way I see it, China'd be better off to just let its citizens see everything. They'll enjoy their little "pr0n" sites at home, read the news once in a while, and be content with their lives as always. All else being equal, you're most comfortable where you are. Why? Because people hate change. Hell, I'll bet at least half of the people in China would think that the way our government runs is ridiculous.
The summary: People hate being held back, so let them see what they want and a week later they won't care anymore.
CAP THAT KARMA!
Moderators: -1, nested, oldest first!
SIG: HUP
I just got back on Wednesday from a journey around China. I attempted to use the Internet service in from the business center of the Guilin Sheraton Hotel, and barely downloaded a single page of html. This was google, and after 7 minutes of waiting. Images never downloaded for some reason.
I was able to confirm my understanding that all HTTP traffic in China is channeled through centralized filtering proxy servers. It can't even be called Internet Access. The proxy server would not handle anything other than HTTP and SMTP(which didn't work when I tried to send a message). I wanted to try using PuTTY to do ssh to my server at home in order to check up on email and other things, but this was impossible, even when I tried to configure the client to use the proxy.
There is no way for inhabitants of China to do normal IP routing between each other and the rest of the world. I suppose one could set something up to tunnel IP over HTTP, but other than that, they're out of luck. I would have rather had a straight ol' 2400 baud PPP connection to my U.S. ISP.
I understand that the Chinese government has good totalitarian reasons for censoring the Net, (although they are moving towards reform) but the system they use should be passive, and not involve tcp proxy servers.
I've seen systems that can simply monitor and replace ethernet packets that contain discedent HTTP data.
Its something the Government could easily do, but it would seriously affect it's usefulness and defeat the purpose of constructing this net in the first place.
I predict The Party will be unlikely to impose severe censorship, once they consider its benefits, and the internet will be a great enabler of positive change in The Peoples Republic.
However, after this year's budget is passed, they will not be able to access porn and other sensitive material, because the satellite link will have censorWare on it. Oh well, looks like the US and China deserve each other after all.
I use to be of the same opinion.
The ISP where I worked was desperately
trying to get away from going through
the phone company. Even after the break
up of ATT so many years ago, the phone
companies still have virtual monopolies
in the zone they have control in. This
is because they still control the
infrastructure.
We found the fastest way to circumvent
the infrastructure was to go wireless.
However, in China there would still be
the need to have physical towers that
the government could pinpoint.
Take it the next step and have a wireless
satellite system. I still think they
could target the customer base. You have
to collect your fees in some manner and
I am sure it would be easier for the
government to track the financial transactions
then to go after wireless satellites.
Anyways, the situation now is definately
a tragedy and food for thought.
Except that if the firewall is COMPLETE except for the proxies, one must construct covert channels through the proxy, which is easier to monitor and control.
Nicholas C Weaver
nweaver@cs.berkeley.edu
Test your net with Netalyzr
They can do it, and it is easier than it looks.
All they have to do, is block everything, but few (can be few thousands) sites.
Perfect censoship. Anything outside thouse few trusted doesn't even exists.
And if you have control over the gateways - there is no problem to do that.
As of monitory content inside this thing, it is
more difficult, but much easier to enforce on the physical level.
Not that I really need to repeat it for the
Sneaking "subversive" data past this firewall is a good cause, worthy of the efforts of the Rubberhose Project and other open source initiatives designed to increase personal privacy and freedom. To all of those developers out there who are working on encryption or steganography software, these (Chinese citizens) are the people who really need your help.
A quote from the Xinhua report:
Notice that the needs of the people are not mentioned. The only legitimate purpose of government is to serve its people.
ADSL works above and below the frequencies that can be detected by a human ear. Unless you have equipment to search for such frequencies, you will not hear anything suspicious, especially if someone is having a meaningful conversation in the normal frequencies...
You can't handle the truth.
I've asked this question once to a visiting student.
:)
Just get yourself a shell account in Hong Kong, and run a slip connection. Or look for a Windows webproxy... they're usually unsecured and don't have logging (logging has a tendancy to lag inferior OS's like Microsoft's
Heck, if they block everything well enough, they could resort to that TCP/IP over DNS trick posted here a while back.
Of course, if the government fails to maintain hold on power, it won't become a pipe-dream democracy. It will probably be controlled by the same corporations owned by the China goverment... who will promptly buy out all of the national press (much like the USA with self-sensoring networks).
If things REALLY look radical in China, they could just impose an Electoral College. It's a time-tested technique for maintaining a duopoly.
Posted anonymously, because my name is in my email address, and someday my employer could always be bought out by a foreign corporation...
Comment removed based on user account deletion
How can one control data? By funnelling it through a few discrete points and heavily controlling what gets transmitted, which is exactly what Sun Microsystems is doing for China (they have the contract.)
By filtering what ports are used, analyzing transmitted content, forbidding & prosecuting use of cryptography (with a distinct lack of due process) etc. China call well control internet use within it's borders.
China has one of the lowest penetration rates of telephones in the world. Computers are generally only available limited circumstances. The percentage of computers with internet access is even lower, not something one sees in private homes of even the wealthy. Under these heavily controlled and highly accountable conditions can you imagine much "unauthorized use"? Particularly considering the possible repercussions?
Information wants to be free, and yes the 'net does route around censorship, but when one controls all of the lines one controls all of the routes around. Even in cases where material makes it though the dangers of being caught with it make it unlikely to propagate far.
Sure there are ways around it but we're not talking US school kids getting access to porn; we're talking ruined careers at best, an involuntary organ donation or a bullet through the back of the head at worst. As time goes on opportunities for 'getting lost in the flow' become greater but so does the technical sophistication of those monitoring use.
I'm sure the expat. Chinese news sites have guesstimates but from all accounts I've seen information flow within the PRC is indeed tightly controlled and by-and-large remaining so. General information gets through but politically sensitive material seems to be rather effectively smothered. Indeed the CIA World Factbook 2000 ed.(generally fairly good about numbers) lists China as having only 3 ISPs.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Nor did many Nazi leaders.
Censorship can prevent life-saving information from being spread. Much of the overpopulation of the last 2000 years can be attributed to lack of knowledge about contraception, which has been (and still is) actively censored by religious pressure groups.
The Dark Ages were the best example for the killing power of censorship. During that time, the church held a monopoly on the truth -- and the consequence was that most knowledge of ancient times was lost or suppressed, and science stagnated, which was especially important with regard to the medical profession, which practically did not exist. I have a huge file on the absurd rituals and practices that were used to "heal" people in the Dark Ages. Demons were believed to cause all illnesses, and those who strayed from this belief were outcasts and often persecuted. As you may know, exorcism is still practiced by the Catholic Church, even in the Vatican.
The fact that repressive governments like China can remain in power and continue to kill people is also a direct consequence of the fact that they censor information that could mean change. Censorship prevents change, and change can save lives.
Recently on German TV, there was a documentary about a US sect that prevented the use of traditional medicine. They showed a cemetery where all the victims of this irrationality, many of them children, were buried. Surely these people would love it if nobody had access to this information. By trying to pass legislation that would have outlawed a lot of drug-related information on the Net, the US gov't would have done the first step in that direction.
Always remember: Where they burn books, people are next. Censorship kills. Sooner or later.
--
I now have a 3com ADSL modem. It has a DEFINITE noise problem without the splitter. Even without the splitter, people complain that the line sounds echoey.
`ø,,ø!
Free Software: Like love, it grows best when given away.
My Main observation is to take this into the larger context.
As I said earlier, we seem to be walking in a directions where the internet is being divided into large areas of fenced in territory owned by large corporations and other entities, with small time operators getting the left overs. What makes this all the more believable are little details like this mornings AP news story about mainland China's announcement that they are building their own information superhighway. To quote from the story:
it is very easy to take a short range cynical look at all of this. And it is very easy to "poo-poo" all this, and to say that it will never happen here, or that it will never be effective, that it won't last.But the problem is that we are walking in the direction of a fragmented segmented internet. We seem to be walking in a directions where the internet is being divided into large areas of fenced in territory owned by governments, large corporations, and other entities, with small time operators getting the left overs. And all to many people, governments, and companies are willing to sell us the fencing, the barbed wire, for our own good.
Take a look at the incident with Yahoo these past few months in France. I do not think that this is what we want.
It will surely happen if people do not constantly make the internet free.
"It is a greater offense to steal men's labor, than their clothes"
China's Firewall version 6.0: So easy to use, no wonder it's number one! It's the only one!
It's not that difficult to control the internet; the government controls the pipes. The only way sto get on through a nonCommie service is make one and hide it from the government , eat the long distance charges to another country, or use a satelite service. These are difficult - getting people to try to set up a shadow ISP would be hard given the Party's actions in 1989, and then guaranteeing that only "good" guys get on would be impossible (your best freind might turn you in - in a Communist economy it pays big to have the government like you); a satelite, but the government can do helicopter sweeps to find those (Iraq does this for TV antennas - can't have the people knowing Saddam lost), and your neighbors would probabaly turn you in to the authorities. Even if they got uncensored 'net access, the middle class can fight all it wants, the government has 3,000,000 soldiers. So even if some miracle happens and all of the middle class learns about the greatness of Capitalism, what do they do? Nonviolent protests recently ended in a massacre, even the old people of China are under attack for organizing period. People can demand change all they want, they can know about changes all they want, they can ask for those changes, but it won't do much but get them killed.
Nick
If you prepared to actually block the domians of anything that might be bad in your eyes, then it's quite possible. It's not like the Chinese government care about how much is blocked for no reason. A case in point is that a compsci here at Cambridge wrote a web proxy that altered the html going through it in order to improve the presentation for visually impaired people (including himself). This also had the effect of allowing Chinese web users to view blocked sites. As a result, the Chinese government blocked the entirity of the Cambridge University domain, and only after negotiations with their embassy and a code change to prevent anyone from inside China using the proxy, was the block lifted.
I was hunting for this quote from the NAZI era, but I found an 'update' with a more direct bent.
GRRR!
`ø,,ø!
Free Software: Like love, it grows best when given away.
I read through 10 posts on this thread looking for the one that said:
"None of you even know how your own telephone works. That you might even suggest making a 'long distance ADSL call' from China to the US underscores your ignorance. For heavens sake, shut up!"
Sadly I found no such post and had to write one myself.
Ryan
> your best freind might turn you in - in a
> Communist economy it pays big to have the
> government like you
Shit, every neighbor reading my posts and they ALL have moderator access!
Ryan
They did it to Roger Rabbit.
Ryan