Slashdot Mirror
Tearing Down China's Great Firewall
quadsoft writes to tell us The Toronto Star has a look at three University Toronto computer geeks who are working hard to circumvent the internet censorship problems like those found in China. From the article: "But the computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught."
We've never had an unbreakable DRM. Will we really have an undernet that can't be spied on?
Sheesh, evil *and* a jerk. -- Jade
Tearing down a firewall is getting rid of it, and letting people access the internet freely. Circumventing a firewall is sneaking past it and hoping you don't get noticed.
To use a Berlin Wall analogy, what TFA is proposing is sneaking across to the West during the 80s and hoping to not be shot in the process. That contrasts quite strongly to tearing down the wall, which would be granting unrestricted access without fear of recrimination, as happened in Berlin in '89.
Let me start by saying I applaud these guys' motivation. Circumventing censorship is certainly a worthy goal in the name of individual freedom. However, this is just another step toward that goal, though TFA gives these hackers status approaching messianic. The paragraph I found most interesting:
(emphasis mine)
First of all, to claim a new tool for defeating censorship is "nearly fail-safe" does not give the Chinese and other goverments enough credit. China hass a government heavily invested (financially and emotionally in terms of propaganda) in controlling information sources available to its people. I'm sure they will try very hard to make sure this tool is rendered ineffective. Here's hoping they don't achive this; but you can be sure they will try hard.
Secondly, the technical side is somewhat dubious. It relies on "close friends and family" in friendly countries such as Canada -- but what if all your friends and family are living in China? And even if you make a secure, encrypted connection, how long before the censor get suspicious? Say encryption is declared illegal, and all external access has to go through certain proxies. Where does that leave Psiphon ?
These are just my two cents on the issue. I'd like it to work, but it may just cause the net to tighten (no pun intended).
If all you have is a grenade, pretty soon every problem looks like a foxhole -- MightyYar
Yes.
If you allow a user to make a connection -- particularly an encrypted connection -- to an untrusted computer outside the network (or at least out of your controlled zone), they can basically get to whatever content they want, that's available to them from that outside connection.
As the administrator, all you can do is play an endless game of cat and mouse, trying to close these connections down; in the end you'll always be one step behind though, unless you have a very selective whitelist of allowed connections, and block everything else.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Cryptography is useful for keeping everyone but the parties with keys from seeing a message. A good crypto system ensures that if you have the key, you get the complete and accurate message, if you don't, you get garbage that tells you nothing at all about the message.
Well that means it's excellent for keeping things from being snooped on. SSH is a good example of this. When you connect to an SSH server the computers exchange a private key (encrypted using public key crypto) and then encrypt everything with it. Nobody can listen in, it's all just random bits.
So, why doesn't this work for DRM? Well now you are trying to do something that crypto doesn't work for. You want the person to see the end, decrypted product, but not have access to it. So you give them an encrypted disc, but for them to use it, the decryption key has to be somewhere. It's either on the disc, or in a chip, or whatever. They must have the decryption key or it's of no use.
Well, if they have that key, they can get their hands on it. Might not be easy, but they can do it. Also, since you are decrypting it, they can just intercept the decrypted signal and reroute it. Like on DVD-A players. They only allow full bandwidth/channel output over analogue links. However, what some people do is simple intercept the data right before the DAC, and reroute it to a S/PDIF codec. Digital output, post decryption (legal outside the US too).
So something like an undernet is far more like the SSH scenario than the DRM scenario. You are looking to hid your traffic so that it can't be listened in on, not hide the message from the person who gets it in the end.
Those comp sci students better know what they are doing. If someone gets caught using their software to circumvent government censorship, people could die. People have gone to jail for dozens of years for saying the wrong thing.
This is not one world where all people believe the same things. One nation should be allowed to keep its culture, even if another nation disagrees. IF there are stupid laws in china, then it is up to the chinese to have a revolt or change of government. Iraq has taught us that an outside power can't change a people or their culture. No matter what laws the USA or UN or new Iraqi government passes, they will never take precedence over their religious laws.
Imagine if the people of amsterdam decided that drugs should be more available in the USA. Should they help Americans break the law inside the borders of the USA? The government of the USA has assasinated heads of state for not complying with USA drug laws, and imprisioned for life the former head of state Manuel Noriega.
It's to a selected group; not available to anyone (eg police) who's interested.
If the police suspect anybody in your circle of friends, couldn't they do any of the following to break into the circle of trust and monitor your activities:
(1) Sneak into your associates' houses and install hidden monitoring software directly into their HTTPS stacks on their computers.
(2) Coerce your associates into providing them with access to their activities
(3) Use social engineering to convince you to let them into your circle of trust
When you are fighting a government, which has basically unlimited resources, you cannot grant trust as easily as when you are merely dealing with civilian adversaries. For example, I trust https://amazon.com/ enough to put my credit card info into a form there, but I wouldn't trust _ANY_ server or peer-to-peer host with my detailed plans to subvert and/or overthrow the government.
I know that citing Orwell's 1984 is cliche in these discussions, but one of the points of the book is that, when fighting against the government, even your most trustworthy companions and things cannot be trusted. Remember Winston's speck of dust?
In fact, you cannot even really trust yourself when against extremely harsh coercive measures. Look at what Winston did at the end.
"unless you have a very selective whitelist of allowed connections, and block everything else."
So how do we keep China from increasing it's isolation to a whitelist only firewall when this or similar software comes out? Economically, having a China Whitelisted website outside the PRC might become enough of a business asset that companies would conform to them instead of China conforming to the west. That's already happened.
We are all just people.
Do you have proof the USA censors your emails? If so, please show us the proof.
At this point, they don't ban crypto out of the country, and I don't think they'll start. It would cripple their ability to do business and as much as they like spying on their populace, they seem to like money more. So much online these days mandidates cryptography that it would be hard.
As for how to mask it, not my department, just pointing out why using crypto to keep a third party out is different than trying to use it to keep the recipient out.
I think thats the key to beating the Firewall -- make the attack *scale*. I'm not sure this particular piece of software accomplishes that. Plus, at the very least, dissent online provides a bit of a safety valve. Sure, the Chinese government *could* decide to come down pretty hard on folks trying to access overseas sites... but they already *do* come down very hard on folks trying analagous activities in meatspace. Not that the activities are perfect substitutes for each other, but if you try to meet a group of, say, Falun Gong adherents to have a chitchat about the health benefits of meditation online, its possible you'll get caught. If you try it by trying to track down a Falun Gong practitioner through the grapevine your exposure is orders of magnitude worst (can you guarantee every person who chances to overhear one of your conversations won't go straight to the cops?)
Help poke pirates in the eyepatch, arr.
TFA points out the obvious problem: if the great firewall can identify a relay, it can close it. It can also find out whoever is using it, making it a dangerous proposition. To me, it is fairly obvious that the response has to rely on "strength in numbers": place a great many relaying pages all over the internet. In fact, what about placing at least one such page on every web site? The great firewall would then have to either lock the entire Internet, or give up!
Moreover, I fully expect that the majority of the funding for this Canadian effort will come from Microsoft and Google. I expect that both companies will be (if they are not already) the prime backers of this effort if their management do honestly regret the previous censorship.
I expect nothing of Yahoo. Reporters without Borders declares, "Now we know Yahoo works regularly and efficiently with the Chinese police". If Buddhism has any validity, the managers (including the Yahoo chief, Jerry Yang) at Yahoo will be receiving their just karma in the next life.
Not to put to fine a point on it ... but as strongly as they feel about their cause, I wonder if they realise that what they're doing - if used by poeple inside those countries - could get people killed?
I can't help but wonder how zealous they will be if they have to think about the potential blood on their hands.
Doing what you can to help from your end is one thing. Helping somebody become a martyr is another.
To my mind, it's like giving dynamite to a suicide bomber, without thinking about either the bomber or any of his victems.
First, the very fact of using encryption makes you stand out in the crowd. Do that a bit too often, and someone could very well come knock on your door.
Second, SSL can be defeated. I am pretty sure that all PC in China have a Chinese Government Certification Authority listed in their SSL root file. That is enough for mounting a man-in-the-middle attack against SSL. Now you have dissidents who believe they are safe because of SSL, but in fact the firewall is reading their exchanges. Knock, knock?
The article actually points to a much better solution: just use port 80, but rewrite the page to avoid the keywords that the firewall is looking for. For example, "New York Times" could be rewritten to "New Grok Dime", or whatever. That way, the traffic remains stealthy.
Encrypted traffic looks entirely like random bits, which as you say, is quite a bit different from cleartext traffic. However, anything that is highly compressed also statistically looks like random bits. I'd imagine that there are enough movies, music, and zip files passed around that passively listening to a small percentage of your traffic shouldn't be enough to incriminate you.
It sounds easy to defeat to me. The proxies will have a distinctive profile in traffic analysis:
* Communicates on port 443 (SSL)
* Only a few Chinese computers ever connect to the foreign proxy
* Those that do connect, tend to do so extensively.
So the Chinese see this pattern and block the proxy or worse.
As an alternative countermeasure, would it be feasible for the Great Wall to act as a man-in-the-middle on all SSL connections which cross it?
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
Yup. That's why you need to hire people you can trust.
My personal feeling, given the work that I do, is that if I can't trust someone to not look at porn from his desk, I certainly can't trust them to make a presentation to a client or handle sensitive information which they could probably sell to a competitor for a not insignificant amount of cash (and, later, lots and lots of court-imposed fines for damages--but I don't expect someone who lacks the foresight to realize that pornography is going to get them fired to realize that leaking trade secrets will land them in court).
I would much rather figure out that I hired/was-assigned the wrong person because I walked up behind him one day and found him looking at porn, than after he did something really publicly embarrassing. Someone who doesn't implicitly get that it's not okay to look at porn while on company time, is not somebody I want to work with; full stop. It shows a lack of separation of one's personal life and business life, or at the minimum a great lack of understanding of the business world, which it is not an employer's job to rectify.
There seem to be a lot of companies that spend an awful lot of resources, from what I've read here on Slashdot, trying to control what their employees do online. It seems to me that those same resources would be better spent figuring out why they're hiring such dolts, and attracting and retaining quality people who don't need baby-sitting. Perhaps that's more expensive, but it makes for a much more pleasant workplace.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This is not one world where all people believe the same things. One nation should be allowed to keep its culture, even if another nation disagrees.
Nations and cultures do not have rights, indnviduals have rights, but the statement above is implying just the opposite. It also implies that individual rights are just some kind of culturial thing, and not inherent. What about HK? their culture strongly respects rights. But China does not want to respect those at all. Funny how Chineese citizens who go to HK seem to adjust in a matter of days.
Hey, "if not us, then who? if not now, then when?" This has nothing to do with US policy, it has to do with us and if we are willing to help people looking for freedom.
One is that many people in a place like China are not even aware they're being censored, says Geist. Even if they are, he predicts, few will make the attempt to get around it. Qiang notes that even young urban males, the greatest beneficiaries of China's economic boom, are reluctant to rock the boat and risk their wealth.
Beyond that, the vast majority of users in China do not own their own computers - they spend their time in internet cafes... which means they're even less likely to have the proxy program. While its a huge topic outside of China, in China itself its not an issue at all.
The only way to tear down the Great Firewall of China is for the regime to collapse.
So all it takes to be modded "Funny" is to use the word "assclown" and talk about a country with a population of 70 million getting nuked? And to use the word "Islamofascist" unironically? Sweet.
How would you feel if China actively was fighting against law in the US ? For example what if they start "fighting against the great drug firewall of the US" and publish method to avoid law enforcement to smuggle drug ? How would you feel (well I am sure some USian would feel happy but that is not the point you are hinting at).
On the paper I am sure it is a noble goal "freedom of speech" but de facto you are publishing way to go around china law. So how would you fee if China did the same to US law ?
This might sound like a troll, but this is an earnest question : many country are feeling sick of US interventionnism from its governement, or from its citizen... Furthermore , you know the proverb "do not do unto me what you would like to be done by me unto you".
PS: feel free to mod me as flamebait or troll, I always like irony (cue to the discussion theme).
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
If the US doesn't roll over the place in M1's, the Israeli's are going to nuke it into the stone age.
Just a few quick points to clarify some aspects of the Iranian situation for our American cousins. An invasion there would not be another Iraq. Iraq was a burned out shell of its former self, militarily, after years of sanctions and inspections. Iran is a whole other kettle of fish, and certainly no one is going to roll over with any time soon. Some facts, from all over:
Iran's army includes 350,000 regular soldiers (non-conscript) and 220,000 conscripts, and a 7 million-strong "Basiji" volunteer militia. Iran is sharpening its abilities to wage a guerrilla war. Over the last year, they've developed their tactics of 'asymmetrical' war, which would aim not at resisting a penetration of foreign forces, but to then use them on the ground to all kinds of harmful effect.
Iran designs and produces its brands of fighter and tank, among other things, some of which it exports to other countries. Initial developments in every field of military technology were carried out with the technical support of Russia, China, and North Korea to lay the foundations for future industries. Iranian reliance on these countries has rapidly decreased over the last decade in most sectors where Iran sought to gain total independence; however, in some sectors such as the Aerospace sector Iran is still greatly reliant on external help.
Iran has, at present, developed an uncanny ability to reverse engineer existing foreign hardware, improve it to its own requirements and then manufacture the finished product. They have currently a full spread of main battlefield systems, about 2,000 tanks, 300 combat aircraft, three submarines, hundreds of helicopters and at least a dozen Russian-made Scud missile launchers. Iran also has an undetermined number of Shahab missiles that have a range of more than 1,500 miles. Within minutes of any attack, Iran's air and sea forces could threaten oil shipments in the Persian Gulf as well as the Gulf of Oman. Iran controls the northern coast of the Strait of Hormuz, the narrow waterway through which oil tankers must navigate, and could sink ships, mine sea routes or bomb oil platforms.
Although the Bush administration charges that Tehran already has been interfering in Iraq, many Iranians brush off the low-level infiltration as minor compared to the damage it could cause by allowing Iraqi militiamen to take heavy weapons into Iran, by backing the most extreme Islamist groups instead of the moderates it now supports, or by dispatching operatives across the long, porous border between the two countries.
But don't worry, a war would be over by christmas, right? Thats why the American government was openly discussing a nuclear option recently, much to the horror of the rest of the world...
On a related note, I have a lot of friends inside Iran, both male and female, and I have been continually surprised at how open minded, educated and free-thinking they are, especially the women. I expected a downtrodden mentality at the very least, but these women engage me in intelligent debate, pulling no punches. Their culture is unique, with musical instruments I have never heard of anywhere else, and some wonderful music produced by these instruments. Its important also to remember, these are not arabs, these are Persians, they tend to get upset if you call them arabs. The food is remarkable, and the language is thousands of years old. Putting aside fox propaganda, and actually talking to Iranians, getting to know them, is an eye opening experience. Yes, they have many problems with the religious rulership of the country, but those problems are being resolved over time. As for their nuclear program, they simply see it as a response to American aggression. And they are right.
What he can't kill, he has sex on. Trent.
No, I didn't post that at work. ;)
Where I work, a certain amount of personal browsing is accepted, and a fair number of people even use AIM to talk to their families at home from the office as well, and that's never been a problem that I've heard of. (As far as I know, there aren't any other Slashdotters in my midst; fantasy sports leagues seem to be more my coworkers' fare.) If you do good work, it's been my experience that people don't really care what you do to produce it, or really even how much time you spent on it. Similarly, if you slave for hours but still turn out crap, I suspect you'll go nowhere quickly. (Though I've never had or worked with someone who's been just such a total zero that they washed out completely; problems seem to be more attitudinal than intellectual.)
There are certainly situations where sitting around and doing obviously non-work-related browsing just isn't appropriate: when you're working on a client's site on their dime, for example. Or any other time you might be perceived as representing a greater group of people besides yourself. That just strikes me as being obvious, though -- like "don't browse porn at work," I wouldn't want to have to tell someone that, and it's a bad sign if I do.
If I was the day-to-day manager of someone who was doing good work, but every time I went over to their desk was playing Solitaire, my reaction wouldn't be to fire them, but to try to find more challenging work for them to do. But aside from that, I'm a firm believer that, once people stay within the bounds of propriety, exactly how they budget their time and how they get their work done is their own business.
Especially as work environments become more distributed, with people working from home or at other sites -- so that you as a manager don't have any clue what they're doing while they're working -- judging people based on their output and performance (and thus having good metrics in place to measure output and performance in a realistic way) becomes more important.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I cannot spread whatever information I want (for example a movie)
Sure you can! Are you speaking of the technical difficulty? That's not a matter of "free speech." And you can use sites like YouTube or Google Video to make homemade video accessible to the world.
As for yours and the other poster's comments about ethnic Chinese not minding the lack of free speech, that's disappointing but fine... for those people. So some -- let's say most -- Chinese don't mind political oppresion. Does that justify complicity with that oppression, or the actual harm to those who'd like to practice freedom of speech and religion? Why not let people vote and worship as they choose, or not, rather than killing those who try?
What's the difference between a China's one-party system and our two-party system? Basically, error-checking. When our politicians are corrupt or incompetant we have some chance of finding out, complaining, and maybe replacing them. If China's government were honest it would welcome criticism, as a way of uncovering mistakes and corruption. What the censorship tells you is that the politicians there can't handle the truth about what they're doing.
Direct democracy? Yes, if we can find a way to make it work. I don't want Diebold making the machines. 8p
Revive the Constitution.
But it may take sides with the population if it rebels.
However much internal strife there may be in Iran, I think you may rest assured that they are well and truly united against American interference in their government. The divide and conquer method that worked effectively in several countries would not be as effective in Iran, especially after Iraq. And I mentioned that they can turn up the heat on America just as much by arming extremist Islamic factions in Iraq with serious firepower, not just IEDs. And American forces are already stretched in Iraq as it is, so not only would they be facing a well organised military force, they would have to suppress a violent insurgency in an already conquered land, threatening supply lines and established bases.
What he can't kill, he has sex on. Trent.
Their stories are tailored to a certain head-space. They don't present news so much as they filter ideas and pre-digest them for a bunch of working parents raising kids. The Star is basically just a really fat daily edition of, "For Better or For Worse." (--Or, "How to accept slavery and severely limited possibilities in life while pretending you are happy and that there is nothing more.")
Poor Lynn Johnston. She's a shill and doesn't know it. That's the best way to subvert a populace; get genuine and honest creators to believe in the lie and then repeat it with charisma and talent. There's a reason why, "For Better or For Worse" is the MOST popular comic strip in North America. It's morphine for the wounded.
The problem is that The Star, (and papers like it), are direct arms of the corporate paradigm, which are linked to all kinds of nastiness. Whenever a paper uses emotionally charged terminology when sharing facts, you automatically know that biases are involved. The fact that it's so bald-faced is an indicator of just how far the people have been subverted.
For example. . .
"But the computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught."
The average person if they were to read the same phrase usage in a Chinese newspaper, would gag and cry, "Propaganda!" but when it's displayed right in their hometown paper, it's suddenly invisible while retaining all of its subversive power.
So is there an Agenda? Hell, yes! I wonder how exactly the Toronto Star is going to spin Bush's military strikes against Iran?
That's right! Iraq all over again. Baseless lies about war ambitions spun into a such a fear frenzy that the cozy suburban family provider will shudder at the very thought and willingly go along with corporate fascism. Same old story.
Our 'Liberal Media' is designed to make us stupid.
-FL
"Sure, after nearly all the open problems in mathematics are solved. If you know of someone who's done this, there's several million dollars (and immortality) waiting for them."
Of course this post makes the same mistake as many others. Crypto-security more times than not, is broken due to a weakness in implimentation. Looks unbreakable on paper, but someone made a mistake in implimentation, or they made some poor choices elsewere. That's why technofaith (in this case) is soo dangerous.
1. Anything they can't make they can buy from Russia or China, and Iran is industrialized enough to make a lot.
2. China is not going to turn off their oil supply. Russia is not going to turn off their nuclear technology market. We don't have the capability to make China or Russia comply, especially since we are in debt to China for 250 billion dollars. We can put sanctions on Iran, giving them further justification to thumb their nose at us, China and Russia will keep Iran more than solvent, and we'll look like damn fools.
3. Iranians fell over themselves to be a guerilla force during the Iran-Iraq Wars of the 80s. Watch how fast they remember.
Never give in--never, never, never, never, in nothing great or small, large or petty, never give in except to conviction
I agree with the project's intent, but how does this differ from, say, writing a virus that forces remote computers to run Windows Update in order to protect them from the vulnerability that made the virus possible? In both cases you're co-opting a computer without permission... the intended ends don't quite justify the means.
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled."--Feynman