Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tearing Down China's Great Firewall

Posted by ryuzaki0 on from the best-work-done-in-basements dept.

quadsoft writes to tell us The Toronto Star has a look at three University Toronto computer geeks who are working hard to circumvent the internet censorship problems like those found in China. From the article: "But the computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught."

1 of 410 comments (clear)

  1. Using SSL is a bad idea by louarnkoz · · Score: 5, Insightful
    Thanks for pointing out that Psiphon proposes to use SSL. It looks very natural, encrypt the traffic so the firewall will not see it. But it is actually a very bad idea.

    First, the very fact of using encryption makes you stand out in the crowd. Do that a bit too often, and someone could very well come knock on your door.

    Second, SSL can be defeated. I am pretty sure that all PC in China have a Chinese Government Certification Authority listed in their SSL root file. That is enough for mounting a man-in-the-middle attack against SSL. Now you have dissidents who believe they are safe because of SSL, but in fact the firewall is reading their exchanges. Knock, knock?

    The article actually points to a much better solution: just use port 80, but rewrite the page to avoid the keywords that the firewall is looking for. For example, "New York Times" could be rewritten to "New Grok Dime", or whatever. That way, the traffic remains stealthy.