Slashdot Mirror
Tearing Down China's Great Firewall
quadsoft writes to tell us The Toronto Star has a look at three University Toronto computer geeks who are working hard to circumvent the internet censorship problems like those found in China. From the article: "But the computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught."
Tearing down a firewall is getting rid of it, and letting people access the internet freely. Circumventing a firewall is sneaking past it and hoping you don't get noticed.
To use a Berlin Wall analogy, what TFA is proposing is sneaking across to the West during the 80s and hoping to not be shot in the process. That contrasts quite strongly to tearing down the wall, which would be granting unrestricted access without fear of recrimination, as happened in Berlin in '89.
Let me start by saying I applaud these guys' motivation. Circumventing censorship is certainly a worthy goal in the name of individual freedom. However, this is just another step toward that goal, though TFA gives these hackers status approaching messianic. The paragraph I found most interesting:
(emphasis mine)
First of all, to claim a new tool for defeating censorship is "nearly fail-safe" does not give the Chinese and other goverments enough credit. China hass a government heavily invested (financially and emotionally in terms of propaganda) in controlling information sources available to its people. I'm sure they will try very hard to make sure this tool is rendered ineffective. Here's hoping they don't achive this; but you can be sure they will try hard.
Secondly, the technical side is somewhat dubious. It relies on "close friends and family" in friendly countries such as Canada -- but what if all your friends and family are living in China? And even if you make a secure, encrypted connection, how long before the censor get suspicious? Say encryption is declared illegal, and all external access has to go through certain proxies. Where does that leave Psiphon ?
These are just my two cents on the issue. I'd like it to work, but it may just cause the net to tighten (no pun intended).
If all you have is a grenade, pretty soon every problem looks like a foxhole -- MightyYar
Yes.
If you allow a user to make a connection -- particularly an encrypted connection -- to an untrusted computer outside the network (or at least out of your controlled zone), they can basically get to whatever content they want, that's available to them from that outside connection.
As the administrator, all you can do is play an endless game of cat and mouse, trying to close these connections down; in the end you'll always be one step behind though, unless you have a very selective whitelist of allowed connections, and block everything else.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
"unless you have a very selective whitelist of allowed connections, and block everything else."
So how do we keep China from increasing it's isolation to a whitelist only firewall when this or similar software comes out? Economically, having a China Whitelisted website outside the PRC might become enough of a business asset that companies would conform to them instead of China conforming to the west. That's already happened.
We are all just people.
We've never had an unbreakable DRM.
It is mathematically impossible to have an unbreakable DRM, whereas unbreakable (or at least impractical) encryption is possible. The difference is that DRM requires the computer of the potential snooper to have both the data and the decryption key. Encryption keeps the private key only in trusted hands.
CSS was first cracked when a program forgot to encrypt and hide its decryption key. From there they could mathematically solve CSS so that you didn't even need a key (and that's where you get the 4-line Perl DeCSS).
First, the very fact of using encryption makes you stand out in the crowd. Do that a bit too often, and someone could very well come knock on your door.
Second, SSL can be defeated. I am pretty sure that all PC in China have a Chinese Government Certification Authority listed in their SSL root file. That is enough for mounting a man-in-the-middle attack against SSL. Now you have dissidents who believe they are safe because of SSL, but in fact the firewall is reading their exchanges. Knock, knock?
The article actually points to a much better solution: just use port 80, but rewrite the page to avoid the keywords that the firewall is looking for. For example, "New York Times" could be rewritten to "New Grok Dime", or whatever. That way, the traffic remains stealthy.
Encrypted traffic looks entirely like random bits, which as you say, is quite a bit different from cleartext traffic. However, anything that is highly compressed also statistically looks like random bits. I'd imagine that there are enough movies, music, and zip files passed around that passively listening to a small percentage of your traffic shouldn't be enough to incriminate you.
If we provided people in China with satellite internet terminals, like this then the firewall would be completely out of the loop. And since the antennas are directional, it wouldn't be too hard to conceal your RF signals and would be difficult to jam.
Imagine this. You have some 19 or 20 year old college student in China who wants democoracy. He is not a computer whiz, but he finds software written by 3 programmers from the USA. These programmers say their software will circumvent government censorship.
What choices does the 19 year old Chinese college student have? Say he uses the software expecting to hide his identity, and the government discovers who he is. Does that make the software programers wrong for releasing the software? In the USA, if someone purchases software that doesn't live up to the hype, they can return it. In China, that guy is dead or in jail.
Now if no such software existed, the guy in China couldn't get into trouble. It would require more thought, and better orginization than just installing some software.
I'm just saying if someone is going to throw out a tool for people to use, which a government says is illegal, those people making the tool should be damn sure the tool works.
This goes to a deeper discussion of how much right does one culture have a right to change a different culture. Maybe in China most people really want communism. But 10% want democoracy. Should the USA help those 10% to overthrow the system of government in China, and to destabilize their economy?
I'm not a historian, but most stable countries that changed systems of government had a revolt which originated by native people. In France, it was the working class that overthrew the nobility. In the USA, it was farmers and working people who overthrew the british. In neither case was the revolution inspired or promoted by a forigen power. Sure, the people found friends and allies, but the allies didn't cause the revolution. Now contrast to Iraq where the USA is the source of the revolution. There are not enough Iraqi people who believe in USA values to sustane any form of stable government. That is the reason outside nations should not interfear.
Now, what if the government of China finds people using the software these three USA programmers wrote. China find this software violates their laws. Can China arrest those programmers. Or send operatives to kill them? The Israelis often send mussad agents to track and assasinate people who are not friendly to their nation.
It seems to me to be an unfreindly move by the USA to help dissadents in China.
I don't see the big deal. Most people around here know that you just need to get a secure connection to a proxy server in a non censoring country and then you can access the web without trouble. A guick google search will turn up lots of companies that offer web proxing for a very small charge (avoid all the 'free' proxy lists since many of then are honey pots).
Unless the gov't is specifically spying on you this is more than enough.
Peace, or Not?
Yup. That's why you need to hire people you can trust.
My personal feeling, given the work that I do, is that if I can't trust someone to not look at porn from his desk, I certainly can't trust them to make a presentation to a client or handle sensitive information which they could probably sell to a competitor for a not insignificant amount of cash (and, later, lots and lots of court-imposed fines for damages--but I don't expect someone who lacks the foresight to realize that pornography is going to get them fired to realize that leaking trade secrets will land them in court).
I would much rather figure out that I hired/was-assigned the wrong person because I walked up behind him one day and found him looking at porn, than after he did something really publicly embarrassing. Someone who doesn't implicitly get that it's not okay to look at porn while on company time, is not somebody I want to work with; full stop. It shows a lack of separation of one's personal life and business life, or at the minimum a great lack of understanding of the business world, which it is not an employer's job to rectify.
There seem to be a lot of companies that spend an awful lot of resources, from what I've read here on Slashdot, trying to control what their employees do online. It seems to me that those same resources would be better spent figuring out why they're hiring such dolts, and attracting and retaining quality people who don't need baby-sitting. Perhaps that's more expensive, but it makes for a much more pleasant workplace.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Can you give any evidence or substantiation to the claim that the U.S. Government is censoring your emails to or from Iran?
... so I think it's fair to say most people would also be surprised.
I have never heard of the USG actively censoring private email that wasn't to or from a serviceperson or that wasn't directly national security related (e.g., all the email to and from submariners and probably other Navy personnel afloat passes through censors who remove sensitive or geographically revealing information). Even then, they're pretty obvious about it.
If this is actually happening, yours is the first case I've heard of, and while I don't claim to be all-knowning (or even close to it) I consider myself pretty well-read in terms of current events
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This is not one world where all people believe the same things. One nation should be allowed to keep its culture, even if another nation disagrees.
Nations and cultures do not have rights, indnviduals have rights, but the statement above is implying just the opposite. It also implies that individual rights are just some kind of culturial thing, and not inherent. What about HK? their culture strongly respects rights. But China does not want to respect those at all. Funny how Chineese citizens who go to HK seem to adjust in a matter of days.
Hey, "if not us, then who? if not now, then when?" This has nothing to do with US policy, it has to do with us and if we are willing to help people looking for freedom.
That's not how public/private key cryptography works. If it did, any script kiddie could grab the private key in transmission.
The reason the private key is called so is becasuse it is never transmitted. It stays on the machine that came up with it.
Here's how it works, and we can assume both machines do the same thing for each other. One comp comes up with a private key and public key pair, where things encrypted with the public key can only be decrypted with the private key (and not with the public). Then, the machine can send the public key plaintext (or with some other form of encryption, which we can assume can be cracked much easier than the key pair cryptosystem we're using for the bulk of the data). The receiving machine uses the public key to encrypt it's data and sends the encrypted data.
Now if we assume any transmitted data can be evesdropped upon, the hacker has our public encryption key and the encrypted data... but he doesn't have the private encryption key! The data is useless to him! (Unless the key pair is weak, the data is weak, or the hacker has the hardware to brute force keys, but we'll assume the users are smart enough to avoid the first two and the cryptosystem uses a long enough key to make the last one futile.) The first computer gets the encrypted data and decrypts it with the private key.
A similar process, reversed, is used in certificates. They are encrypted with a private key, and the public key is made available. Assuming sufficient mechanisms are in place to assure that the public key does in fact belong to the original computer, any message decryptable with the public key shows that the message must have originated from the only legitimate computer with the private key.
One is that many people in a place like China are not even aware they're being censored, says Geist. Even if they are, he predicts, few will make the attempt to get around it. Qiang notes that even young urban males, the greatest beneficiaries of China's economic boom, are reluctant to rock the boat and risk their wealth.
Beyond that, the vast majority of users in China do not own their own computers - they spend their time in internet cafes... which means they're even less likely to have the proxy program. While its a huge topic outside of China, in China itself its not an issue at all.
The only way to tear down the Great Firewall of China is for the regime to collapse.
If the US doesn't roll over the place in M1's, the Israeli's are going to nuke it into the stone age.
Just a few quick points to clarify some aspects of the Iranian situation for our American cousins. An invasion there would not be another Iraq. Iraq was a burned out shell of its former self, militarily, after years of sanctions and inspections. Iran is a whole other kettle of fish, and certainly no one is going to roll over with any time soon. Some facts, from all over:
Iran's army includes 350,000 regular soldiers (non-conscript) and 220,000 conscripts, and a 7 million-strong "Basiji" volunteer militia. Iran is sharpening its abilities to wage a guerrilla war. Over the last year, they've developed their tactics of 'asymmetrical' war, which would aim not at resisting a penetration of foreign forces, but to then use them on the ground to all kinds of harmful effect.
Iran designs and produces its brands of fighter and tank, among other things, some of which it exports to other countries. Initial developments in every field of military technology were carried out with the technical support of Russia, China, and North Korea to lay the foundations for future industries. Iranian reliance on these countries has rapidly decreased over the last decade in most sectors where Iran sought to gain total independence; however, in some sectors such as the Aerospace sector Iran is still greatly reliant on external help.
Iran has, at present, developed an uncanny ability to reverse engineer existing foreign hardware, improve it to its own requirements and then manufacture the finished product. They have currently a full spread of main battlefield systems, about 2,000 tanks, 300 combat aircraft, three submarines, hundreds of helicopters and at least a dozen Russian-made Scud missile launchers. Iran also has an undetermined number of Shahab missiles that have a range of more than 1,500 miles. Within minutes of any attack, Iran's air and sea forces could threaten oil shipments in the Persian Gulf as well as the Gulf of Oman. Iran controls the northern coast of the Strait of Hormuz, the narrow waterway through which oil tankers must navigate, and could sink ships, mine sea routes or bomb oil platforms.
Although the Bush administration charges that Tehran already has been interfering in Iraq, many Iranians brush off the low-level infiltration as minor compared to the damage it could cause by allowing Iraqi militiamen to take heavy weapons into Iran, by backing the most extreme Islamist groups instead of the moderates it now supports, or by dispatching operatives across the long, porous border between the two countries.
But don't worry, a war would be over by christmas, right? Thats why the American government was openly discussing a nuclear option recently, much to the horror of the rest of the world...
On a related note, I have a lot of friends inside Iran, both male and female, and I have been continually surprised at how open minded, educated and free-thinking they are, especially the women. I expected a downtrodden mentality at the very least, but these women engage me in intelligent debate, pulling no punches. Their culture is unique, with musical instruments I have never heard of anywhere else, and some wonderful music produced by these instruments. Its important also to remember, these are not arabs, these are Persians, they tend to get upset if you call them arabs. The food is remarkable, and the language is thousands of years old. Putting aside fox propaganda, and actually talking to Iranians, getting to know them, is an eye opening experience. Yes, they have many problems with the religious rulership of the country, but those problems are being resolved over time. As for their nuclear program, they simply see it as a response to American aggression. And they are right.
What he can't kill, he has sex on. Trent.
But it may take sides with the population if it rebels.
However much internal strife there may be in Iran, I think you may rest assured that they are well and truly united against American interference in their government. The divide and conquer method that worked effectively in several countries would not be as effective in Iran, especially after Iraq. And I mentioned that they can turn up the heat on America just as much by arming extremist Islamic factions in Iraq with serious firepower, not just IEDs. And American forces are already stretched in Iraq as it is, so not only would they be facing a well organised military force, they would have to suppress a violent insurgency in an already conquered land, threatening supply lines and established bases.
What he can't kill, he has sex on. Trent.