Red Flag Linux Forced On Chinese Internet Cafes

iamhigh writes "Reports are popping up that Chinese Internet Cafes are being required to switch to Red Flag Linux. Red Flag is China's biggest Linux distro and recently received headlines for their Olympic Edition release. The regulations, effective Nov. 5th, are aimed at combating piracy and require only that cafes install either a legal version of Windows or Red Flag. However, Radio Free Asia says that cafes are being forced to install Red Flag even if they have legal versions of Windows. Obviously questions about spying and surveillance have arisen, with no comment from the Chinese Government."

Re:In other news

[SatanicPuppy]

...While number of licensed copies remains the same.

Another motive

[theapeman]

If I were some non-american government then I would prefer people to use Linux. Not because of any backdoors that I could put in it, but because I could be reasonably sure that there were no backdoors put in it by the US government.

Re:Poor Microsoft...

[Aphoxema]

Maybe it's the fact that Windows is an OS made from their good friends in the US, and Windows is proprietary, and we know how many Americans (US) feel about the risk of software working against you...

It's like the US Government buying Cisco routers made in China, how the US sabotaged a Russian oil pump station, there's only so much trust to be had, and when you have people from the Land of Microsoft being untrusting of Microsoft, how can you possibly expect a xenophobic, militant country to?

Next will be North Korea I bet.

Re:Where Exactly is the Danger?

[ShieldW0lf]

I'm confused.

Are there concerns that the Chinese government are going to be spying on citizens using the open source Red Flag operating system, or are there concerns that using the closed source Windows operating system will allow some group to spy on the Chinese?

The second seems like a greater risk than the first.

No danger whatsoever

[hackingbear]

The new rules that went into effect Nov. 5 are aimed at cracking down on the use of pirated software, said Hu Shenghua, a spokesman for the Culture Bureau in the city of Nanchang.

1. Common mistake #1: assuming whatever a little municipal government says equal what the Chinese central government says. REALITY: in China, local governments don't pay a shit to upper government and just make up whatever rule they want.
2. Common mistake #2: assuming this has anything to do with national security, censorship, etc. REALITY: it is just a marketing maneuver some company trying to get people buy into their products -- by making it officially required.
3. Common mistake #3; assuming any people actually pay a shit to this. REALITY: if so, they would have obey anything from tax laws to traffic laws first before worrying about this.

Welcome to China!

Re:It's a silo. Anyone can set one up.

[Hognoxious]

And anyone can stand in front of a fucking tank.

Re:You can't spot the obvious danger?

[chrb]

And you think that Yahoo, Google, Cisco, Microsoft etc. aren't in league with the PRC government? In order to do business in China, you have to do as the government say. Actually, it kind of works like that in every nation...

The backdoor fears are being overblown, this is open source after all. It would be trivial to compare the binary packages installed on one of the internet cafe computers with a standard Red Flag install to see if any have been modified. Then strace or disassemble the modified binary to find out what it is doing. If you're worried that the entire Red Flag distribution might be compromised, consider that the Chinese government is recommending that this distribution be used on government and corporate computers. If there were a deliberately introduced backdoor, then it is highly likely that either a Western security researcher, or the NSA, would find it, and then be able to gain access to the Chinese computers. Thus the Chinese government actually has a very strong motive to ensure that there isn't a generic backdoor. And again, finding such a backdoor would be trivial - all you have to do is compile your own distribution using the same versions of each source package, and then compare the output binaries. Having said that, Debian had a modified ssh package with a gaping security vulnerability for a long time before anyone noticed... but eventually someone did.

I really think that there is a higher risk of the Chinese government sneaking a backdoor into Windows through a Chinese-American employee of Microsoft, or through compromising a Chinese CDROM factory or OEM manufacturer, than of being able to covertly introduce a secret backdoor into an open source Linux distribution like Red Flag. Having the source makes hiding a backdoor very difficult - if they ever did introduce a backdoor, they would probably be quite blatant about it. And as for the Windows comparisons, we still don't really know what the _NSAKEY was for.

Why is that even worth talking about?

[AlfredZhang]

Anyone cares to read the referred articles? This is only a move of a insignificant local government and is already criticized in many Chinese forums and online media sites. As a big country, things much weirder than this happens all the time. It is surprising why it gets singled out here. Yes, Chinese government heavily filters Internet connections and suppress any sites that it sees inappropriate, but it does NOT have to force linux on Internet cafe simply to spy on citizens. Believe me, it is much easier and inexpensive to spy on Windows machines. My suggestion: next time before you bring up something about a monarchy/communist/evil China, do some research.

Re:Where Exactly is the Debate?

[arth1]

Yes, there can and should be questions.
The first one to ask is "who would want this rumour, true or not, to be spread?"
The second one to ask is "do those who might benefit have a history of disinformation?"
The third one to ask is "if country X monitors hundreds of millions of PCs, where are all the millions of people doing the monitoring?"

China is a new capitalist society with roots in communism, and has quite a bit of baggage to deal with. Among them a propensity to overregulate everything, and likewise for the citizens to ignore all the regulations as long as no-one is watching.

I don't doubt for a second that the Chinese government can and will spy on some of its citizens, just like CIA, FBI, NSA and SS will over here. But they quite frankly don't have the infrastructure to do full scale computer surveillance, nor any need to -- if they want someone arrested, they simply arrest him or her. They don't need to collect evidence and convince a judge first.
And just like here, if they want to monitor internet traffic, doing it at the ISP or confiscating equipment is far easier than backdooring individual systems. For one thing, you don't need highly skilled agents capable of accessing back doors with the required finesse and understanding.

This whole article smells of FUD and agitprop. Sure, China is designated the new Big Evil, and the US needs another Enemy to believe in right now. But seeing Chinese government conspiracies in everything doesn't make it true, any more than seeing communist conspiracies in the 50s and 60s made that propaganda true.

My guess: A canton or city government decided to go linux, and chose Red Flag as their distro. Some zealous and cerebrally challenged bureaucrats (I know, a tautology) then interpreted that as an order. And a newspaper picked up the blunder, and wrote a note about it, which was then picked up and massaged to fit the desired perception by their western colleagues who like to post propaganda against the enemy du jour, because it sells ads. Our local Ministry of Truth won't interfere, as long as the bashing is against this year's designated foe.
ICBW, but it seems like a much simpler explanation.

And personally, I think China is on the road towards freedom, even if they stumble every now and then. But we need to keep in mind that it's going to be a long march.