Slashdot Mirror
The Best Way Through the Great Firewall of China
eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."
It is worth noting that the report was released in 07 and "Some of the data is now out of date"
They fitted George Orwell's coffin with rollers so he could turn over more easily years ago.
No mention of SSH in the abstract? I thought that was quite obvious a choice. Oh wait, you'll have to get a shell access to a server outside the wall in the first place.
Colorless green Cthulhu waits dreaming furiously.
Know someone on the outside and arrange SSH access with them.
My blog
Some conclusions from the paper:
Tor can be recommended for widespread circumvention use, but only for expert users concerned about anonymity. Increased use of the tool might trigger blocking that Tor is not yet ready to defend itself against.
JAP can be recommended for use only by users who don't need anonymity or who understand the anonymity implications of JAP network composition and know to choose one of the non-default networks.
Psiphon can be recommended for widespread client and server use, but users should also be aware that some data leaks are possible.
Circumventor can be recommend for widespread client use but only for server use by expert users who are able to navigate the difficult install process and understand the effects of the install on the host computer. Circumventor users should also be aware that some data leaks are possible.
UltraReach can be recommended for widespread use as the best performing of all the tested tools, though users concerned about anonymity should be warned to disable browser support for active content.
This game will waste your life. Don't clicky!
Now how do I get around Hadrian's firewall of the UK?
... give the PRC better information on how people piercer the GWoC?
"I don't know, therefore Aliens" Wafflebox1
I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.
Excuse me while I gather the virgin sacrifice and assemble the pentagram required to solve your problem
They are Always trying to break down City wall
A friend of mine lives in Beijing, apparently the great firewall is load of PR fluff, which anyone -- including barely tech-literate people -- work around by using public proxies.
Granted, it is lame, it does have a chilling effect on free speech, but mostly it's just a PR stunt by the Chinese government.
of course, the huge downside is the long loading times.
No, the huge downside is that if anyone decides you're a problem, your circumvention methods are illegal and easy to detect.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.
Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.
Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
Like getting arrested, or run over by a tank, or being re-educated.
can I view this report in China because man this filtering sucks
How does the Chinese government view the use of such software as OpenVPN?
Is that also an illegal encryption technology for individuals?
Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".
Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.
And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.
It depends on where your nationality resides. It is accepted and assumed that Americans/The West (TM) will use encryption because they see us as being very concerned about privacy and protective of our business secrets et al. So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc. A Chinese citizen, on the other hand, would have more trouble getting away with it.
I went to China for vacation November 2008. It was crazy watching the U.S. election from the Yengtze river.
Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).
Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.
Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.
This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.
I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.
In case anyone is interested here is a tracert going to a banned site.
C:\>tracert wikileak.org
Tracing route to wikileak.org [72.1.201.156]
over a maximum of 30 hops:
1 490 ms 298 ms 298 ms 220.192.136.4
2 298 ms 299 ms 299 ms 220.192.136.251
3 298 ms 280 ms * 61.242.160.182
4 280 ms 342 ms 296 ms 211.94.54.205
5 432 ms 439 ms 439 ms 211.94.56.105
6 438 ms 459 ms 459 ms 211.94.55.5
7 358 ms * 1107 ms 211.94.39.98
8 499 ms 480 ms 479 ms 211.94.55.250
9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]
10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
2]
11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
97]
12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
1]
13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
14]
14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
]
15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]
16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
4.255.38]
21 578 ms 559 ms 559 ms 142.46.128.14
22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
23 * *
http://yro.slashdot.org/article.pl?sid=08/03/06/1717242
if this strikes many of you as too low tech, recall that most of western liberal notions such as freedom of the press and freedom of expression were established BEFORE the internet. obviously! but we in the west have become so addicted and enamored of the permanence and instantaneousness of the internet, we almost can't imagine life before it, or a struggle for freedom without this aid. but the struggle for basic human dignity can and will happen, even without the net
life without a free net retards progress, but doesn't stop it. progress on basic human rights WILL come to china eventually. the grumpy old men in beijing can't hold on forever. they are human, they make mistakes. the best they can do is make the rightful fight for basic human rights in china a painful one for their fellow chinese
to any "faithful" chinese reading this message: i didn't know being a proud chinese meant being a dumb chinese. but if you defend the policies of the grumpy old technocrats to keep the average chinese's media strictly controlled, that's what exactly what you do. the only way to a strong china is a free china. if you think just an authoritarian ultracapitalist china is a strong china, whoa boy, watch what happens as the world economy continues to shrink. china is not immune to the inevitable lessons of history about economic recessions and draconian governemnts. enjoy your defensive posture
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
When I need to avoid a Firewall I use a SSH proxy server. How easy it is to use depends on every applications.
You can use any port you want, but the downside is you need to have a SSH server somewhere on the outside.
Love many, trust a few, do harm to none.
I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)
As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).
Colorless green Cthulhu waits dreaming furiously.
If you have a home virtual private networking service setup, or if you have access to a company virtual private networking service, why not just connect to your VPN? Problem is solved, connection is encrypted, and without the potential of tunnel hell or application incompatibility of port forwarding and tunneling.
Having said that, the censors at China are not that concerned of English offending content; it's more that they're worried about the uneducated public being incited by content online since content is so easily spread via the Internet, at the same time, it is also easy to organize protests online. If you already know English or you've been educated overseas, you're no longer someone they are targeting.
Oh wait, they're one of the "evil" empires, right? Not the good guys like the US o' A...
So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc.
That's good to know. Especially considering that my laptop is encrypted with TrueCrypt and I just spent 3 weeks in Shanghai on business. :-)
Of course the only thing I was protecting was company schematics and source code so I if I had to I'd give the password up in a heart beat. There's no way I would spend time in a Chinese prison to protect my boss's paycheck or the company.
Interesting thing though...
I typed "Freedom of Religion" into Google while I was there and Google became completely blocked for 30 seconds... The same search in Yahoo would not get blocked.
....until you are strapped to a table in an RV, getting your organs ripped out while still alive.
Assuming this is true, and another commenter has called this into question, so what? If you're using privacy software to punch through the Great Firewall, you are by definition doing something the government doesn't like, and probably several things. If you can get your hands on Tor in the first place, you might as well use it.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Everyone who does anything technical in China (I'm talking of Chinese people here), knows to use a VPN to tunnel out to Japan or somewhere similar. If it's "illegal" you certainly wouldn't know it.
I recently returned from 6 months in Beijing where I reliably used my OpenVPN connection to an Amazon EC2 server whenever I needed something "special". Don't get me wrong, the great firewall is a pain in the ass, and they don't have the infrastructure (intentionally) to support that much traffic flowing in and out, but it's the same intarwebs we all use.
So Chinese citizens can't use SSH? You must log into systems using cleartext?
Wow, this seems like it could potentially cause lots of security problems.
Also, given how easy it is to use encryption without even knowing (Skype uses it, for instance), it must be scary to be a Chinese computer geek. o.O
Though I suspect that these laws are only enforced if a citizen becomes a Problem(TM) for the state. Still scary, though, as you can probably become a Problem(TM) doing fairly innocuous things.
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
You have either been misinformed or are deliberately making stuff up for some reason. I have ran sshd and apached (with encryption) on my own computer for years. I use GnuPG to communicate with my friends. But I have NEVER been required to acquire permission from the "Party", nor have I given my decryption keys to anybody.
As much as I despise my communist government, spreading blatant lies like this is not going to help bring about its demise. If anything it only makes more of your "mindless hordes of ultra-nationalists", because your so-obviously-made-up description of china can be translated and circulated on the chinese bulletin boards as "proof" that westerners want nothing but the "down-fall of China", and how "ignorant" they are of "the great achievements made by the Chinese people under the leadership of the Communist party". Yes I know this is very laughable, but that's the sad truth, and it has happened very often in the past few years. Things like this can easily be used to provoke nationalist and anti-western sentiment in China, which will make the work of those brave individuals who tirelessly try to promot the values of human right, freedom, democracy, etc. (the "symbolic" values of the western world) in China more difficult than it already is.
The free version of Tor is tortuously slow to use here in China... I only use it when I need to go to sites I know are blocked. e.g. wowwiki.org Why the fuck they block wowwiki but not slashdot is anyone's guess.
is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.
I have no mod points,anybody mod parent up?
Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China.
Announcement of State Encryption Administration
(No. 9)
The Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China are hereby promulgated and shall come into force as of May 1, 2007.
State Encryption Administration
March 24, 2007
Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China
Article 1 For the purpose of regulating the use of encryption codes and equipment containing encryption technologies (hereinafter referred in general as encryption products) by overseas organizations and individuals within China, these Measures are formulated in accordance with the Regulation on Commercial Ciphers.
Article 2 The use of encryption products by overseas organizations and individuals within China shall be governed by these Measures, excluding China-based embassies and consulates of foreign countries, China-based representative offices of international organizations and other institutions enjoying the corresponding privilege and immunity.
Article 3 The term "overseas organization" as mentioned in these Measures refers to an organization set up outside China under foreign law, including the branch institutions, offices, representative offices, etc. established by it inside China.
The term "overseas individual" refers to a person who does not have the Chinese nationality under the Nationality Law of the People's Republic of China.
The term "encryption products" as mentioned in these Measures refers to the products for which the information is subject to protection or security authentication on the basis of encryption technologies, including the encryption products made within and outside China.
Article 4 The State Encryption Administration (hereinafter referred to as the SEA) shall be responsible for the administration of the use of encryption products by overseas organizations and individuals within China.
The encryption administrative departments of all provinces, autonomous regions and municipalities directly under the Central Government shall undertake the relevant administrative tasks in accordance with these Measures.
Article 5 When an overseas organization or individual intends to use an encryption product within China, it (he) shall fill out a Form of Application for the Registration of Use of Encryption Products by Overseas Organization or Individual in advance and submit it to the encryption administrative department of the local province, autonomous region or municipality directly under the Central Government.
The encryption administrative department of the province, autonomous region or municipality directly under the Central Government shall, within 5 working days from the day when it accepts an application, examine the Form of Application for the Registration of the Use of Encryption Products by Overseas Organization or Individual and submit it to the SEA.
The SEA shall, within 20 working days from the day when the encryption administrative department of the province, autonomous region or municipality directly under the Central Government accepts an application, examine the Form of Application for the Registration of the Use of Encryption Products by Overseas Organization or Individual.
If it approves the use, it shall issue to the applicant a Permit to Use Encryption Product by Overseas Organization or Individual.
A Permit to Use Encryption Product by Overseas Organization or Individual shall be valid for three years.
Article 6 Where an overseas organization or individual needs to use any encryption product imported from abroad, it (he) shall apply for a License for the Import of Encryption Product.
When such encryption product enters into China, the overseas organization or individual shall faithfully make a declaration and submit the License for the Import of Encr
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
http://www.picidae.net/ ... To make surfing on that image possible, pici-server analyses the web site and puts links via image maps onto the image where they can be seen on the web site. So one can click in the web browser with the mouse onto the links like on the "true" web page"
- is a proxy service which "creates an image of the website
the actual page to use (the proxy) is:
http://pici.picidae.net/
is it even possible to control this with a firewall?
In order to encourage the Chinese to not censor the internet, I'd like to encourage everybody who has a page with science or math or engineering content on it to put some banned content on it-- discussion of Tibet Independence, or Tienanmin Square massacre information. Make it so the stuff they want their people to get to is censored! (You can use white-on-white font for this, if you want to avoid cluttering real work pages with politics-- that's cool
Dont even want to be free from the televsion, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about the USA towards a US citizen who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Americans websites about the war in Iraq, video's, the wikipedia, but all they said that is was fake material made by people who hate the USA. Some that did know about it was fully on the side of their government and it was just "keeping order".
Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.
And if you are a foreigner who needs the a unmonitored internet connection, avoid countries like the USA, maybe if all tourism stops they might considering being less oppressive.
Dear sir, what exact blatant lies did I write, and why did the post make you so angry?
What exactly does the PRC law say about Chinese nationals' right to use encryption (or lack thereof)?
I am also aware that especially in the larger cities of China proper the Han-Chinese people (who are not suspected of any "anti-state activities") running their own computers are not generally bothered by the State authorities, especially since only a tiny percentage of them would be using encyption software not vetted by the State. I also hope you realize that the reality for people in the PRC Government's bad books (human rights activists, independent thinkers and writers) and in the so-called "autonomous regions" is somewhat different.
Pointing out the shortcomings of your unelected regime and its laws was in no way criticism of you as an individual, but as the modding is already showing there's a strong Hive Mentality among many Chinese which causes them to attack any critic of their rulers...
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
I hope you realize that nearly all of the computers with access to the internet today are equipped with encryption software-a browser supporting HTTPS protocol.Thanks.
sorta like the US for the past 8 years, it seems.... authoritarian state that is....
self destruct
On my recent trip to Beijing, I was able to access any site I normally would have in my regular browsing, had no troubles getting and sending mail via TLS on IMAP and SMTP and I was able to ssh into servers halfway around the world easily (if with a little latency). I even tested my VPN connection back to a server in Canada and had no problems whatsoever.
While there still may be some restrictions, I didn't see any.
My 0.02
Thank you for kindly pointing out that HTTPS is a protocol, not a cipher. It is the latter that actually encrypts the traffic.
Now, is it actually legal under the PRC's laws to use ciphers not specifically approved by the State authorities?
Are Chinese individuals or organizations inside the PRC allowed to freely operate servers with strong encryption of their choice and without permission from the State? Which authority within the PRC is allowed to grant certificates?
Are the State's routers/filters able to recognize and simply drop HTTPS connections at their whim?
Does simply using HTTPS protocol prevent the State from logging your connections or attempts to connect to "suspicious sites" (eg. those about democracy and human rights or just critical of the Party)? You know the State's most powerful censorship tool is in fact instilling an inherent sense of self-censorship in its subjects.
Does the mere presence of HTTPS (with whatever ciphers are bundled) allow the Chinese "netizens" to connect to material otherwise banned or filtered by the State freely and without fear of retribution?
Thanks for any clarification.
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
The Australian government has already got some ISPs to sign-up to test its preferred "filtering" system (ie, "AU's Great Firewall").
While only a handful of ISPs are reportedly participating in the highly unpopular filtering tests, I have no idea WHY they would voluntarily do so... (Are they getting paid?)
Will the tricks that work for China's "Great Firewall" for for Uncle Rudd's / "AU's Great Firewall"?
As much as I am annoyed by the heavy internet blocking in Thailand, I'd rather be ignorant of my repression than browse the internet at sub 1kps - such as by using Tor.
Circumventing gov't firewalls using current technology just isn't practical.
Answer to question 1 :Yes,there is no law prohibiting that, cipher alone is not a problem for them. Simply posting articles related to encryption technology also never get you caught, in fact, cryptography courses are taught in a number of colleges and Universities, in my University, Bruce Schneier's book is used uncensored,along with all of the original programs provided in a printed form.
Answer to question 2 :Theoretically, the law requires you to apply for a certificate even if you just want to operate a website with your own domain name. Although it's ratherly enforced, when it's it really is a disaster. I knew that there were two entire IPCs being disconnected for just several defunct websites without certificates. The authority to grant the certificate is the Ministry of Industry and Information Technology.
Answer to question 3 :They're potentially able to do so, but I have never experienced any HTTPS connection being dropped personally. The biggest problem for me is that most of those still unbanned "suspicious sites" don't provide HTTPS support. You know their first priority is intercepting the keywords rather than the HTTPS connections.
Answer to question 4 : As far as I know, they are not able to decrypt your traffic if you use HTTPS, however ,they have a IP blcklist so it doesn't make a difference for sites already banned.
Answer to question 5 :There is no government authority claiming responsibility for operating the GFW(actually this is mostly the responsibility of telcos), you don't need to fear of retribution even if they go after you because you can always claim you don't know the site is banned, as they simply reset your connection and there is never a warning message of any kind sent to you(this comapred to Iran where a warning message is displayed).In conclusion, just browsing "reactionary sites" doesn't pose a threat of any kind to you, but if you want to operate one, well, that depends on who you're.
Thanks for your constructive query. :-)
I've many Chinese friends who are as worried about the FQ phenomenom as I am. It's always unpleasant to be shouted down or having your message buried for ideological reasons.
Anyway, I'm not sure if you noticed but elsewhere in this thread I posted the regulations governing foreign-based organizations' (like businesses and NGOs) and foreign individuals' use of crypto in the PRC. The laws governing PRC nationals' use of crypto are said to be nearly identical. But as is often the case in today's China, the actual enforcement of laws is very haphazard and selective. Using SSH while keeping totally clear of anything the State might consider subversive or controversial (like simple river crabs!) and not pushing your luck on foreign connections seems safe. Open-source disk-encryption tools are also a download away and their use highly recommended (by me!), but if the PSB comes knocking on your door they'll only make offers you can't refuse.
Surely the PRC's statute books are available online for concerned people to study, and if you are interested in looking into the exact legal terms regulating crypto in China, some useful keywords would be "State Encryption Administration" and "State Encryption Management Commission" which are the organizations charged with enforcing the regulations.
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
Just a footnote: There is plenty of information regarding PRC's laws regulating foreigners' and in particular foreign businesses' encryption rules, but very little in terms of specifics about the same laws concerning Chinese nationals. I have, however, followed the debate and read many a newspaper article (outside China) over the years and like in the case of "state secrets", it may be that the lack of debate (naturally also within China) is partially due to intentional obfuscation over what is permitted and what is not permitted. Discussion about Chinese people's civil liberties isn't exactly the state-approved hot topic in the Chinese media nor in the discussion forums.
My non-exhaustive search came up with a few quotes from the Network World magazine:
and
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?