Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Best Way Through the Great Firewall of China

Posted by CmdrTaco on from the route-around-oppression dept.

eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."

9 of 118 comments (clear)

  1. Tunnel SOCKS through SSH? by RT+Alec · · Score: 3, Interesting

    I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.

    Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.

    1. Re:Tunnel SOCKS through SSH? by Piranhaa · · Score: 3, Interesting

      Remember your dns queries still go through by regular, unencrypted, means... That 'could' draw attention to whoever is using it. A friend of mine gives access to his SSH server for tunneling for his buddy is Saudi Arabia - just needs to be careful.

  2. All encryption requires permission from the Party by Anonymous+Bullard · · Score: 3, Interesting

    In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.

    Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.

    Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...

    --

    Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?

  3. the people in china by Anonymous Coward · · Score: 5, Interesting

    Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.

    I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".

    Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.

    And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.

    1. Re:the people in china by Anonymous Coward · · Score: 1, Interesting

      Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material

      When I went there everybody knew about it. Try asking them using the term "June Fourth Movement".

      Not everybody refers to it as the "Tiananmen Square Massacre".

  4. My experience in China (Nov. 2008) by nkovacs · · Score: 5, Interesting

    I went to China for vacation November 2008. It was crazy watching the U.S. election from the Yengtze river.

    Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).

    Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.

    Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.

    This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.

    I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.

    In case anyone is interested here is a tracert going to a banned site.

    C:\>tracert wikileak.org

    Tracing route to wikileak.org [72.1.201.156]
    over a maximum of 30 hops:

    1 490 ms 298 ms 298 ms 220.192.136.4
    2 298 ms 299 ms 299 ms 220.192.136.251
    3 298 ms 280 ms * 61.242.160.182
    4 280 ms 342 ms 296 ms 211.94.54.205
    5 432 ms 439 ms 439 ms 211.94.56.105
    6 438 ms 459 ms 459 ms 211.94.55.5
    7 358 ms * 1107 ms 211.94.39.98
    8 499 ms 480 ms 479 ms 211.94.55.250
    9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]

    10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
    2]
    11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
    97]
    12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
    1]
    13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
    14]
    14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
    ]
    15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]

    16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
    17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
    18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
    19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
    20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
    4.255.38]
    21 578 ms 559 ms 559 ms 142.46.128.14
    22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
    23 * *

  5. Re:All encryption requires permission from the Par by gzipped_tar · · Score: 5, Interesting

    I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)

    As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).

    --
    Colorless green Cthulhu waits dreaming furiously.
  6. Re:Best way: by horza · · Score: 2, Interesting

    The French used to have a complete ban on encryption until recently. The UK in the mid-90s were pushing for a key escrow system, where all individuals would have to lodge a copy of their private key with the government, and were very close to succeeding. Instead we now have the RIPA, where you have to disclose your key when asked or go to jail. The only way to safely store a stranger's data on your machine is if it's encrypted and you have no access to the key. Even then ISPs are monitoring what you are downloading.

    There can be plenty of reasons for allowing people to ssh through your machine, but I also would only do it for friends. I did it for one of my friends who wanted to be able to job search during lunch time but didn't want his employer to know he was looking. He wasn't breaking any laws or company rules, but wanted his privacy protected. However, like Idiomatick I would be happy to help anybody that had a good and convincing reason (though they would be in chroot).

    Phillip.

    --
    Property for sale in Nice, France
  7. OpenVPN in UDP on port 53 by Nicolas+MONNET · · Score: 2, Interesting

    is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.