Slashdot Mirror
The Best Way Through the Great Firewall of China
eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."
It is worth noting that the report was released in 07 and "Some of the data is now out of date"
They fitted George Orwell's coffin with rollers so he could turn over more easily years ago.
Know someone on the outside and arrange SSH access with them.
My blog
... give the PRC better information on how people piercer the GWoC?
"I don't know, therefore Aliens" Wafflebox1
I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.
Excuse me while I gather the virgin sacrifice and assemble the pentagram required to solve your problem
A friend of mine lives in Beijing, apparently the great firewall is load of PR fluff, which anyone -- including barely tech-literate people -- work around by using public proxies.
Granted, it is lame, it does have a chilling effect on free speech, but mostly it's just a PR stunt by the Chinese government.
of course, the huge downside is the long loading times.
No, the huge downside is that if anyone decides you're a problem, your circumvention methods are illegal and easy to detect.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Dress as a woman and they'll let you through. Scotsmen traditionally wear skirts to this day.
If I recall correctly, Chani (of KDE fame) once blogged about having difficulty even using SSH from inside China.
I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.
Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.
Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
JAP -- german government or better said their intelligence service has a direct interface to it... so what is better chinese or german gov watching your porn downloads?
Like getting arrested, or run over by a tank, or being re-educated.
How does the Chinese government view the use of such software as OpenVPN?
Is that also an illegal encryption technology for individuals?
secret multiplayer javascript spreadsheet game
Interesting until you get too big that even moving a single step is very costly, then you just end up being a stationary fixture, like a dragon that nobody wants to get too close to.
I work for the Department of Redundancy Department.
Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".
Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.
And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.
It depends on where your nationality resides. It is accepted and assumed that Americans/The West (TM) will use encryption because they see us as being very concerned about privacy and protective of our business secrets et al. So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc. A Chinese citizen, on the other hand, would have more trouble getting away with it.
Yeah, right. Like the reason why the inspectors didn't find any WMDs in Iraq is because they were hidden inside Saddam's wife's burqa ;-)
I went to China for vacation November 2008. It was crazy watching the U.S. election from the Yengtze river.
Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).
Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.
Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.
This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.
I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.
In case anyone is interested here is a tracert going to a banned site.
C:\>tracert wikileak.org
Tracing route to wikileak.org [72.1.201.156]
over a maximum of 30 hops:
1 490 ms 298 ms 298 ms 220.192.136.4
2 298 ms 299 ms 299 ms 220.192.136.251
3 298 ms 280 ms * 61.242.160.182
4 280 ms 342 ms 296 ms 211.94.54.205
5 432 ms 439 ms 439 ms 211.94.56.105
6 438 ms 459 ms 459 ms 211.94.55.5
7 358 ms * 1107 ms 211.94.39.98
8 499 ms 480 ms 479 ms 211.94.55.250
9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]
10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
2]
11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
97]
12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
1]
13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
14]
14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
]
15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]
16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
4.255.38]
21 578 ms 559 ms 559 ms 142.46.128.14
22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
23 * *
http://yro.slashdot.org/article.pl?sid=08/03/06/1717242
if this strikes many of you as too low tech, recall that most of western liberal notions such as freedom of the press and freedom of expression were established BEFORE the internet. obviously! but we in the west have become so addicted and enamored of the permanence and instantaneousness of the internet, we almost can't imagine life before it, or a struggle for freedom without this aid. but the struggle for basic human dignity can and will happen, even without the net
life without a free net retards progress, but doesn't stop it. progress on basic human rights WILL come to china eventually. the grumpy old men in beijing can't hold on forever. they are human, they make mistakes. the best they can do is make the rightful fight for basic human rights in china a painful one for their fellow chinese
to any "faithful" chinese reading this message: i didn't know being a proud chinese meant being a dumb chinese. but if you defend the policies of the grumpy old technocrats to keep the average chinese's media strictly controlled, that's what exactly what you do. the only way to a strong china is a free china. if you think just an authoritarian ultracapitalist china is a strong china, whoa boy, watch what happens as the world economy continues to shrink. china is not immune to the inevitable lessons of history about economic recessions and draconian governemnts. enjoy your defensive posture
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
When I need to avoid a Firewall I use a SSH proxy server. How easy it is to use depends on every applications.
You can use any port you want, but the downside is you need to have a SSH server somewhere on the outside.
Love many, trust a few, do harm to none.
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)
As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).
Colorless green Cthulhu waits dreaming furiously.
If you have a home virtual private networking service setup, or if you have access to a company virtual private networking service, why not just connect to your VPN? Problem is solved, connection is encrypted, and without the potential of tunnel hell or application incompatibility of port forwarding and tunneling.
Having said that, the censors at China are not that concerned of English offending content; it's more that they're worried about the uneducated public being incited by content online since content is so easily spread via the Internet, at the same time, it is also easy to organize protests online. If you already know English or you've been educated overseas, you're no longer someone they are targeting.
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
Seriously? Chinese pr0n is even weirder, IMO. I'd give you a copy of the comprehensive study I wrote on the subject, but the pages are all stuck together...
Assuming this is true, and another commenter has called this into question, so what? If you're using privacy software to punch through the Great Firewall, you are by definition doing something the government doesn't like, and probably several things. If you can get your hands on Tor in the first place, you might as well use it.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Everyone who does anything technical in China (I'm talking of Chinese people here), knows to use a VPN to tunnel out to Japan or somewhere similar. If it's "illegal" you certainly wouldn't know it.
I recently returned from 6 months in Beijing where I reliably used my OpenVPN connection to an Amazon EC2 server whenever I needed something "special". Don't get me wrong, the great firewall is a pain in the ass, and they don't have the infrastructure (intentionally) to support that much traffic flowing in and out, but it's the same intarwebs we all use.
So Chinese citizens can't use SSH? You must log into systems using cleartext?
Wow, this seems like it could potentially cause lots of security problems.
Also, given how easy it is to use encryption without even knowing (Skype uses it, for instance), it must be scary to be a Chinese computer geek. o.O
Though I suspect that these laws are only enforced if a citizen becomes a Problem(TM) for the state. Still scary, though, as you can probably become a Problem(TM) doing fairly innocuous things.
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
You have either been misinformed or are deliberately making stuff up for some reason. I have ran sshd and apached (with encryption) on my own computer for years. I use GnuPG to communicate with my friends. But I have NEVER been required to acquire permission from the "Party", nor have I given my decryption keys to anybody.
As much as I despise my communist government, spreading blatant lies like this is not going to help bring about its demise. If anything it only makes more of your "mindless hordes of ultra-nationalists", because your so-obviously-made-up description of china can be translated and circulated on the chinese bulletin boards as "proof" that westerners want nothing but the "down-fall of China", and how "ignorant" they are of "the great achievements made by the Chinese people under the leadership of the Communist party". Yes I know this is very laughable, but that's the sad truth, and it has happened very often in the past few years. Things like this can easily be used to provoke nationalist and anti-western sentiment in China, which will make the work of those brave individuals who tirelessly try to promot the values of human right, freedom, democracy, etc. (the "symbolic" values of the western world) in China more difficult than it already is.
Pet peeve of mine: phased != fazed.
Ignoring your whining, anti-US tone for a moment, your post does (surprisingly) have interesting implications.
/etc would fume over it, and although the US govt would grumble, I would guess that there is probably a sizeable number of regular folks in the US who would love to have the Chinese take on various DRM schemes. That might well be the next killer app. Let's face it, China is already the epicenter for mass piracy of software and other IP from the US and elsewhere, and the official US attempts to rein it in have gained little traction. I don't think there would be much effective backlash if the Chinese put out DRM-stripping studies or tools. As a matter of fact, because of the chilling effects of the DMCA, plus the widespread US influence in much of the rest of the world, China is probably one of the few places that such tools could be developed with impunity.
Although the RIAA
Voting machines would be more worrisome, but honestly, they're already pretty crappy to begin with. If anything, your post underlines the importance of NOT relying on computerized voting machines. However, I imagine there is an important difference between the Harvard study and your hypothetical Chinese study. If the Chinese ever do (or did) study how to crack voting machines, you can bet they won't be making their findings public.
I prefer rogues to imbeciles because they sometimes take a rest.
is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.
I have no mod points,anybody mod parent up?
In case some people aren't aware of the realities in the PRC, all "laws" have been de facto written by the Chinese Communist Party and they are also subject to interpretation by the "courts" which are under direct rule of the Party. There is no separation whatsoever between the Party's executive and judicial arms, which is one of the reasons why the "People's Republic" of China is classified as an authoritarian state.
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
Please define fazed then.
http://www.picidae.net/ ... To make surfing on that image possible, pici-server analyses the web site and puts links via image maps onto the image where they can be seen on the web site. So one can click in the web browser with the mouse onto the links like on the "true" web page"
- is a proxy service which "creates an image of the website
the actual page to use (the proxy) is:
http://pici.picidae.net/
is it even possible to control this with a firewall?
Fuck you, Jimmy !
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
That's "fazed". Although I'd expect the German government would be pretty worried once China starts using depolarised positronic tachyon beams to phase them out of existence. ;)
Homonyms are fun!
You're driving your car, but they're riding their bikes there.
Dont even want to be free from the televsion, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about the USA towards a US citizen who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Americans websites about the war in Iraq, video's, the wikipedia, but all they said that is was fake material made by people who hate the USA. Some that did know about it was fully on the side of their government and it was just "keeping order".
Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.
And if you are a foreigner who needs the a unmonitored internet connection, avoid countries like the USA, maybe if all tourism stops they might considering being less oppressive.
That is not entirely correct. They can request a wiretap of JAP-client with a warrant... which is not much different from your normal Internet connection and phone.
It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
#define fazed "to disturb the composure of"
Hope this helps.
February 9th, 2009 8:55pm: Slashdot becomes self-aware.
I hope you realize that nearly all of the computers with access to the internet today are equipped with encryption software-a browser supporting HTTPS protocol.Thanks.
self destruct
On my recent trip to Beijing, I was able to access any site I normally would have in my regular browsing, had no troubles getting and sending mail via TLS on IMAP and SMTP and I was able to ssh into servers halfway around the world easily (if with a little latency). I even tested my VPN connection back to a server in Canada and had no problems whatsoever.
While there still may be some restrictions, I didn't see any.
My 0.02
I used it about two years ago when I was in China without a problem. I also believe I was on an unrestricted / less restricted line at a University as a foreign teacher.
I used my students in my classes like a human scanner. I would assign them to do reports on things, knowing there where only certain sorts of sites they would likly find the info at that perhaps might contain unrelated info, and then the next day when 100 students reported back they could not finish the assignment I could at least get a sense for the difference between my connection and theirs. By the way, I never put any of my students in any sort of danger. Just more of general sweep. Things like the BBC where blocked at that time for everyone, but Gutenberg I could access and they could not. I also found out that the various government officials that I was friends with had much more unrestricted access, and even a few where a bit puzzled by why they could see newspapers in Taiwan that where otherwise blocked for everyone else.
Mostly china's sensors are about fear and white noise. Understand the limits of both of those, and China is fairly unrestricted.
Living in Chile
Whatsa matter, draft got up yer skirt?
Answer to question 1 :Yes,there is no law prohibiting that, cipher alone is not a problem for them. Simply posting articles related to encryption technology also never get you caught, in fact, cryptography courses are taught in a number of colleges and Universities, in my University, Bruce Schneier's book is used uncensored,along with all of the original programs provided in a printed form.
Answer to question 2 :Theoretically, the law requires you to apply for a certificate even if you just want to operate a website with your own domain name. Although it's ratherly enforced, when it's it really is a disaster. I knew that there were two entire IPCs being disconnected for just several defunct websites without certificates. The authority to grant the certificate is the Ministry of Industry and Information Technology.
Answer to question 3 :They're potentially able to do so, but I have never experienced any HTTPS connection being dropped personally. The biggest problem for me is that most of those still unbanned "suspicious sites" don't provide HTTPS support. You know their first priority is intercepting the keywords rather than the HTTPS connections.
Answer to question 4 : As far as I know, they are not able to decrypt your traffic if you use HTTPS, however ,they have a IP blcklist so it doesn't make a difference for sites already banned.
Answer to question 5 :There is no government authority claiming responsibility for operating the GFW(actually this is mostly the responsibility of telcos), you don't need to fear of retribution even if they go after you because you can always claim you don't know the site is banned, as they simply reset your connection and there is never a warning message of any kind sent to you(this comapred to Iran where a warning message is displayed).In conclusion, just browsing "reactionary sites" doesn't pose a threat of any kind to you, but if you want to operate one, well, that depends on who you're.
Just a footnote: There is plenty of information regarding PRC's laws regulating foreigners' and in particular foreign businesses' encryption rules, but very little in terms of specifics about the same laws concerning Chinese nationals. I have, however, followed the debate and read many a newspaper article (outside China) over the years and like in the case of "state secrets", it may be that the lack of debate (naturally also within China) is partially due to intentional obfuscation over what is permitted and what is not permitted. Discussion about Chinese people's civil liberties isn't exactly the state-approved hot topic in the Chinese media nor in the discussion forums.
My non-exhaustive search came up with a few quotes from the Network World magazine:
and
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?