Slashdot Mirror
The Best Way Through the Great Firewall of China
eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."
It is worth noting that the report was released in 07 and "Some of the data is now out of date"
They fitted George Orwell's coffin with rollers so he could turn over more easily years ago.
I've found the fastest way through the Great Firewall of China to be Mongolosploit. It may take somem time but it's persistent.
Excuse me while I gather the virgin sacrifice and assemble the pentagram required to solve your problem
I used rootshell.be in the past. I now can use xs4all.nl. These are obviously outside my country and do not include my own machines, nor my employers.
And although the technical solution might be easy, the way to get that is not as easy. Would you give a Chinese person ssh access to your machine? What about an Iraqi? Afghan? Somebody from the south of France with a nickname of ETA001?
You could be under closer investigation from your own government.
I am even hesitant to give people ssh access that I know personally, let alone somebody I never have seen or heard of.
Don't fight for your country, if your country does not fight for you.
of course, the huge downside is the long loading times.
No, the huge downside is that if anyone decides you're a problem, your circumvention methods are illegal and easy to detect.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If I recall correctly, Chani (of KDE fame) once blogged about having difficulty even using SSH from inside China.
I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.
Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
Unlike individuals, companies may be permitted to use encryption without surrendering the keys to the State, but that only happens if the company has been deemed supportive of the Government, or if their presence in China otherwise benefits the State's objectives.
Since I have some Chinese fenqing (those mindless hordes attacking enemies of State during the Cultural Revolution but now ultra-nationalistic) on my tail this post will probably be modded into oblivion either immediately or eventually...
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
JAP -- german government or better said their intelligence service has a direct interface to it... so what is better chinese or german gov watching your porn downloads?
Like getting arrested, or run over by a tank, or being re-educated.
Dont even want to be free from the firewall, because it might break their perfect-image that they are so great. They get taught from birth that they live in the best place on Earth and believe this to the fullest. Say anything bad about China towards a Chinese who never left the country and no matter how much evidence you give them and facts you feed them they won't believe it.
I showed some Chinese websites about Tianmen square, video's, the wikipedia, but all they said that is was fake material made by people who hate China. Some that did know about it was fully on the side of their government and it was just "keeping order".
Let them take care of it themself if they want to see the truth and not be oppressed but the way it is they want it and like it.
And if you are a foreigner who needs the a unregulated internet connection, avoid countries like China, maybe if all tourism stops they might considering being less oppressive.
It depends on where your nationality resides. It is accepted and assumed that Americans/The West (TM) will use encryption because they see us as being very concerned about privacy and protective of our business secrets et al. So if you're American/European and over there, you won't have any trouble using encryption/SSH2/etc. A Chinese citizen, on the other hand, would have more trouble getting away with it.
I went to China for vacation November 2008. It was crazy watching the U.S. election from the Yengtze river.
Being the dork that I am I spent a good chunk of time playing around with the Great Firewall of China. One thing that baffled me was the ease of which I could find "censored" material. For example the wikipedia page for the Tiananmen Square protests was accessible (http://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989).
Searching Google images for "Tiananmen Square" came back with hundreds of tanks, bloody civilians and the like - no different than in the U.S.
Yet some things were banned. I found that all the free http proxies that I tried were banned. I couldn't get to wikileaks.org. And I couldn't get to the Tor website to download the installer.
This presents an interesting chicken and egg problem with circumvention software. How do you get the software in the first place if it's source of the software package is censored? I ended up asking a buddy of mine in the U.S. to send me the Tor program via gmail, but not everyone has that option.
I was only on a very slow 8k/sec connection so at times it was difficult to tell if a site was banned or if it just was really slow. I could only really tell by running a trace route. It would always time out at the same router, presumably the router that bridged between inside and outside China.
In case anyone is interested here is a tracert going to a banned site.
C:\>tracert wikileak.org
Tracing route to wikileak.org [72.1.201.156]
over a maximum of 30 hops:
1 490 ms 298 ms 298 ms 220.192.136.4
2 298 ms 299 ms 299 ms 220.192.136.251
3 298 ms 280 ms * 61.242.160.182
4 280 ms 342 ms 296 ms 211.94.54.205
5 432 ms 439 ms 439 ms 211.94.56.105
6 438 ms 459 ms 459 ms 211.94.55.5
7 358 ms * 1107 ms 211.94.39.98
8 499 ms 480 ms 479 ms 211.94.55.250
9 * 1108 ms 479 ms sl-gw22-ana-1-0.sprintlink.net [144.228.79.177]
10 498 ms 500 ms 518 ms sl-crs2-ana-0-1-2-2.sprintlink.net [144.232.1.12
2]
11 518 ms 519 ms 539 ms sl-crs2-fw-0-13-3-0.sprintlink.net [144.232.19.1
97]
12 536 ms 538 ms 558 ms sl-crs2-kc-0-0-0-2.sprintlink.net [144.232.19.14
1]
13 537 ms 558 ms 538 ms sl-crs2-chi-0-8-0-3.sprintlink.net [144.232.18.2
14]
14 528 ms 539 ms 539 ms sl-st21-chi-11-0-0.sprintlink.net [144.232.20.21
]
15 537 ms 539 ms 540 ms sl-bigpi4-209998-0.sprintlink.net [144.223.6.30]
16 536 ms 559 ms 539 ms rc2ch-pos10-0.il.shawcable.net [66.163.65.41]
17 537 ms 719 ms 539 ms rc1ch-ge1-0-0.il.shawcable.net [66.163.65.1]
18 556 ms 560 ms 559 ms rc2sh-pos13-0.mt.shawcable.net [66.163.77.13]
19 558 ms 557 ms 559 ms ra2sh-tge10-1.mt.shawcable.net [66.163.66.78]
20 597 ms 578 ms 580 ms rx0sh-hydro-one-telecom.mt.bigpipeinc.com [66.24
4.255.38]
21 578 ms 559 ms 559 ms 142.46.128.14
22 779 ms 779 ms * tol-gsr.telecomottawa.net [142.46.130.10]
23 * *
I think the point he's making is that he doesn't trust anybody to use his internet connection.
Sharing domestically, he could be charged with kiddie porn.
Sharing internationally, he could be charged with treason/terrorism.
Buckle your ROFL belt, we're in for some LOLs.
http://yro.slashdot.org/article.pl?sid=08/03/06/1717242
if this strikes many of you as too low tech, recall that most of western liberal notions such as freedom of the press and freedom of expression were established BEFORE the internet. obviously! but we in the west have become so addicted and enamored of the permanence and instantaneousness of the internet, we almost can't imagine life before it, or a struggle for freedom without this aid. but the struggle for basic human dignity can and will happen, even without the net
life without a free net retards progress, but doesn't stop it. progress on basic human rights WILL come to china eventually. the grumpy old men in beijing can't hold on forever. they are human, they make mistakes. the best they can do is make the rightful fight for basic human rights in china a painful one for their fellow chinese
to any "faithful" chinese reading this message: i didn't know being a proud chinese meant being a dumb chinese. but if you defend the policies of the grumpy old technocrats to keep the average chinese's media strictly controlled, that's what exactly what you do. the only way to a strong china is a free china. if you think just an authoritarian ultracapitalist china is a strong china, whoa boy, watch what happens as the world economy continues to shrink. china is not immune to the inevitable lessons of history about economic recessions and draconian governemnts. enjoy your defensive posture
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Given the kind of freaky porn that comes out of Germany, I doubt the German government is going to be phased by anything the Chinese decide to download.
I know how it feels like being cyberstalked. Kinda pathetic. But hey, how many of them are really slashdotters caring about the karma stuff? ;)
As a Chinese, I'm not offended by your viewpoints or position, in fact I quite understand it. However, I remain somewhat skeptic about the factuality of your post because I don't know any established Chinese law regarding the regulation of encryption technology used by individuals (IANAL of course). Can you give me a pointer to some legal material that supports your post? I believe I use encryption of one kind or another on a daily basis (SSH and HTTPS come to mind, as well as the encryption facilities built into bittorrent).
Colorless green Cthulhu waits dreaming furiously.
The French used to have a complete ban on encryption until recently. The UK in the mid-90s were pushing for a key escrow system, where all individuals would have to lodge a copy of their private key with the government, and were very close to succeeding. Instead we now have the RIPA, where you have to disclose your key when asked or go to jail. The only way to safely store a stranger's data on your machine is if it's encrypted and you have no access to the key. Even then ISPs are monitoring what you are downloading.
There can be plenty of reasons for allowing people to ssh through your machine, but I also would only do it for friends. I did it for one of my friends who wanted to be able to job search during lunch time but didn't want his employer to know he was looking. He wasn't breaking any laws or company rules, but wanted his privacy protected. However, like Idiomatick I would be happy to help anybody that had a good and convincing reason (though they would be in chroot).
Phillip.
Property for sale in Nice, France
If you have a home virtual private networking service setup, or if you have access to a company virtual private networking service, why not just connect to your VPN? Problem is solved, connection is encrypted, and without the potential of tunnel hell or application incompatibility of port forwarding and tunneling.
Having said that, the censors at China are not that concerned of English offending content; it's more that they're worried about the uneducated public being incited by content online since content is so easily spread via the Internet, at the same time, it is also easy to organize protests online. If you already know English or you've been educated overseas, you're no longer someone they are targeting.
In China and Chinese-ruled territories use or possession of encryption technology without permission from the Chinese Communist Party (aka PRC government) is an offense against the State/CCP. For those forms of encryption that the Party does permit to be used, eg. in online shopping, the Party must have the decryption keys.
You have either been misinformed or are deliberately making stuff up for some reason. I have ran sshd and apached (with encryption) on my own computer for years. I use GnuPG to communicate with my friends. But I have NEVER been required to acquire permission from the "Party", nor have I given my decryption keys to anybody.
As much as I despise my communist government, spreading blatant lies like this is not going to help bring about its demise. If anything it only makes more of your "mindless hordes of ultra-nationalists", because your so-obviously-made-up description of china can be translated and circulated on the chinese bulletin boards as "proof" that westerners want nothing but the "down-fall of China", and how "ignorant" they are of "the great achievements made by the Chinese people under the leadership of the Communist party". Yes I know this is very laughable, but that's the sad truth, and it has happened very often in the past few years. Things like this can easily be used to provoke nationalist and anti-western sentiment in China, which will make the work of those brave individuals who tirelessly try to promot the values of human right, freedom, democracy, etc. (the "symbolic" values of the western world) in China more difficult than it already is.
is even better, can even get you through some non-free hotspots, and it's hardly ever blocked where most other things are.
#define fazed "to disturb the composure of"
Hope this helps.
February 9th, 2009 8:55pm: Slashdot becomes self-aware.