Inside the Great Firewall of China's Tor Blocking

← Back to Stories (view on slashdot.org)

Inside the Great Firewall of China's Tor Blocking

Posted by Unknown on Monday January 9, 2012 @11:57AM from the onions-against-the-revolution dept.

Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."

160 comments

Min score:

Reason:

Sort:

And you say Chinese can't innovate by DCTech · 2012-01-09 11:58 · Score: 5, Insightful

Clearly they're one of the best software engineers in the world when they want to, being capable of real-time packet inspection and probing. China has over 1.7 billion people who almost all want to work in IT. They will rule the world.
1. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 12:01 · Score: 4, Funny
  
  Where did they pick up the extra 400 million people from?
2. Re:And you say Chinese can't innovate by axx · 2012-01-09 12:06 · Score: 2, Interesting
  
  Do you really believe that a census on over one billion people, who have (who had?) an incentive to lie about their progeny, is credible?
  Hell, I might be wildly off the mark but for all we know there could be two billion people in China, I wouldn't be that surprised.
  Hopefully someone more aware of the reality of the situation will chime in.
  
  --
  No wit here.
3. Re:And you say Chinese can't innovate by gman003 · 2012-01-09 12:18 · Score: 2
  
  Wikipedia cites 1.3 billion
  The margin of error in the US census is 0.009%.
  Even allowing for China to have a margin of error a hundred times that of America's, you're looking at a maximum inaccuracy of ~12 million people, not 300.
4. Re:And you say Chinese can't innovate by Ethanol-fueled · 2012-01-09 12:56 · Score: 2
  
  Haw, I might believe you if you can prove to us that it's solely Chinese technology doing the filtering, and not solutions from Western vendors such as Naurus or Procera.
  
  All of the big links provide only details about the type of filtering and not the hardware used.
5. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 12:59 · Score: 0
  
  Simply scan for connections that you can't probe and shit can them immediately.
  It really isn't that mysterious.
6. Re:And you say Chinese can't innovate by cp.tar · 2012-01-09 13:17 · Score: 4, Interesting
  
  Despite the error in your numbers, your post reminded me of Focus in Vernor Vinge’s A Deepness in the Sky.
  Spooky.
  
  --
  Ignore this signature. By order.
7. Re:And you say Chinese can't innovate by Tracy+Reed · 2012-01-09 14:28 · Score: 1
  
  Or they paid some round-eye to implement this for them. They certainly have the resources.
8. Re:And you say Chinese can't innovate by saleenS281 · 2012-01-09 14:36 · Score: 4, Interesting
  
  You're assuming they're building it themselves. Given the recent accusations and lawsuit against Cisco, it's entirely possible that a US or some other country based company is writing the code they're using.
  
  http://www.huffingtonpost.com/2011/05/23/cisco-falun-gong-lawsuit_n_865585.html
9. Re:And you say Chinese can't innovate by QQBoss · 2012-01-09 14:53 · Score: 2
  
  It isn't an issue of error bars, it is more an issue of outright fraud in the census.
  Illegal aliens (both internal and external... do you know anything about the hukou system?) have an extremely high incentive to remain uncounted, particularly if they have children.
  From 2008:
  http://www.china-briefing.com/news/2008/09/01/is-china%E2%80%99s-population-really-13-billion.html
10. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 14:57 · Score: 0
  
  You don't know what you don't know.
  You can guess all you want.
  But you don't know what you don't know.
  How - hard - is - that?
11. Re:And you say Chinese can't innovate by wisty · 2012-01-09 15:49 · Score: 2
  
  Are they actually capable of real time packet encryption; or do they just run it like a proxy? The lag can be horrific, like there's some server at the border waiting for the whole page to download, before they forward it to you.
12. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 16:13 · Score: 0
  
  that's funny, a few minutes ago, when I saw the article above this one, about the FBI sentinel program, I thought of the 'ubiquitous survellaince' society of the Emergents, and the emphasis on advanced forms of automation.
13. Re:And you say Chinese can't innovate by lsatenstein · 2012-01-09 16:29 · Score: 1
  
  Is it perhapa a combination of quality software engineers and the quantity of software engineers that China can put to the monitoring function? With quantity and quality, one can divide and conquer.
  
  --
  Leslie Satenstein Montreal Quebec Canada
14. Re:And you say Chinese can't innovate by swalve · 2012-01-09 16:34 · Score: 1
  
  Where did these 400 million people come from? That would basically be the entire population of the rest of Asia, besides India.
15. Re:And you say Chinese can't innovate by tibman · 2012-01-09 16:48 · Score: 1
  
  You mean ssh and ssl type connections?
  
  --
  http://soylentnews.org/~tibman
16. Re:And you say Chinese can't innovate by sadboyzz · 2012-01-09 18:09 · Score: 2
  
  The reality of the situation in China is that the government is under _huge_ pressure to drop the draconian population control policy, aka one-child policy. However, there is no sign from the regime that it would even consider budging on this issue. So if anything, they have an incentive to _overstate_ the population, rather than understate it.
  The other reality is that hundreds of elementary schools rural areas were closed down over the past few years due to not having enough school kids. Class rooms that once hold 40 children were down to 5, so the local gov simply closed the under attended schools and moved the children into bigger schools in towns, forcing some kids to travel great distances just to get to school everyday. The Hong Kong based Phoenix media ran a documentary on this a couple of years ago, which for some reason, was not aired in mainland China.
17. Re:And you say Chinese can't innovate by Bert64 · 2012-01-09 18:56 · Score: 0
  
  Why is their policy draconian? Over population is a HUGE problem that needs to be dealt with, can you think of any alternative methods that are less "draconian"?
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
18. Re:And you say Chinese can't innovate by QQBoss · 2012-01-09 20:10 · Score: 4, Interesting
  
  How many people are actually in China, I am in no position to guess. But I am in a position to know that census undercounting does occur and why.
  As I mentioned, the "uncounteds" are both internal and external illegal aliens. Unlike most of the Western world, where the right of free travel is assumed, within China you are only legally allowed to live/work/"own" property in the place where you have a hukou (this is a gross oversimplification, but it is the beginning of a discussion). Many of the presumed 400M illegals are native Chinese who have chosen to live where they have no permission to live, doing so under the radar to avoid sanctions which in the past could have been quite onerous. They aren't at their home city to be counted (though children usually are, staying with grandparents, since without a local hukou they have no right to go to school where their parents are living) and they avoid being counted in the city where they are living because they could be forced to return to their officially registered home.
  About 6 or 7 years ago, the hukou laws were supposedly eliminated, but anyone who says they have been completely abolished is wrong. Decentralized, perhaps, but they still exist and are enforced whenever the right government official gets their panties in a wad. Unless and until the hukou laws are actually abolished, the charade will continue.
19. Re:And you say Chinese can't innovate by crutchy · 2012-01-09 20:13 · Score: 1
  
  Where did they pick up the extra 400 million people from?
  that might be their daily population growth :)
20. Re:And you say Chinese can't innovate by crutchy · 2012-01-09 20:16 · Score: 1
  
  i would be less surprised if western companies were copying the chinese
21. Re:And you say Chinese can't innovate by crutchy · 2012-01-09 20:17 · Score: 1
  
  shhh... don't give them more ideas!
22. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 20:55 · Score: 0
  
  Where did they pick up the extra 400 million people from?
  Uncounted second childs. (or if you are picky: It is the stuff your father explained to you with the bees and flowers)
23. Re:And you say Chinese can't innovate by rtb61 · 2012-01-09 21:02 · Score: 3, Insightful
  
  Reality is by far the majority of Chinese in China work as near slave labour in factories or as peasants on farms working for a pittance. Don't get confused by numbers and percentages, plus independent thinking, striving for their voice, Chinese tend to be the ones who have already left and live elsewhere in the world. That is aproximately 40 million people http://en.wikipedia.org/wiki/Overseas_Chinese which you blithely reduce nothing.
  The numbers of Chinese who have a voice in China and are in a position to control anything only number in the tens of thousands, it is an corporo-Fascist Autocracy after all.
  Internet censorship in China is made significantly easier because by far the majority can not afford and must gain access through a limited number of internet cafe's. As time progresses and the majority of people living in China release how backward they are in their rights and how cowardly they have been in failing to fight for them, will of course start to baulk at passing that future on to their children and grandchildren and strive to break the autocracy that controls them.
  So in a future China where 1.3 billion want internet access, we will see how effective the government is at censoring them and keeping them cowed.
  
  --
  Chaos - everything, everywhere, everywhen
24. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 21:17 · Score: 0
  
  I'd just like to say to everyone in this thread that if we were all in a van and you were having this insipid argument while I was driving I would drive us all off a cliff just to make it stop.
25. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-09 21:45 · Score: 0
  
  I wouldn't say almost all want to work in IT. More of them wanting to be traders than to work in IT.
26. Re:And you say Chinese can't innovate by ron_ivi · 2012-01-09 23:55 · Score: 2
  
  Sure, but Cisco probably outsourced the work to China.
27. Re:And you say Chinese can't innovate by Troed · 2012-01-09 23:56 · Score: 1
  
  Why do you claim that over population is a huge problem? The rate of human population growth has been declining for decades. It currently seems as we'll never even hit 10 billion before we drop in total numbers.
  I recommend Hans Rosling on the subject: http://www.ted.com/talks/hans_rosling_on_global_population_growth.html
  
  --
  it's in my head
28. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 00:01 · Score: 0
  
  I actually find this quite interesting and fascinating topic
29. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 00:24 · Score: 0
  
  When will people stop with this "overpopulation" nonsense,
  7 (or even 10) billion people would be problem if every single one of them was living in house in some suburban small american town but with cities reaching tens of millions people sharing very small area i am sure this planet can sustain at least 100 billion people surface area-wise,
  resource-wise (food and energy) with correct resource management and farming used in for example america and other western countries it is possible to make huge amounts of food with very small overhead,
  did you know every year american government pays farmers a lot of money to not use all farm-land area, and even to destroy huge percentage of crops in good years,
  energy was not problem for quite some time, gasoline/diesel maybe but there is nuclear, and even solar ( solar is more expensive but is not as limited as fossil fuels so price should stay stable or decrease instead of increasing) not to mention that if we accepted that not everyone should use car to reach work every single day (or use car to go for groceries) and made supporting infrastructure (city rail, minibuses and such) more optimized, and maybe even free to make people want to use it more
  Best part of urban living is that resources used per person are smaller and smaller the bigger the city gets
30. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 00:40 · Score: 0
  
  I think you underestimate the sheer scale of China's population.
  China's landmass is approximately the same size as the USA and has a third of USA's landlocked water.
  China has a supposed population over 1 billion people MORE than the USA.
  Now try to imagine the USA's existing infrastructure coping with that size population.
31. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 01:09 · Score: 0
  
  I encourage you to drive off the cliff, but just do it alone.
32. Re:And you say Chinese can't innovate by Max_W · 2012-01-10 01:45 · Score: 1
  
  Since they are isolated from the world the soft will reflect it by being limited and boring.
33. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 02:48 · Score: 4, Interesting
  
  I left my job at a major router company around 2004 specifically because Chungwah Telecom was asking for us to implement features to aid spying. Although, interestingly enough, you had to read between the lines to understand that it was for spying... A lot of the techniques that do it are essentially system testing-sounding features like "clone traffic matching this IP to a second address on a different port."
  At that time, deep packet inspection was not yet a reality, but any engineer could easily see that, as the data/traffic moves through numerous custom ASICs and FPGAs, and the headers get inspected, why not examine more of the data in the packet? The first stage I saw of it in the public at large was detection of layer 5 and up protocols, e.g. traffic-limiting bittorrent.
  Last time I was in Taiwan (which has a grumpy relationship w/ China), one of my younger student friends in a University there demonstrated, as his Master's project, an algorithm to detect images without (fully) decoding them. The secret there was to extract, from JPGs only, the DC blocks representing the average RGB values of each 8x8 block. If you know JPG you'll recognize that. The system then ran conventional "porn detection" algorithms, etc. on the extracted mini-images.
  So, yes, I can verify that 1. American companies are writing code to spy on the rest of the world and ourselves. 2. Chinese are asking for it, just like any other feature. 3. The requests for capabilities are often subtle, such that most engineers don't realize what the algorithms are doing and 4. capabilities to do this are steadily growing more powerful.
  So, now, what are you going to do about, boys?
34. Re:And you say Chinese can't innovate by tlhIngan · 2012-01-10 04:04 · Score: 1
  
  Why do you claim that over population is a huge problem? The rate of human population growth has been declining for decades. It currently seems as we'll never even hit 10 billion before we drop in total numbers.
  I recommend Hans Rosling on the subject: http://www.ted.com/talks/hans_rosling_on_global_population_growth.html
  Population growth has to slow down, bacause it's been excessively high for the past centure.
  Just scant century ago, the population of the world was under 2 billion. Now it's 7. In just 100 years, the human population more than tripled. In contrast, the previous 100 years prior to that, it barely doubled from about 1B to just under 2.
  Anyone who sees the population curve over the past few hundred years would see exponential growth, but anyone who knows history that it's unlikely to be sustainable.
  The question becomes, though, can the Earth sustain it? Are we using up banked natural resources (like oil) faster than such resources can be renewed? And more importantly - what about the environment - climate change or no, pollution is an issue (unless you believe Beijing's air quality reports).
35. Re:And you say Chinese can't innovate by Troed · 2012-01-10 04:08 · Score: 1
  
  Feel free to watch the link I gave you, and understand that we're already on a growth limiting curve. There is no "population explosion". The exponential is declining. You can stop worrying.
  (Pollution was an issue centuries ago in London as well, as it is in wood stoves in India today. Technological development does wonders for air quality)
  
  --
  it's in my head
36. Re:And you say Chinese can't innovate by Actually,+I+do+RTFA · 2012-01-10 04:40 · Score: 1
  
  So in a future China where 1.3 billion want internet access, we will see how effective the government is at censoring them and keeping them cowed.
  Censoring people on the Internet is quite easy. You can simply whitelist five pages (Ilovethepremier.com, ChinaRocks.com, etc.)
  But beyond that, technical measures will only take you so far. There's no "reasonable doubt", after all. Chinese official, "We blocked a Tor connection from 123 fake street, go arrest and execute everyone there."
  
  --
  Your ad here. Ask me how!
37. Re:And you say Chinese can't innovate by Toonol · 2012-01-10 05:22 · Score: 1
  
  Education and wealth. It's worked in every western country, and in advanced eastern countries.
38. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 08:28 · Score: 0
  
  Once the economy recovers people will be popping babies out again.
39. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 08:34 · Score: 0
  
  That statement is of course handily disproved by the link already given. On the contrary, better economy means less children.
  I guess some people just have an agenda to push. Getting paid for yours?
40. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 09:13 · Score: 0
  
  If you understand the hukou system, you must also understand that these people without identities _do not exist_. They cannot go to school, hold real jobs, get married, etc. So now you're trying to say you believe there are 400 millions, a good 20-25% of the Chinese population, living without an identity?
  
  ... Not impossible, but not very plausible.
41. Re:And you say Chinese can't innovate by Anonymous Coward · 2012-01-10 22:28 · Score: 0
  
  Why do you claim that over population is a huge problem?
  Because there is a point where you don't have enough food and water to keep people alive.
  
  The rate of human population growth has been declining for decades. It currently seems as we'll never even hit 10 billion before we drop in total numbers.
  That is a horribly misleading statement.
  First, saying the growth rate has slowed is not at all the same as saying we have a negative growth rate. Therefore your claim that we're unlikely to hit 10 billion is entirely unfounded.
  Second, the only reason it's been "declining for decades" is because decades ago we had a massive population boom. Ever hear the term "Baby Boomers"? Yeah, one guess what that's referring to.
  The problem is that the population is still growing, and we're already at a point where there are far too many humans on the planet.
42. Re:And you say Chinese can't innovate by Troed · 2012-01-10 22:35 · Score: 1
  
  Because there is a point where you don't have enough food and water to keep people alive.
  Maybe. Why do you believe we're anywhere near that point?
  
  That is a horribly misleading statement.
  First, saying the growth rate has slowed is not at all the same as saying we have a negative growth rate. Therefore your claim that we're unlikely to hit 10 billion is entirely unfounded.
  It's neither misleading nor unfounded. The UN median population projection is for us to never hit 10 billion. You know, based on actual data.
  
  Second, the only reason it's been "declining for decades" is because decades ago we had a massive population boom.
  No, please go watch the supplied video which contains, again, actual data.
  What's your agenda, and why do you post lies on the intarnetz?
  
  --
  it's in my head
boycott by Anonymous Coward · 2012-01-09 12:03 · Score: 0

the CHICOMs
Fear & Lolling by Anonymous Coward · 2012-01-09 12:04 · Score: 0

They might be able to block TOR, but you have a *dozen* of VPN services that works flawlessly since years, to tunnel under the wall. And not a day of failure, tunnel is happily tunneling data. That firewall is about as effective as was the brick & mortar wall to stop invasion : symbolic value. (Written from Panda Land)
1. Re:Fear & Lolling by Anonymous Coward · 2012-01-09 12:07 · Score: 1
  
  Care to name some? Many free public proxy servers are banned, and the paid ones are expensive enough, such that the masses cannot afford it.
2. Re:Fear & Lolling by mveloso · 2012-01-09 12:08 · Score: 1
  
  VPN access exists as long as the Chinese government allows it to exist. If they can probe and whack TOR, that shows they can whack anything - and that they choose not to.
  Note that some sites in China do actively block VPN connections.
3. Re:Fear & Lolling by Anonymous Coward · 2012-01-09 12:14 · Score: 0
  
  name some? Sure.
4. Re:Fear & Lolling by Anonymous Coward · 2012-01-09 12:34 · Score: 1
  
  I won't name any, advertisement for it are common if you surf popular websites from Panda Land. But I can tell you that yes, it's not for free, but no, it's not expensive, affordable for a Chinese city dweller level of income (8 USD for 6 months, about 50 RMB, which is the price of cinema ticket without the popcorn bucket).
5. Re:Fear & Lolling by PiSkyHi · 2012-01-09 16:20 · Score: 1
  
  Conversely, if you can access global information from within China and its still just a blacklist of IPs, then a VPN can always get through.
6. Re:Fear & Lolling by icebraining · 2012-01-10 00:25 · Score: 2
  
  Using a VPN service advertised on popular websites seems akin to buying drugs from a guy who advertises at the local police station.
  
  --
  Dilbert RSS feed
An alternative by Anonymous Coward · 2012-01-09 12:09 · Score: 0

Alternatively, China has one of the biggest piles of money in the world and there are a lot of companies around the world who will do anything to get their hands on some of it.
My college did it easier by The+MAZZTer · 2012-01-09 12:09 · Score: 4, Informative

Tor has to connect to so-called "dictionary servers" periodically to refresh its list of tor nodes to try to use. If you block those servers, tor breaks.
At least, that's how it worked when they finally figured out how to block it after 3 years. Maybe tor has improved since then.
1. Re:My college did it easier by The+MAZZTer · 2012-01-09 12:16 · Score: 1
  
  Whoops, looks like they're called "directory servers". Not sure if I remember it wrong or if I really did think they were called "dictionary servers".
2. Re:My college did it easier by TSHTF · 2012-01-09 12:23 · Score: 4, Informative
  
  Tor has changed since you read last... "Bridges" were added to Tor and are not listed in any central directory.
  Tor bridges
3. Re:My college did it easier by Anonymous Coward · 2012-01-09 12:26 · Score: 1
  
  You can use Tor without connecting to directory servers. That's the point of bridge nodes, which this article is about...
4. Re:My college did it easier by xiando · 2012-01-09 12:35 · Score: 4, Informative
  
  Tor has to connect to so-called "dictionary servers" periodically to refresh its list of tor nodes to try to use. If you block those servers, tor breaks. At least, that's how it worked when they finally figured out how to block it after 3 years. Maybe tor has improved since then.
  This was the situation. Countries did download the entire Tor directory and block all the nodes listed in it. This is why bridge relays were invented, and there is no public list off all bridge relays. It works like this: You get a bridge address, you connect to a bridge and the bridge then connects to the Tor network. This changed the arms-race. GFW is now able to detect the Tor bridges and this is a set-back for the Tor-project. They will find a solution which fools the GFW and the Chinese will lose face.
  
  --
  9/11: Never forget it was a false-flag operation
5. Re:My college did it easier by Synerg1y · 2012-01-09 12:35 · Score: 1
  
  But... but, if you have an unlisted / unknown proxy server that accepts YOUR connections, wtf is the point of TOR lol? Just start channeling through it over the designated ports. I mean it just uses SOCKS along w the other proxies, tor's gold lies in obfuscating your connection by sending it through relays around the world. Not sure what else is going on that would prevent the above. Either way you set with what tor calls a bridged node :)
6. Re:My college did it easier by BitterOak · 2012-01-09 12:50 · Score: 4, Informative
  
  Tor has to connect to so-called "dictionary servers" periodically to refresh its list of tor nodes to try to use. If you block those servers, tor breaks.
  At least, that's how it worked when they finally figured out how to block it after 3 years. Maybe tor has improved since then.
  We have to remember though what Tor was designed to do and what it was not designed to do. Tor was designed to protect the privacy of individuals who don't want their browsing habits revealed. It does this by preventing your IP address from being available to the web server you connect to, and additionally it encrypts traffic so intermediaries, such as your ISP can't snoop on your traffic. It was NOT designed as a means of bypassing firewalls that are actively try to block Tor. That was never its purpose.
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
7. Re:My college did it easier by Anonymous Coward · 2012-01-09 14:06 · Score: 1
  
  Any SSL connection from China to outside is tracked and they attempt to connect to it in a few minutes after original connection is made. They try to establish a tor handshaking and if it succeeds, the IP is blocked in the great firewall.
8. Re:My college did it easier by Fluffeh · 2012-01-09 14:27 · Score: 4, Insightful
  
  It was NOT designed as a means of bypassing firewalls that are actively try to block Tor. That was never its purpose.
  Totally agree that it was not the original purpose, but I would add to your comment and congratulate the folks behind Tor for taking a stand and trying to allow their software to get past the GFW. Sometimes when you realize that your software is being used for something more important (possibly something much more important than not letting your ISP know what you are doing) then it is a great opportunity to change your purpose somewhat. If the purpose itself isn't being changed, then it is still heart warming to see the effort being made anyhow.
  
  --
  Moved to http://soylentnews.org/. You are invited to join us too!
9. Re:My college did it easier by cool_arrow · 2012-01-09 17:38 · Score: 1
  
  my understanding is that connections to and from entry and exit nodes are unencrypted . only connections between relays are encrypted.
10. Re:My college did it easier by Anonymous Coward · 2012-01-09 23:22 · Score: 0
  
  I thought none of it was encrypted. But then I'm a bit out of date.
11. Re:My college did it easier by icebraining · 2012-01-10 00:32 · Score: 1
  
  Yes, but the entry node runs on your machine.
  
  --
  Dilbert RSS feed
12. Re:My college did it easier by BitterOak · 2012-01-10 10:54 · Score: 1
  
  my understanding is that connections to and from entry and exit nodes are unencrypted . only connections between relays are encrypted.
  Out of the exit node: not encrypted, but your IP address is hidden, which is what is important at that end. Traffic to the entry node IS encrypted, otherwise your ISP would be able to snoop your browsing habits!
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
SSH by axx · 2012-01-09 12:10 · Score: 1, Interesting

Does this mean people should start tunnelling their Tor connexions through SSH, at this point?
Bugged planet indeed, I wonder if any of our lovely "free world" companies like Amesys or Siemens are selling the DPI gear, or if China is using a fully homebaked solution.
And if so, does it run (Red Flag) Linux, obviously.

--
No wit here.
1. Re:SSH by xiando · 2012-01-09 12:38 · Score: 4, Informative
  
  Bugged planet indeed, I wonder if any of our lovely "free world" companies like Amesys or Siemens are selling the DPI gear, or if China is using a fully homebaked solution.
  If you watch the 28c3 Torproject presentation available at http://tinyurl.com/7c893sl then you will learn that western corporations like Intel, Nokia and Cisco are heavily involved in Internet surveillance and censorship around the world.
  
  --
  9/11: Never forget it was a false-flag operation
2. Re:SSH by toopok4k3 · 2012-01-09 19:54 · Score: 1
  
  I did not look at your link, but are you sure you don't mean Nokia Siemens Networks instead of Nokia? They are not the same thing.
obfuscation? by wierd_w · 2012-01-09 12:11 · Score: 2

If we learned more about how they detect the tor session, couldn't we obfuscate the data to combat detection?
I mean, encrypted data stands out from normal traffic like a sore thumb, and unless the user is a bank, transacting large amounts of it puts up a red flag. But, what if we obfuscated the data so that it looks like ordinary unencrypted/uncoded data?
1. Re:obfuscation? by DCTech · 2012-01-09 12:31 · Score: 3, Interesting
  
  And Chinese will just block it again. And unlike slower cat-and-mouse game in western countries, Chinese can react quickly without going thru all the hierarchies and courts. At the same time, Tor project needs to keep updating their clients and servers, and it probably doesn't take anything at all for Chinese to block new changes. They have the advantage here.
2. Re:obfuscation? by mSparks43 · 2012-01-09 19:38 · Score: 3, Insightful
  
  I mean, encrypted data stands out from normal traffic like a sore thumb.
  Actually, I think this is something of a myth.
  "normal traffic" these days is mostly compressed.
  Since the goal of both encryption and compression is to achieve a byte stream that is otherwise indistinguishable from random noise, I don't think one set of random noise stands out much more than another set of random noise.
  Only thing that really separates traffic these days is imperfections in these algs and the negotiation protocols.
  ____
  My suggestion for their problems would be to negotiate an otherwise compressed stream that is widely used (e.g. gzip) then tunnel the encrypted data through this stream, ideally encrypting post compression.
3. Re:obfuscation? by timmy.cl · 2012-01-10 00:50 · Score: 1
  
  And most of the traffic (HTTP) has cleartext headers preceding the actual data, which size can be matched to Content-length, and can be easily decompressed to verify. I'm not saying they should verify all of it, but they can always take some samples of suspicious connections (e.g. those with unreasonably high traffic where there doesn't seem to be a reason for it). In the end, it's all about finding suspicious traffic (or users?) and inspecting them more closely.
Terminate the session in minutes by nurb432 · 2012-01-09 12:13 · Score: 0

And then terminate the offender in under an hour. ( and his family )

--
---- Booth was a patriot ----
Re:Tor is designed to be easily censored by nurb432 · 2012-01-09 12:16 · Score: 1

FreeNet would have been a better choice i think. harder to track down who is running it. Tho not impossible.

--
---- Booth was a patriot ----
Thank you Chinese government by circletimessquare · 2012-01-09 12:20 · Score: 5, Interesting

for helping us build more robust Tor protocols
Oh, you thought you were going to actually kill the average Chinese citizen's desire for free access to information? You didn't understand that a stronger Tor protocol or something even better than Tor is the actual result of your escalation of the arms race?
You're pretty ignorant about basic human nature, aren't you, you authoritarian assholes.
Oh, and btw you grumpy old shitbags:
http://www.nytimes.com/2012/01/04/world/asia/chinas-president-pushes-back-against-western-culture.html
The reason you are lamenting the influence of Western culture on China, and not basking in pride at the influence of Chinese culture on the West, is because YOU CENSOR EVERYTHING IN YOUR CULTURE. So Chinese Culture is hobbled and decimated. Because you think you can control, nevermind why you think you should control, Chinese thought. Instead of a great big strong tree, you have a demented little broken bush. Because of YOUR efforts at preventing Chinese culture from growing, by censoring everything, you morons
You ignorant controlling douchebags. Your average Chinese citizen understands this, why don't you you stupid old and decrepit paranoid control freaks?

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
1. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 12:35 · Score: 5, Funny
  
  And how you do really feel?
2. Re:Thank you Chinese government by circletimessquare · 2012-01-09 12:49 · Score: 4, Interesting
  
  Question: what is the greatest ally in the growth of Western Cultural influence in China?
  Answer: The Chinese Central Government, for working so hard to make sure that Chinese Culture can't grow.
  They think that controlling culture, and growing it, are compatible concepts. Culture grows when it freely crosspollinates with other world cultures. Japanese culture has freely been assimilating culture from around the world and we still recognize a distinctly Japanese culture. The game of controlling culture and "protecting" culture from "illegitimate" influences is the game of the insecure little person who believes Chinese culture is inferior. The person proud of being Chinese is freely dabbling in world culture, infusing their own thoughts, and defining Chinese culture as strong and new. Culture needs to crosspollinate to survive and grow. Sit on it, control it, keep it in a box, and your culture dies.
  Look at what these ignorant insecure douchebags are doing:
  http://www.nytimes.com/2012/01/01/world/asia/censors-pull-reins-as-china-tv-chasing-profit-gets-racy.html?pagewanted=all
  I know: I can hear the typical snobby Western voice now: "I wish my government would censor the Kardashians and Jersey Shore."
  And for thinking that way, you have merely identified yourself as knowing nothing about how culture actually works, and have allied yourself with authoritarianism. congratulations, you're ignorant and you're an asshole. i'd much rather have people watching jersey shore than some government entity telling them what to see and watch. and there is nothing wrong with the pursuit of empty guilty pleasures, that's a PERFECTLY VALID SEGMENT OF CULTURE. think of it as creative ferment from which greater cultural products spring forth. without the base of empty silly nonsense, the "higher" cultural products have nothing to grow out of.
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
3. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 13:16 · Score: 0
  
  As a Westerner (born and bred in the US in the 3rd oldest colonial city), I have to say its not so much that we wish the government would censor such shows, merely that people would stop watching them. Part of the price of freedom is putting up with inanity.
4. Re:Thank you Chinese government by f3rret · 2012-01-09 13:51 · Score: 1
  
  I don't think the Chinese can hear you homie.
  Maybe you should try doing it in all caps, that's louder.
  
  --
  Admit nothing. Deny Everything. Make Counter-accusations.
5. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 13:55 · Score: 0
  
  You actually think that they're going to read what you have to say and give a damn about what your lazy, dirty, overweight american mind thinks?
  Calm the hell down. You don't matter to them.
6. Re:Thank you Chinese government by Alex+Belits · 2012-01-09 13:56 · Score: 0
  
  Part of the price of freedom is putting up with inanity.
  No, that's actually something VERY specific to so-called Western culture. The rest of the world embraces the concept of government acting on behalf of the population even when it goes against so-called freedom of speech -- another uniquely Western concept.
  
  --
  Contrary to the popular belief, there indeed is no God.
7. Re:Thank you Chinese government by circletimessquare · 2012-01-09 14:06 · Score: 1
  
  Freedom of speech is a human concept, not a western concept. Or I suppose your condescending patronizing opinion is that nonwesterners like being slaves?
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
8. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 14:49 · Score: 0
  
  > You ignorant controlling douchebags. Your average Chinese citizen understands this, why don't you you stupid old and decrepit paranoid control freaks?
  You realize we're facing similar problems with proprietary software and *AAs in the Western world, don't you?
  Not to go against your argument, it's ok; but do realize the problem is "everyone wants to know" and some people want to avoid that for power-related reasons. When we call these guys "controlling", they probably feel flattered...
9. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 14:50 · Score: 0
  
  you're a stupid, stupid, asshole.
  freedom of speech is a human right.
10. Re:Thank you Chinese government by circletimessquare · 2012-01-09 15:31 · Score: 1
  
  i never understood this point of view. that because we have domestic problems we cannot criticize others. on that basis, no matter how much worse a country is, we can never criticize them
  "there is a problem somewhere in my country. therefore i will refrain from critical thinking on international issues"
  i just don't understand
  is it because you think it is hypocrisy? you do realize the nature of american censorship is far different from that of chinese censorship? the inability to express your politicla opinion: is that the same thing in your mind as media cartels making a desperate bid to remain relevant in the internet age?
  "some congresscritters have whored themselves out to support SOPA. this is exactly the same as china not allowing any political dissent."
  really? do you lack all critical thinking skills or do you just avoid the skillset?
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
11. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 16:02 · Score: 0
  
  I don't always agree with you, but this post is why you always show up with a green ball next to your name.
12. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 16:05 · Score: 0
  
  The funny thing is, most communist party officials studied the French Revolution. In depth. That's part of the marxist-leninist cursus. So they must know that the old regime of king and nobles was not just brought down by the ideas of Voltaire and Rousseau. It was also brought down by porn. Very low grade porn, that featured the queen and nobles as just people. The porn was travelling through the same channels that also peddled philosophy and forbidden novels. I am sure that when the communist bosses are blocking the popular shows, they have that in mind too. They know they are the new kings and nobles. They know their days are counted. And they know that porn and crass will get them, eventually.
13. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 19:00 · Score: 0
  
  One of the best comments I've ever read. This makes up for a sea of "me too," mindless contradiction and trolls.
14. Re:Thank you Chinese government by crutchy · 2012-01-09 20:28 · Score: 1
  
  freedom of speech is a human right
  i agree, but...
  
  the problem in "free" countries like america is that some people just don't know when to shut the fuck up
15. Re:Thank you Chinese government by Anonymous Coward · 2012-01-09 21:36 · Score: 1
  
  I, for one, love the Chinese People and their beloved Party and all their initiatives and hope that they succeed in protecting their wonderful ancient culture from Western hegemony.
16. Re:Thank you Chinese government by elewton · 2012-01-09 23:35 · Score: 1
  
  It's not actually a real problem.
  I've developed a method for reducing unpleasant stimulus by avoiding it, rather than interfering in the communication of others. I'm hoping to make millions by patent trolling.
17. Re:Thank you Chinese government by Tokolosh · 2012-01-10 01:14 · Score: 1
  
  You make the case that western culture will prevail over Chinese culture because it is free. The implication is that competition in the marketplace of ideas makes things better.
  So, taking my cue from your tagline, the Chinese government should just vigorously enforce US copyright law (which they do not currently), and the western threat will subside. Lets call it Sino-Offence Preventing America.
  Wake up people! Lack of copyright in China is not stifling US innovation and creativity!
  
  --
  Prove anything by multiplying Huge Number times Tiny Number
18. Re:Thank you Chinese government by Alex+Belits · 2012-01-10 01:45 · Score: 0
  
  Freedom of speech is a human concept, not a western concept.
  Then how come, people never heard of it until 18th century? The current version of it is basically a right to lie to the public with impunity. Most people object to this, however Americans' nearly-religious faith in a random list of "rights" appended to their Constitution, elevates it above everything.
  
  --
  Contrary to the popular belief, there indeed is no God.
19. Re:Thank you Chinese government by Alex+Belits · 2012-01-10 01:52 · Score: 0
  
  The problem is not that it's unpleasant, you moron!
  The problem is, it makes everyone misinformed and stupid. If someone intends to recognize a right to free speech, he must place it below the right of the public to not be lied to by "protected" shills and crooks. Currently the law only allows to challenge speech that specifically causes someone to lose money or something of monetary value, however the rights of the public are completely ignored. Until this is fixed, "free speech" is nothing but protection for crooks.
  
  --
  Contrary to the popular belief, there indeed is no God.
20. Re:Thank you Chinese government by Toonol · 2012-01-10 05:33 · Score: 1
  
  You're uneducated. The philosophical fundamentals of free speech were being discussed 2,500 years ago by the Greeks (along with its corollary, free inquiry and scientific thought).
21. Re:Thank you Chinese government by circletimessquare · 2012-01-10 06:48 · Score: 1
  
  you're an idiot or a clever troll
  did newton invent gravity?
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
22. Re:Thank you Chinese government by crutchy · 2012-01-10 08:55 · Score: 1
  
  Americans put the right to sue above all except their rather creepy gun fetish "right to bear arms", so while you may be free to say what you want, you could either be sued or shot as a result.
23. Re:Thank you Chinese government by Alex+Belits · 2012-01-10 09:05 · Score: 1
  
  Nope. France, 18th century.
  You are confusing it with democracy, a completely different concept.
  
  --
  Contrary to the popular belief, there indeed is no God.
24. Re:Thank you Chinese government by TangoMargarine · 2012-01-10 11:34 · Score: 1
  
  IIRC in Athens they let any random citizen stand up in the forum and speak their mind.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
25. Re:Thank you Chinese government by Alex+Belits · 2012-01-10 17:30 · Score: 1
  
  That's not freedom of speech, there is no dissemination or publishing.
  
  --
  Contrary to the popular belief, there indeed is no God.
26. Re:Thank you Chinese government by TangoMargarine · 2012-01-11 08:37 · Score: 1
  
  Unless you can cite something that specifically says that they outlawed making pamphlets or whatever about what went down at the forum, I'm going to go ahead and assume they had that option. I mean come on, this is THE ancient republic we're talking about here.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
27. Re:Thank you Chinese government by Alex+Belits · 2012-01-11 17:31 · Score: 1
  
  I am pretty sure, the concepts of a "pamphlet" or "journalism" were not invented yet, and wouldn't for literally millennia after that.
  Greece, and later Rome, relied on speeches, debates and art performances made in person. Only few people, usually ones constantly in contact with power structure, were sufficiently skilled in then-accepted forms of public speech and debates, and fewer could afford any sustained effort of in-person organization of opposition to the prevailing power structures and position. Most debates were in a form of blatant psychological manipulation/demagoguery that was far beyond the skills of a common person, and usually achieved anything but promotion of the good of the public.
  The idea of "free speech" was meaningless in such environment because there was no effective way of preventing orators from speaking to begin with -- demagogues virtually owned the government and in their turn were owned by wealthy elite. If anything, there was not enough of those people to fulfill the demand for them.
  Needless to say, all such systems, without an exception, eventually were replaced with monarchies -- either foreign conquerors exploiting their weaknesses, or through locally developed coups. Monarchies set in their place, relied on strict and unchangeable hierarchy of aristocracy, and did not tolerate any challenge, by words or action. Please note that it was still long before the invention of mass distribution of written word, printing press and journalism -- the only way to create an effective opposition was to assemble a group of aristocrats and kill the current ruler. Public speech had very little to do with it,
  Moderm idea of "free speech" owes its existence to the situation created much, much later around 18th century in Europe. Power structures, still in the framework of monarchy, were ready to be influenced by a small number of educated people. "Masses" consisted of a huge, huge numbers of illiterate peasants scattered over vast stretches of land. The only way to speak to those masses beyond a small group, is to be a church official in control of priests, the only kind of people capable of delivering propaganda in any effective manner. For everyone else, talking to masses would be a ridiculous waste of time, and likely a danger of being proclaimed a blasphemer by the above mentioned priests. Masses were not the target.
  On the other hand, aristocracy was literate, at some extent educated, and directly a part of the political system. Any better-educated person who somehow gained access to those people's ears, can influence their decision. Book publishing exists, and since 15th century it is possible for a reasonably wealthy person who really, really wants to say something, to write a book once, and get it picked up by each and every aristocrat in the area that shares the writer's language. Of those, most convincing authors will shape the thought of aristocrats at least at comparable extent as the church (that has separate and privileged access to all of them).
  Here is the problem -- there are too few authors, and opinion expresses by one may disproportionally affect decisions made absolutely everywhere, just because every aristocrat has the same books and usually is receptive to the same kinds of expression as everyone else on his level of hierarchy. Authors don't compete for attention as much with each other as with readers' boredom and church or upper layers of government who by then developed a habit of banning books that pissed someone off. Lucky writers won't create fads that last for a year -- there are no fads, commonly accepted ideas and tastes shift at the scale of decades, not months. Influences are lasting. And the key word is luck -- there is no quality control, just ideas expressed in a way that is more attractive or less attractive to the aristocrats who in their turn have very little diversity among their peers and will be receptive to the same things.
  In this environment, there is one great solution to increase the quality of decision-m
  
  --
  Contrary to the popular belief, there indeed is no God.
28. Re:Thank you Chinese government by Alex+Belits · 2012-01-11 17:55 · Score: 1
  
  And here is the problem, wealthy people and organizations are already in the constant state of being sued, and it does not hurt them a single bit. Even if it was possible to sue a newspaper for deception of the public, and win such a lawsuit, it would not cause sufficiently public-visible correction, and can not discourage future deception.
  Without "freedom of speech" proclaimed in such absolute manner, it would be possible to have a recourse for extreme and willful acts of betrayal of the public -- such as forced cease of operations and dissolution of the publishing company, criminal charges for individuals involved, etc. There are many situations -- war propaganda on false premises, misrepresentation of laws being placed on a public referendum, false announcement of voting times and locations, inciting violence and discrimination toward groups of people, unmarked advertisement for known-dangerous products, etc. when consequences are so extreme, they warrant response of this extent. But noooooo, Americans believe that just because it may provide yet another way of targeting innocent people (to join thousands of already existing ways to do it more effectively), the right to lie to the public must be preserved.
  
  --
  Contrary to the popular belief, there indeed is no God.
29. Re:Thank you Chinese government by crutchy · 2012-01-11 19:07 · Score: 1
  
  actually i think that a lot of those scenarios you mention would be in violation of other statutes, so while you may be free to say things, the consequences of what you say may result in criminal charges (such as "unmarked advertisement for known-dangerous products" most likely being in violation of OH&S laws). some people are stupid enough to think that "free speech" is the be all and end all, but they don't realize that its still possible for your mouth to write cheques that your body can't cash.
30. Re:Thank you Chinese government by Alex+Belits · 2012-01-12 01:23 · Score: 1
  
  actually i think that a lot of those scenarios you mention would be in violation of other statutes, so while you may be free to say things, the consequences of what you say may result in criminal charges (such as "unmarked advertisement for known-dangerous products" most likely being in violation of OH&S laws).
  
  No, it only would cover people who produced the product and ordered the advertisement. As far as I know, those who marketed and advertised it, no matter how complicit, are safe. It's also possible that allowing distribution of a dangerous product serves the interests of society (ex: alcohol, tobacco), but advertisement and promotion of its use causes nothing but harm and there is no excuse for allowing it other than "right to profit" or similar nonsense. In US all (ineffective) restrictions on alcohol advertisement come from alcohol producers themselves, tobacco restrictions only happened after massive embarrassment, and no one was ever punished for advertising those products before such advertisement was explicitly banned. The last part is very important -- one would expect that in a sane legal system, knowingly causing death and diseases by conspiring to deceive hundreds of millions of people would cause some penalty all by itself.
  
  some people are stupid enough to think that "free speech" is the be all and end all, but they don't realize that its still possible for your mouth to write cheques that your body can't cash.
  In some situations -- when particular person suffered immediate damage, and it happens to fall under very narrowly defined libel/fraud/..., and the person was willing to gamble on a civil lawsuit against people and organizations hundreds of thousands to tens of millions times richer than he is -- existing law "works". However interests of the public, ones that are supposed to be protected by criminal law, still can not trump the sanctity of "free speech".
  
  --
  Contrary to the popular belief, there indeed is no God.
31. Re:Thank you Chinese government by circletimessquare · 2012-01-12 03:45 · Score: 1
  
  hey, genius:
  cavemen said pretty much whatever they wanted. the idea that there is a government that can control your type of speech is the modern invention in question here
  freedom of speech is the baseline of simple existence
  seriously, you're a complete and utter moron, or one very hard working troll
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
32. Re:Thank you Chinese government by Alex+Belits · 2012-01-12 15:58 · Score: 1
  
  cavemen said pretty much whatever they wanted.
  In public? At whatever time when "cavemen" (that's a pretty broad definition of a period in human history) had the concept of public speech to begin with?
  "Free speech" as it is proclaimed, applies to, and only to public speech. It was either extremely difficult or heavily regulated for various reasons everywhere, over the whole history of mankind, with exceptions I have described.
  Please note that even Wikileaks people claim that they engage in protected free speech because they speak to the public. If they distributed the same information privately, their actions would be clearly espionage.
  
  --
  Contrary to the popular belief, there indeed is no God.
33. Re:Thank you Chinese government by circletimessquare · 2012-01-13 13:07 · Score: 1
  
  dear hard working troll:
  your words do not pass the laugh test. try harder next time
  sincerely,
  rational thought
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
34. Re:Thank you Chinese government by crutchy · 2012-01-19 20:27 · Score: 1
  
  As far as I know, those who marketed and advertised it, no matter how complicit, are safe. It's also possible that allowing distribution of a dangerous product serves the interests of society (ex: alcohol, tobacco)
  you're getting a bit pedantic here. advertising agencies merely speak on behalf of their clients - they are an instrument - like a megaphone (which is why the client would be in trouble, not the advertiser). although if the client is a big fish with a lot to lose you can bet the advertiser would have to defend themselves in court, and if they didn't have their ducks in a row they would go down too.
  
  I was also referring to things that would violate OH&S legislation by not advertising them as being dangerous (more things like if you supply drum full of chemicals to some factory, and a worker gets injured because they weren't aware it was full of dangerous chemicals - because the dangerous chemical wasn't marked - then the supplier of that drum would face criminal prosecution for violation of OH&S requirements.
  
  in a sane legal system, knowingly causing death and diseases by conspiring to deceive hundreds of millions of people would cause some penalty all by itself
  in Australia, James Hardie http://en.wikipedia.org/wiki/James_Hardie#History_2 is still paying victims of diseases resulting from exposure to asbestos in products it manufactured years ago. You can be sure that if a legal loophole is discovered that requires compensation for smoking related illnesses, there will be a class action like the world has never seen. I wouldn't write off the possibility. Legal systems are slow to evolve and process things. While it may seem that cigarette and alcohol companies are off the hook, it may be another 20 to 50 years, but the legal system may eventually catch up with them. Many smoking related illnesses aren't understood well enough for use in prosecution of cigarette companies, whereas in the James Hardie case the evidence was a little more clear. Cigarettes and alcohol also provide governments with a handy revenue stream from taxes (which is possibly criminal in itself because governments may be profiting from the deaths of smoking victims).
  
  interests of the public, ones that are supposed to be protected by criminal law, still can not trump the sanctity of "free speech"
  i understand all those words, but i don't really understand what you're saying there (sorry). i assume by public interests protected by criminal law refers to things like murder, rape, fraud, drink driving, etc. I don't see how these can be trumped by free speech. If a guy commits rape (for example), a well paid lawyer might save him, but free speech won't do much for him at all. You may be free to say "not guilty" in court, but it doesn't mean you're not going to spend a long time locked away behind bars.
  
  Your freedom to speak could land you in perjury (if you are found to have lied in court), it could have you charged with sexual discrimination (if you speak inappropriately to a female coworker), if you verbally abuse a police officer, cause a domestic disturbance (yelling and carrying on at home so loud that it disturbs the neighbors), screaming "bomb" on an airplane when there isn't one, name-calling to a young African-American man with a 9 mm pistol in Harlem, New York at midnight, etc. That's what I meant about "you're mouth writing checks that your body can't cash".
Not that much new here... by A+beautiful+mind · 2012-01-09 12:22 · Score: 1, Insightful

Tor exit node based blocking has been used on various IRC servers to combat abuse for years and years now, The chinese might be doing something more fancy, but that only shows that they didn't go for the fairly easy and quick solution.

--
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
1. Re:Not that much new here... by xiando · 2012-01-09 12:45 · Score: 4, Insightful
  
  Tor exit node based blocking has been used on various IRC servers to combat abuse for years and years now, The chinese might be doing something more fancy, but that only shows that they didn't go for the fairly easy and quick solution.
  The Torproject responded with bridges when countries started to block entire countries like those IRC servers do. The entire list of Bridges is not public. What GFW now does to detect and block those bridges is something new and it is something entirely different. The "download the entire list of Tor servers and block them" method was used and stopped being efficient thanks to Tor bridges.
  
  --
  9/11: Never forget it was a false-flag operation
2. Re:Not that much new here... by Anonymous Coward · 2012-01-09 13:16 · Score: 2, Insightful
  
  They're not blocking exit nodes -- they're blocking your first hop(s) into the tor network
3. Re:Not that much new here... by dissy · 2012-01-09 18:48 · Score: 1, Informative
  
  I've used the previous method on my own IRC network, not to block Tor outright, but to prevent people from clicking 'refresh' to get a new IP and avoid channel bans or client side /ignores placed on them after spamming, harassing others, and generally trying to go where their behavior makes them unwanted.
  With a daemon linked to tor, my server can send some info to the tor network to ask if this is a tor connection. It needs my servers IP and port, as well as the users IP and source port.
  Upon a successful reply, services changes that users vhost to @tor
  It's fully up to each channels ops how to handle it, if at all.
  Some channels do +b *!*@tor while others have the same ban but add exceptions for registered nicks using +e nick!*@tor while yet other channels are nothing BUT tor users.
  I've never seen someone refresh their Tor IP and reconnect from a node that wasn't also detected by this method.
  I haven't heard of tor bridges until just today, however their use doesn't seem to aid with harassment or spamming from what I can tell.
  We also do bayesian filtering where if the IP is on 4 or more of the 8 DNS blacklists checked, they get a temporary 10 minute gline with a URL showing which blacklists failed, and links to each for figuring out exactly why one is listed, and after cleaning up any infections they can request a delisting.
  As that process usually takes more than 10 minutes, this filtering method only stops bots and other automations, while a human can easily fix the problem and not be denied their chatting.
  It's pretty hard these days to find a decent balance between allowing privacy while at the same time preventing obvious abuses like spamming, harassment, and bots trying to DCC trojans to not-so-net-savvy newbies.
  I had absolutely no issues with Tor when their goal was only to provide privacy and anonymity. But if their new goals are to provide an easy and one-click way to avoid bans set on a particular user with bad behavior through their service, then it will only serve to harm their reputation (for good reason this time)
4. Re:Not that much new here... by fotoguzzi · 2012-01-10 05:25 · Score: 1
  
  Hmmm, parent post gets a +2 and a rant that seems to do nothing more than to call people mean doo-doo heads and link to the New York Times gets a +5.
  
  --
  Their they're doing there hair.
5. Re:Not that much new here... by dissy · 2012-01-11 13:33 · Score: 1
  
  Welcome to Slashdot ;}
  It's OK though, in 4-5 days after this article falls off the front pages and no real moderators are watching the comments any longer, the trolls will come back and finish modding me down to -1. It's already begun.
  Trolls live for making a presence where they know they aren't wanted.
  There's a group of them that do this to me every few weeks.
  They always wait until the thread is almost a week old but just before it gets locked for archival. Then no one is around to fix the down mods.
  It's pretty flattering actually :D
  But I wish Slashdot would consider upping the +5 cap a couple points to help counter that.
Tor is (apparently) easy to identify by Anonymous Coward · 2012-01-09 12:22 · Score: 0

Here is the l7-filter rule:
# Tor - The Onion Router - used for anonymization - http://tor.eff.org/
# Pattern attributes: good notsofast notsofast
# Protocol groups: networking
# Wiki: http://protocolinfo.org/wiki/Tor
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
#
# This pattern has been tested and is believed to work well.
#
# It matches on the second packet. I have no idea how the protocol
# works, but this matches every stream I have made using Tor 0.1.0.16 as
# a client on Linux.
#
# It does NOT attempt to match the HTTP request that fetches the list of
# Tor servers.
tor
TOR1.*
Tor ... by drpimp · 2012-01-09 12:36 · Score: 0

Tor no more????

--
-- Brought to you by Carl's JR
Re:Tor is designed to be easily censored by xiando · 2012-01-09 12:40 · Score: 2

Freenet and I2P both serve their purpose. None of them serve the same purpose as Tor. Tor lets you connect to the normal Internet so you can view your normal web comics, visit CIA information gathering honey-pots like Facebook and so forth. Freenet and I2P are designed for hidden internal traffic in those networks. Sure, you can share a file on Freenet, but you can not visit your favorite news website. Different tools for different jobs.

--
9/11: Never forget it was a false-flag operation
Lose face by Anonymous Coward · 2012-01-09 12:49 · Score: 5, Funny

For those unfamiliar with the concept "face", it's the social equivalent of getting modded -1
Vent much? by s.petry · 2012-01-09 13:05 · Score: 1

I get it, we all do (or at least I hope). But do you really think that the Chinese government reads /.? We can hope, but sheesh if world leaders can't get them to open up why would they listen to someone vent on /. and say "Eureka! He's on to something!"

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
1. Re:Vent much? by Anonymous Coward · 2012-01-09 15:43 · Score: 0
  
  Sometimes you just need to vent where anyone can hear/read. Even if it's not the most relevant person.
  Do you really think he expects Chinese officials to read this?
Tor, China and the USA by xiando · 2012-01-09 13:07 · Score: 5, Interesting

I tell you, free speech and freedom in general in America is doomed. The NDAA2012 combined with SOPA is just another brick in the wall on the path towards a completely tyrannical fascist government. Some Americans argue that the USA is there already. Today we are talking about Tor being blocked by the Great Firewall of China. How long will it take before we are talking about the Great Firewall of the USA blocking websites, software like Tor, I2P, Freenet and so on? Beware that western corporations like Intel, Cisco, Nokia and Siemens are the ones who are delivering the technology used by countries like China. The US and the west already has this technology. I do not see it as a question of if but when these technologies will be used in the US and other "free" western countries. The Tor project should be supported. Why people in other countries need it today may be why you need it tomorrow.

--
9/11: Never forget it was a false-flag operation
1. Re:Tor, China and the USA by luther349 · 2012-01-09 13:44 · Score: 0
  
  agreed. but we are there aruldy or laws like sopa could never pass with only 15% public support. but the sad part is 90% of the usa still think we have not turned into a communism government.we lost control years ago. its just with all are jobs gone and the usd becoming useless are government is just in its death throws and grabbing all the power and money they can before there all out of power. weather it be a new party by votes or guns its coming.
2. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 14:27 · Score: 0
  
  Why speculate the companies when really you have no idea. Please remember China has their own companies (including Huawei) which make networking equipment capable of such. Bashing Intel, Cisco, Nokia etc. on speculation makes you sound like a hippy.
3. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 15:04 · Score: 1, Insightful
  
  you're a fucking moron. the united states of america is nothing close to communist. did you just type a bunch of shit and hope you look brilliant by chance? ...further evidence that most americans dont realize how good they have it, and that most stupid americans continue to misuse labeled like "communist" and "fascist"
  these words have meaning beyond shock value when tossed around carelessly in conversation. words MEAN something. use the right words, or keep your stupid fucking ideas confined to your fat little american head.
4. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 15:32 · Score: 1
  
  you have to understand though that tor in itself is not a longterm solution. Should the majority of users be in countries that have taken the path of USA or China, there would be no point left in using tor, which works on its user nodes.
5. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 17:37 · Score: 4, Insightful
  
  You're right--the US is nothing close to communist. The US is however VERY close to or has already acheived fascism, which is properly defined by the inventor of the word as the merger of corporate and state interestes. We absolutely have that. Right now the only thing we're missing is the traditional single dictator, but I'm not all that certain that it's required in version 2.0.
  It is kind of amusing to see people equate "socialism" with "communism" or use either of those terms in conjunction with fascism though--and it's even more amusing to watch people blame government for "stealing" things when, at best, it's been the enabler of the theft by large multinational bankers and corporations. It's everyone's vaunted "private industry" and "free enterprise" that are the thieves. They rig the game, or they outright steal, and they use part of their takings to enable a media campaign to get everyone to hate the one force that could possibly stop all that--proper (in the interests of the people) government regulation.
  Were it not so tragic, it would be even more amusing to watch people complain about "big government" willingly step into the TSA's porno scanners, support indefinite detention of whoever doesn't look like them, and generally engage in their fawning behavior over the ever-militarized police forces who truly occupy our cities and our streets. It is "law enforcement", which is almost never used against the rich and corporate, that is the greatest threat to freedom, liberty, and especially life these days, and yet that's the one part of government these morons never seem to question. "Law enforcement" has tried and will continue to try to bring this and many other evils to the US, and that sort of thing must be stopped at all costs.
6. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 18:13 · Score: 0
  
  We are definitely there already. We were there in the 70's I believe. If not the 20's. We have drivers licenses, social security, and vehicular license plates. All things I think should be repealed.
7. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 18:33 · Score: 0
  
  THANK YOU.
8. Re:Tor, China and the USA by Anonymous Coward · 2012-01-09 19:17 · Score: 0
  
  Well, the rhetoric of large parts of the republican party's candidates *is* fascistic in tendency. Although, things like the death penalty, an appallingly bad judicial system, a broken political system in Washington, Guantanamo bay, etc., all show that fascism is on the rise in the US. This are mere facts. Those who do not see it are morons, indeed.
9. Re:Tor, China and the USA by Anonymous Coward · 2012-01-10 01:11 · Score: 0
  
  No, the United States is not very close to, nor has it "acheived"(sic) fascism. You're wrong.
  you wrote lines and lines of bullshit and ended up 100% talking shit. there is some math for you. if x + y = z, and x and y are bullshit, so is z.
  unfounded conspiracy theory and TSA shock-rhetoric might fool those who are impressed by your ability to string together pearls made of bullshit, but that doesn't make you correct.
10. Re:Tor, China and the USA by Toonol · 2012-01-10 05:38 · Score: 1
  
  things like the death penalty, an appallingly bad judicial system, a broken political system in Washington, Guantanamo bay, etc.,
  
  Those may all be bad (and they may not), but they have nothing in particular to do with fascism.
Re:Tor is designed to be easily censored by nurb432 · 2012-01-09 13:15 · Score: 1

Ultimately, FreeNet is more about publishing 'sites' than sharing files ( tho i agree it can do both ), and if we waned to help out our oppressed brothers, we would mirror 'outside' sites on FreeNet. Even setup auto run scripts to do it.
And while its not been done yet, i don't see a technical obstacle why a "gateway" couldn't be created that sucks in outside data and inserts it into FreeNet, on demand. I also don't see it compromising security, except for the guy(s) running the gateway, in a presumed free country. Once its inserted, its just as secure as any other traffic.

--
---- Booth was a patriot ----
direct that somewhere else by s.petry · 2012-01-09 13:23 · Score: 2

I have no idea why you are on a tangent accusing someone else of wanting censorship. The point was that your rant (now two of them) is being directed at technical people in the US, not the Chinese Government.
How about writing mean letters to the Chinese Government, or getting involved in Politics instead of ranting here on /.?
Trust me, personally I'm not for anything that China does. With out of control IP laws, rampant corruption, and pay-for-politics in the US we have a shitload to worry about at home. With things like SB1867 being passed on 1/31/11 by our President, and now the big push for SOPA we are on our way to becoming a whole like like them.
Oh.. one more thing.. The US Government will not censor anything like you mentioned. What better way of distracting people from the fucked up shit they are doing than to spoon feed people stuff like that?

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Not that amazing... by Anonymous Coward · 2012-01-09 13:45 · Score: 0

Any stream processor / dsp / custom ASIC - even at moderate frequencies (hundreds of Mhz) can do simple pattern recognition on a real time signal in the order of tbps. Hell, low end (think shitty quadros, half height cards w/ passive cooling) consumer GPUs on consumer motherboards with no special interface (to overcome the PCI bus bottleneck) can do it in the order of tens of gbps.
If China controls all international IO, it wouldn't be too much of a feat for them to build some custom hardware to either filter, or report on traffic in real time as part of their network interfaces (though obviously it gets more complicated the lower level you do it at, and more expensive the higher level you do it at)
They wouldn't even need to do 100% of the traffic, statistical sampling of packets is going to catch the crap you don't want anyway (and with most websites and services having absurd amounts of protocol requests/second (especially HTTP) - it wouldn't run a huge risk of letting much undesired content through).
ssh tunnel on nonstandard port by gatkinso · 2012-01-09 14:01 · Score: 2

This seems a bit obvious... does anybody know how much luck folks have had with this method?

--
I am very small, utmostly microscopic.
1. Re:ssh tunnel on nonstandard port by Anonymous Coward · 2012-01-09 16:00 · Score: 0
  
  No, they don't check the port, they do Deep Packet Inspection (DPI).
2. Re:ssh tunnel on nonstandard port by peterindistantland · 2012-01-09 16:18 · Score: 5, Interesting
  
  This definitely work. I have no problem using SSH even on the standard port in China. Since ssh is encrypted, deep packet inspection is useless, unless they ban SSH altogether, which they don't.
3. Re:ssh tunnel on nonstandard port by lakeland · 2012-01-09 16:47 · Score: 3, Informative
  
  It works, though it stands out like a sore-thumb.
4. Re:ssh tunnel on nonstandard port by gatkinso · 2012-01-10 12:25 · Score: 1
  
  I guess any traffic they can't inspect would be suspect.
  
  --
  I am very small, utmostly microscopic.
If TOR is no longer of use in China .... by Anonymous Coward · 2012-01-09 14:11 · Score: 0

If TOR is no longer of use in China and other totalitarian states, does that mean its OK to use it for torrents?
Re:Tor is designed to be easily censored by Anonymous Coward · 2012-01-09 14:18 · Score: 0

Such an automatic gateway would be a reverse proxy - very simple to impliment, except I doubt the desire to do so is there for obvious reasons...
Quite sure I remember an XKCD comic about encryption and a $5 wrench...
this could be bad? by Anonymous Coward · 2012-01-09 14:43 · Score: 1

So if they can inspect in real time, is it possible that them letting the connection go for a few minutes means they are collecting the tor bridges data, and other data like exit points before they terminate?
The U.S. by Anonymous Coward · 2012-01-09 15:03 · Score: 0

will doing the same tin shortly once all the money, power, and graft gets SOPA passed. It will be the great MPAA Firewall! Then only the Chinese will be able to pirate movies :)
Wireless? by Anonymous Coward · 2012-01-09 15:45 · Score: 0

If this is how they're treating (presumably) wired connections, why not create a grounded satellite dish that bounces your connection to somewhere other than China -- especially useful if you're living near the border... Perhaps a sort of signal repeater? You can have your wireless through the other country -- paid, borrowed, whatever -- and meanwhile the signal repeater would ensure you're not going through any Chinese lines directly. Hell, I'd take an old satellite dish and implement it if I were living there. Not fond of the censorship at all...
1. Re:Wireless? by Bert64 · 2012-01-09 19:14 · Score: 1
  
  The countries bordering china are generally not good choices for where you'd route your connectivity... Some of them even use china for connectivity themselves. And the border region with some countries is either very sparsely populated, or filled with mountains that would block your wifi signal.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
2. Re:Wireless? by Anonymous Coward · 2012-01-10 11:07 · Score: 0
  
  http://www.reddit.com/r/darknetplan/
no, not porn by circletimessquare · 2012-01-09 16:27 · Score: 1

the grass mud horse ;-)
http://en.wikipedia.org/wiki/Grass_Mud_Horse

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
spam/trespass steganography by drwho · 2012-01-09 21:42 · Score: 1

It used to be that firewalls and filters would search out malicious connections attempting spam or attacks and drop them. But in Soviet China, it's the opposite. So disguise any connections to Falun Gong website as spam or worse, and they GFW will be sure to let it through.
Re:Tor is designed to be easily censored by icebraining · 2012-01-10 00:39 · Score: 1

Those "sites" are still just static files; you're not establishing a connection to the original server to view them, just accessing what was pushed into other peers.
You could push data from the web into FN, obviously, but you can't simply proxy it.

--
Dilbert RSS feed
Why by ThatsNotPudding · 2012-01-10 00:45 · Score: 1

Why does all this remind me of the province of Quebec? Hmm.
It had to happen eventually by ALeader71 · 2012-01-10 02:07 · Score: 2

As with any war, maneuvers lead to counter maneuvers. Escalation leads to further escalation. The only way to end a war is either by choice (as we did in Vietnam and now in Afghanistan), out maneuvering your enemy (siege of Stalingrad, battle of the Bulge), or if the enemy destroys its own credibility with the people (Iraq insurgency movement).
So good going China, you've managed to shut down TOR. I'm sure you have shared your successes with other "Great Firewall" regimes and those who desire "Great Firewall" status. But those who created TOR gained legitimacy, so they will be back with better weapons and in greater numbers.

--
Only the dead have seen the end of War. - Plato
Nothing new. US monitors TOR sessions, too... by Anonymous Coward · 2012-01-10 03:09 · Score: 0

Think TOR is safe to do "illegal" things? Think again. RTAS (real time analysis systems) have been present since 2005 and are easily implemented whenever a new "underground" network is created.
Face: So what happens when... by zooblethorpe · 2012-01-10 05:09 · Score: 1

For those unfamiliar with the concept "face", it's the social equivalent of getting modded -1
So what happens when you lose Facebook? It's been so long since I logged in, I've forgotten how. Does that mean I get modded -1000000000?

--
"What in the name of Fats Waller is that?"
"A four-foot prune."
Quebec by Anonymous Coward · 2012-01-10 08:26 · Score: 0

Funny, the same thing is happening in Quebec....