Swedish Researchers Expose China's Tor-Blocking Tricks

← Back to Stories (view on slashdot.org)

Swedish Researchers Expose China's Tor-Blocking Tricks

Posted by timothy on Tuesday April 3, 2012 @03:25AM from the one-book-swedish-made-data-pump dept.

An anonymous reader writes "A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts 'to speak Tor' to the hosts. If they reply, they're deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated."

22 of 73 comments (clear)

Min score:

Reason:

Sort:

Pedantic response ensues by ojintoad · 2012-04-03 03:41 · Score: 5, Informative

While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated."
I hatelove slashdot summaries, and here is another example of why. Yes, I haven't read TFA.
When you use the word "while" like this, it sounds like you're going to be contradicting the first point. Especially when you use the phrase "this looks like" immediately afterward.
Instead, the second part of the sentence goes on to directly corroborate what the scenario looks like. Surprise! While it looks like you're setting up a contradiction, you finish up with reinforcement.
So in fact it doesn't just "[look] like another example of the cat and mouse game", but in fact it literally is an example of the cat and mouse game, and the researches propose another way for the mouse to escape. And yet another awkward summary graces the Slashdot homepage, in the grand tradition.
1. Re:Pedantic response ensues by girlintraining · 2012-04-03 04:04 · Score: 3, Insightful
  
  And yet another awkward summary graces the Slashdot homepage, in the grand tradition.
  And yet another grammar troll graces the comments, also in the grand tradition. I know this may be hard to accept but the human mind can parse language that's full of errors, paradox, contradictions, and incomplete information; And does so often. As well, linguistic rules and content both can be mutated without warning based on prior communication, current context, or implication.
  Now I can understand how a certain subset of the population could have an issue with this -- they were never invited to 'those' kind of parties, have never enjoyed an interpersonal relationship with another person or group where in-jokes and contextual language created a stronger bond between them, or ever flirted with someone using innuendo so skillfully that anyone observing mid-conversation would be unable to tell any kind of flirting was going on -- a sort of sexual encryption if you will. To those poor, poor bastards (like the OP), such linguistic acrobatics would be yet another reminder that they're missing out on something.
  For that subset of the population, any departure of language from the perfectly ordered and rigidly rule-bound statements would be threatening: It would be just another social nuance beyond their grasp. Another way in which those otherwise average, stupid, mouth breathers are better than them, because they don't get tripped up on details like whether a comma at the end of a statement should go inside or outside a direct quotation. For most of us language is just a tool, organically evolved, and generally not worth paying much attention to -- as long as the point gets across it's "yay! language! woo."
  And,
  life!
  goes...
  on.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
2. Re:Pedantic response ensues by FatdogHaiku · 2012-04-03 04:15 · Score: 2
  
  Now, I read that totally differently from you. I see:
  
  While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms,
  
  As saying: "This looks like another story about China censoring the web"
  
  And then:
  
  the researchers suggest ways that the latest blocking techniques may be defeated."
  
  Says to me:
  
  However, this story actually suggests ways the censorship might be mitigated or defeated temporarily. So, it is contradicting the first point of it just being another censorship story, it may actually provide people in need with some advantage over their oppressors...
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
3. Re:Pedantic response ensues by Bromskloss · 2012-04-03 04:24 · Score: 3, Insightful
  
  or ever flirted with someone using innuendo so skillfully that anyone observing mid-conversation would be unable to tell any kind of flirting was going on
  Breaking one of the rules of grammar, say, by using while the way the Slashdot summary does, might be the means by which one conveys precisely that innuendo. If the speaker overall cares very little about the rules, I'm afraid no one would perceive their intentions as that subtle signal would be drowned in the flood of noise.
  
  --
  Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
4. Re:Pedantic response ensues by erroneus · 2012-04-03 05:31 · Score: 2
  
  While this looks like an article simply explaining a specific detail, it turns out to be more than that.
  "While" is not followed with a "contradiction." "While" is followed with a "difference," a "deviation" or even a "distinction."
  "While you expect this, you get that." "While you expect a little, you get a lot." "While you expect a set of dishes, you get the dishes AND a free set of Ginsu steak knives!" "While expected X, received X + Y." "X + Y" is not a contradiction of "X" is it?
  I get annoyed with bad language too. I really do. But I also make my own mistakes... typos, word omissions, run-ons, and all sorts of things like that. But when you step out on a limb to call someone on it, it's probably a good idea to actually be right.
bandwith of flash drive or SDHC card by Max_W · 2012-04-03 03:43 · Score: 4, Interesting

What if a tourist saves forbidden website or reading material, packs it onto ZIP, RAR, or 7Z archive, then renames archive as JPG. At home he/she has to just rename .JPG back to .ZIP.

It is hardly possible to check every JPG file of every tourists. Tourists bring thousands of JPG files back home on flash drives and SDHC cards.
1. Re:bandwith of flash drive or SDHC card by Anonymous Coward · 2012-04-03 03:50 · Score: 5, Insightful
  
  The throughput is reasonable, but the latency is pretty high.
2. Re:bandwith of flash drive or SDHC card by X0563511 · 2012-04-03 03:59 · Score: 4, Interesting
  
  It's called steganography, and don't get caught. You shall be in a world of shit if you do, because you'll likely be treated as a foreign intelligence operative.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
3. Re:bandwith of flash drive or SDHC card by Anonymous Coward · 2012-04-03 04:00 · Score: 2, Interesting
  
  I think their government is too pragmatic to be concerned with small things like this.
  The primary concern seems to be the stability of the country, which, if you imagine the USA with 4x the population density, makes sense.
  If someone goes abroad and gets a banned website and brings it back, who cares?
  But if they start organizing a political revolt or something like it, I would imagine that the record of their text messages would give them away.
  In the same sense, the great firewall seems to be concerned with making it very difficult for most people to access filtered material. I read that it merely sends a bunch of connection interrupt requests to both sides of an http connection when it sees content that doesn't meet the filter.
  And they still allow VPNs as far as I am aware, although the bandwidth of such might be throttled. But I am guessing that an ordinary citizen might have a difficult time buying VPN service from a foreign provider. And again, if as a result of seeing the "free" internet, they develop political notions that threaten the stability of the country and are doing something about those notions (organizing, etc), their text message record or their overt public actions will give them away. That's when it matters...
4. Re:bandwith of flash drive or SDHC card by Mattygfunk1 · 2012-04-03 04:07 · Score: 4, Insightful
  
  The important part is that the information gets through.
  Unfortunately spreading pro-freedom propaganda will get you sent to jail once you try to disseminate it further.
  Revolution in China is inevitable (IMHO). Attempting to improve the current status technologically is a noble cause, by those who are free, for those who aren't.
5. Re:bandwith of flash drive or SDHC card by Max_W · 2012-04-03 04:51 · Score: 3, Insightful
  
  Millions of Chinese tourists travel abroad each year. On a tiny SDHC camera card of 256 GB one can bring several movies in HD quality, plus about all texts of the humanity.
  
  What is the point of this expensive firewall? The "iron curtain" is just not possible with the flash memory cards of high capacity. Any intelligent curious person can bring for himself a library to last for years.
6. Re:bandwith of flash drive or SDHC card by Hatta · 2012-04-03 06:25 · Score: 4, Insightful
  
  If you have to wait for a compatriot to leave the country and return before you get uncensored news you'll miss the protests going on downtown. The point of the firewall is to prevent an Arab Spring from occuring in China.
  
  --
  Give me Classic Slashdot or give me death!
7. Re:bandwith of flash drive or SDHC card by wanzeo · 2012-04-03 07:57 · Score: 2
  
  I would venture a guess that most of those Chinese tourists are part of the privileged upper class who live (or reside) in one of the economic zones that the Great Firewall doesn't cover anyway. Their lives are relatively good, and they are not going to rock the boat.
  The people behind the firewall are in no position to leave, even for a short while.
8. Re:bandwith of flash drive or SDHC card by Kalriath · 2012-04-03 11:08 · Score: 2
  
  Well for a start, I've never met a Chinese person who didn't agree with the Great Firewall. So the reality is that the point of it is that people actually like it.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Public v. Private by girlintraining · 2012-04-03 03:49 · Score: 5, Interesting

The fundamental problem here is that Tor is accessible to the public. No, you read that right. As long as anyone can download a Tor client and connect, that person will have the IP address of at least one other Tor user. There is very little that can be done to prevent this without limiting access to the Tor network by some kind of handshake/authentication model. At the very least, the network is vulnerable to a denial of service attack; Since it can't tell a legitimate user from an illegitimate one: By design, the traffic is encrypted and the source obfusciated.
Tor can't ever fully succeed in its objective -- it can only maintain network integrity so long as the ratios between different types of users, client accesses, etc., remain in the green. Should the balance ever tilt, the network will become unusable.
A real solution is end to end encryption network-wide, which is what IPv6 was supposed to do, but as I'm sure you've all realized; the capitalist owners of the routers, switches, ISPs, etc., have decided artificial scarcity of IP address space could be profitable to them, so IPv6 is sort of dead on arrival. But even if it weren't, the notion that the ISP can't control what connections are made based on content is not something any of them want to give up; again, in the name of profits.
So basically, we need a whole new internet, built by the people, from the ground up. And it will probably have to be wireless. The problems of wireless high speed internet between buildings is hard enough; Try between cities. :\ But that's the only way I see of re-establishing a free and democratic digital communications medium.

--
#fuckbeta #iamslashdot #dicemustdie
1. Re:Public v. Private by Greyfox · 2012-04-03 03:58 · Score: 2
  
  Currently there's no reason you couldn't set up an encrypted virtual network on top of the existing network. Hell you could probably do encrypted UUCP over the current network and accomplish a lot of what you'd want to get done. You can even do E-Mail over UUCP, though I seem to recall that it was somewhat nasty.
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
2. Re:Public v. Private by slashdotresearch_mj · 2012-04-03 04:30 · Score: 2
  
  I've learned a little about Tor from some comp. sci friends who work with it but I don't really know anything about hte IPv6 you brought up and it sounds interesting. Do you have any links that a social scientist and not a computer scientist, could make sense of? I like to actually hear/learn this sort of thing from a human being rather than just searching away myself in the beginning if you wouldn't mind. I end up getting better information that way it seems.
  
  --
  This is a research account for studying online commenting so we can create tools to improve moderation.
3. Re:Public v. Private by FireFury03 · 2012-04-03 04:36 · Score: 2
  
  A real solution is end to end encryption network-wide, which is what IPv6 was supposed to do
  No it isn't. You can set up ad-hoc ipsec with keys hosted in DNS if you like - this is irrespective of whether you're using v4 or v6. The problem here is that it's a bit of effort to set it up and practically no one running a server actually does it (making setting up a client reasonably pointless). And no, this won't magically start happening if you switch to IPv6 - you still need to jump through all the same hoops to set up ipsec and practically no one does.
  
  --
  http://blog.nexusuk.org
4. Re:Public v. Private by Hatta · 2012-04-03 07:26 · Score: 2
  
  A real solution is end to end encryption network-wide, which is what IPv6 was supposed to do
  LOLWUT?
  
  --
  Give me Classic Slashdot or give me death!
Glad the tor project has a solution. by hrimfaxi · 2012-04-03 04:27 · Score: 5, Interesting

I live in China. The obfsproxy tor bridge works for me. The GFW staff now have to find the address of tor obfsproxy bridge manually to block it. As long as so far as they didn't find out the unpublished bridge address yet Tor works fine for me.
In China people are seeking different ways to breach GFW. We mainly use SSH tunnel, OpenVPN, or some sorts of HTTPS proxy (with some obfuscation needed by both sides or it doesn't work for GFW has capacity to probe SSL/TLS proxy).
I am glad tor now is functioning again in China. Just began to spread the obfsorxy tor browser to the others who need it.
1. Re:Glad the tor project has a solution. by DigiShaman · 2012-04-03 06:16 · Score: 2
  
  For now.
  They might get pissed and finally draft a law that explicitly states all ISP subscribers will be monitored. Any attempt to circumvent this state process will be met with harsh penalties. There is to be no expectation of privacy. Any and all attempts to prevent root access to the accessing client will be viewed as in direct violation. As a precaution for your safety and to ensure innocence, all accessing client devices must have state sponsored monitoring agents running 24/7. Anyone found in direct violation will be sent for training and re-education at their financial expense.
  Your support and understanding of this matter is not only important, but mandatory as well. Thank you.
  Ya, right. That could never happen...
  
  --
  Life is not for the lazy.
Re:Normative Syllabic Verse by Anonymous Coward · 2012-04-03 04:56 · Score: 2, Funny

Burma Shave.