Slashdot Mirror
Ask Slashdot: Ideas and Tools To Get Around the Great Firewall?
New submitter J0n45 writes "I will soon be traveling to mainland China. While I'm only a tourist, I will still be working freelance for a company back home. I know for a fact that a large amount of the websites I need to have access to on a daily basis for business reasons are censored by the Great Firewall of China. I have been using the Tor Browser for a while now for personal purposes. However Tor has been blocked by China. I was wondering if a personal proxy (connected to a computer back home) would do the trick. Would I be too easily traceable? Basically, I'm wondering if I need to try random public proxies until I find one that works or if there are any other options. What does Slashdot think?"
- While I'm only a tourist, I will still be working freelance for a company back home.
- are censored by the Great Firewall of China
What does Slashdot think?
That you are
1) Breaking immigration laws by working while on a tourist visa.
2) Breaking laws by trying to get around the web censors and doing something not allowed.
Honestly, if you are just going to China to break their laws, why not just stay at home? If you still want to continue then don't break immigration and other laws in the country you are visiting. It's not only illegal but greatly distasteful towards the host country. They are welcoming you as a visitor and yet you are just going to be breaking laws.
Sounds like the Great Firewall engineers are looking for some free security pointers from the rest of the world. Any idea we come up with will be blocked before this schmuck gets over there.
But seriously, you should just take a real vacation and not work. Or cancel the vacation and stay at home, working. Better to play it safe and not end up in Chinese gulag for the next 30 years.
sudo make me a sandwich
I hear that the Chinese won't stop you from SSHing to a system outside of the country. You can turn SSH into an ad-hoc VPN if you'd like:
https://help.ubuntu.com/community/SSH_VPN
Palm trees and 8
More like an oligarchy.
Unlike even the RIAA, they will shoot you dead if you screw with them.
Yet.
Flexible bare-metal recovery for Linux/UNIX
I am by no means an expert in this but the question has been asked before here and I agreed with the overall sentiment: Don't break the law.
The Chinese government will ensure that you regret being caught.
And although I will be going as a tourist, I still need to be able to regularly import large quantities of heroin and cocaine. However, this isn't allowed according to US law, so can anyone suggest how I can circumvent this law largely because I don't accept it and want to carry on with my massive heroin and cocaine habits while there...
Local laws, whether you believe they are right or not, follow them if you want to stay out of jail.
I don't know the legal issues at hand, nor do I know the laws of China, but if what you are planing to do is a violation of those laws you should be prepared for an extended stay as a guest of the Chinese government.
While you might not believe that what they do is correct, moral, or defensible, it is non the less their country. Just as you would expect foreign visitors to your own country to respect the local laws, you should respect the laws of a country that you visit. If you find the laws so personally distasteful that can not abide by them, don't go.
Yeah I know you're going to think I'm a tinfoil hat guy but basically anything you bring to China should be considered as compromised. iPod, tablet, computer, phone, etc. If you don't use burners, you should definitely at the very least wipe them and start over when you get back into the states. Anything you leave alone in your hotel room probably won't be left alone. Put removable tape over your cameras on these devices.
Also, if you're going to encrypt your traffic, keep in mind that most encryption standards will be broken so if you can set your encryption and you have a speedy machine then set it as high as possible. Basically, you can assume that any sensitive stuff and all of your stuff you send over anything will simply be recorded and written to disc. It's not a question of if they break the encryption. It's a question of when. Make sure none of it matters and you're dead and buried by the time they can break that. The Chinese government is in it for the long game. They are not above corporate espionage.
My personal option would to bring simple devices, treat them as burners and simply enjoy a vacation from work.
My work here is dung.
Personal viewpoints on censorship aside, I'd be hesitant to break any Chinese laws while in China. Why, my dad just returned from a 14-year stint in a red Chinese prison...
Exactly this. I have a relative that went there on vacation with 20 or so friends. They were walking around late in the evening & turned down a "wrong street" they were all arrested & held for no reason for several days. My relative & his friends think that the only reason they were released was because it was such a large group. When they were released, they were told to never travel without a guide again & make sure they didn't go down that road.
Use a VPN service. I've used a corporate VPN and one based out of India (to avoid U.S.-centric blocking issues) called SwitchVPN. While they both worked fine, this was a year ago. The best thing to do is look at the current VPN companies and see who is being blocked today and why. If several from one country are getting blocked, choose one based out of a different country that doesn't have close ties with that country. It changes all the time, but it doesn't turn on a dime. It seems like the blocking happens in fits and starts (a bunch blocked a couple months ago, a bunch of different ones blocked next month, etc.) One thing I've found is that corporate VPNs seem to almost never get blocked, so if you have access to one of those, it is a good backup.
Post this question at one of the many expat forums catering to those of us (well into the high 6 figures) who live in China.
What we'll tell you:
1) Sign up for a VPN before you get here.
2) Profit.
It really is that easy. Oh, and the bit about what you are doing being legal or not? here in China there's what's legal, and then there's what you are allowed to do. Sometimes they are even the same thing.
As long as you are not telling other Chinese people how to break through the firewall, I doubt that Chinese government will go after you. They do not need to add stress to their relationship with the USA, and they would probably prefer to sneak something onto your laptop so they can get some trade secrets than to stop you from using a corporate VPN. The purpose of the firewall is to control Chinese citizens, not to harass foreigners.
Palm trees and 8
visitors arrested for circumventing china firewall
oh, I guess there are no results.
Go right ahead!!
(IANAL, URIDIOT)
How long are you going to be there for? Because unless it's months and months, I would urge you to sort out your business affairs in advance and just not bother trying anything "clever" while you're out there. Because believe me, a bit of business inconvenience back home is nothing next to the world of hurt you will inflict upon yourself (albeit with some helpful assistance from others and their nice electrodes) in the admittedly fairly unlikely (but by no means impossible) scenario that you piss off the security side of what is still, despite a bit of spin and economic modernisation, a creepy totalitarian state apparatus.
Anyway... their country, their rules. When I travel to the USA, I'm generally struck by how stupidly low speed limits are, particularly given how well maintained, open and relatively quiet they are compared with ours here in the UK. But I don't plot and scheme for how I can drive at UK speeds - I follow the US speed limits. Now in the case of China, we're talking about rights that are rather more fundamental than "being allowed to drive fast" - but hey, you've chosen to go their on holiday (you've said you'll be a tourist) and you're a guest, so perhaps you should behave like on.
Besides, you'll get a lot more out of your holiday if you aren't constantly trying to work while you're out there. So as I said at the start, do whatever you can to organise things so you don't actually need to work while you're out there (or consider cancelling your trip and re-booking at a better time).
Let's be real - China is a Communist dictatorship, period.
Well, let's be real, then. The Chinese Communist Party is "communist" in the same way the Democratic People's Republic of Korea (North Korea) is "democratic".
"Convictions are more dangerous enemies of truth than lies."
Tor was blocked by China. They've since added bridges intended to bypass the firewall. It's always been a cat and mouse game with China. Always will be. But right now, Tor works in China. Tomorrow, who knows.
#fuckbeta #iamslashdot #dicemustdie
Well, let's be real, then. The Chinese Communist Party is "communist" in the same way the Democratic People's Republic of Korea (North Korea) is "democratic".
I should clarify, in both cases, it's a word they use for propaganda purposes, not a reflection of their actual ideology.
"Convictions are more dangerous enemies of truth than lies."
Unlike even the RIAA, they will shoot you dead if you screw with them.
If OP is an American, not likely, if only because they don't want to annoy the US government. Now, if he's from, say, Nepal, all bets are off.
I am officially gone from
Set up your own VPN stateside, and work from there.
I think its the only real legimate way.
Using personal identifiable information through TOR to clearnet is a horrible idea, because of mallaicious exit nodes. TOR is great for anonymous browsing and research.
Setting up your own VPN stateside you exit to clearnet on a network you know is friendly. I think the chineese government will be less likely to mess with you this way. Given that many companies use VPNs this way, its should be very easy to explain this as business as usual.
About two years ago I had a friend that was in China for a length of time (6 months). I set them up with an SSH account on my home system which they were able to use as a SOCKS proxy using PuTTY. You can even download PuTTY from within China.
Based on my firewall logs, they not only don't block port 22, they actively encourage it!
Nonsense. China is a fascist oligarchy. Fascist in the Mussolini sense of merged state and corporate power, as well as the lack of any individual rights. And an oligarchy, in that it's ruled by a party and not an individual.
Give me Classic Slashdot or give me death!
I was in China last month and I just set up an OpenVPN server on my home machine and connected to that with no problems. It's noticeably slower, but worked just fine.
Note that it makes sense to use OpenVPN from just about anywhere.
-- Don't Tase me, bro!
Knowingly, willingly, and recklessly violating the law in any foreign country is not a good idea, period. It is well known that China does not have the same due process laws and criminal procedure of the United States. You could be charged with a capital offense such as spying and there is very little anyone can do to help you. Your best bet is to take a vacation from work and enjoy your trip. That much said you could look at a tunneling service such as tunnelr which uses OpenVPN to encrypt your traffic and tunnel through a firewall but you do this at quite a bit of peril. What happens if a civil servant monitoring the Great Firewall "sees" a session with a lot of encrypted traffic and it is not going to one of the regular, acceptable locations? Tunnelr also offers SSH encrypted tunneling.
...they are seriously lacking in perspective.
Think about this, for a moment, from the perspective of the Chinese state. If a significant portion of their lower class (a group of people who have been shat on by the upper class for centuries) had free, unrestricted, unfiltered access to information about their oppressors, and a way to mobilize together, it would be an absolute DISASTER for the Chinese state, and probably the stability of Chinese society in general.
YOU, as a westerner, are not the target of the Chinese state's censorship efforts. The Chinese state doesn't give a shit if you read about their human rights violations and the atrocities committed for the greater good. They especially don't give a shit if you visit Facebook or Youtube. You just need to make damn sure that you don't squawk about sensitive subjects while you are visiting. Attention to such issues is threatening to the Chinese state.
To all the fools saying "don't do it, you will be in another country, you are obligated to obey their laws, if you don't like it, don't go" - do you REALLY think that the upper class in China can't visit whatever websites they want? Give me a break. Internet censorship in China is designed to prevent the idiot ignorant lower class from shaking things up too much. Same reason you can't turn on a TV in the US and hear anyone having rigorous intellectual discussions about what is actually happening in the world. Doesn't mean the information isn't there, or isn't accessible in some way, or that people aren't talking about it. It just means that the average idiot probably needs to remain ignorant, in order to avert disaster.
To the OP, here are my recommendations.
I get a VPN service (called VyperVPN) thru my usenet provider (the well-known Giganews). It works fine in China. There are a variety of endpoints to pick from. One is in Hong Kong. Several in Europe and the US.
Works with PPTP, L2TP and OpenVPN. OpenVPN is probably the best (seems that some cheap networking gear does not support PPTP properly), although the most difficult to set up.
One thing to note is that DNS servers over there may lie to your machine. So having a list of the IP addresses of endpoints might be beneficial (you can probably write a script to resolve the domain names of all the endpoints and store the IPs in a file *while you are connected to the VPN*). Maybe put the right ones in your hosts file or something.
I used overplay.net's commercial OpenVPN. There's several competing services specifically tailored to bypassing the great firewall. Overplay in particular has a huge list of servers in different countries. Occasionally one would get blocked, but one of the others would always work.
Best $10/month I spent while I was there.
Regarding the locals laws, etc.. it's a definite gray area. The laws don't say you're not allowed to post or view certain things. The laws just say that the government is allowed to "normalize" (filter/censor).
I used a VPN for years and registered for my internet account using my passport. They knew who I was and could obviously see the VPN traffic. I never heard a word from anybody about it.
Do we really need all of these replies discussing the legality/morality? We get the point -- you're all a bunch of stand-up citizens.
Where is this recent wave of Sinophelia coming from? Why would you want to go to that cesspool of human rights abuses?
I want to delete my account but Slashdot doesn't allow it.
http://www.digitaltrends.com/music/the-riaa-is-dying/
Focussing on technology,
Other than ssh
SSTP seems like a good candidate? Shame it's only for Windows unless I'm mistaken an alternative?
A blog I run for the wealth
China does not want to keep Tor blocked eternally. They don't want people talking to each other about losing access to Tor; that would just inflate the number of Tor users in the country (see, for example, the increase in Tor use following Tor being blocked). The Chinese government blocks Tor when there is big news that they want to conceal until they get their own propaganda out. They keep techniques of blocking Tor on hand for just such an occasion.
Palm trees and 8
I run my ssh service on port 443 to get through more firewalls. I believe they could check traffic patterns to see that it isn't really https, but I'm not sure they do.
Having done the same thing myself, I used a pretty simple method that worked 100% of the time and I never had any trouble with disconnects or anything. You don't need a VPN if you don't have access to an easy ability to set one up, just set up an SSH tunnel to some box you have any access to anywhere and use it as a SOCKS5 proxy for your machine. Get your browser (or your entire machine if you want) to forward all internet traffic to your SSH tunnel and you can browse wherever you want. You can even use TOR over the proxy if you want, it'd be the equivalent of running TOR on the machine you're SSH'd over to. I did it using PuTTY and ProxyCap most of the time, worked like a charm, never got blocked or interrupted.
Well, that's one data point; it must be true!
I think its interesting that 90% of the comments are that its illegal to work on a tourist visa so a VPN back home is illegal.
In a minute or two I couldn't find the relevant legal defs for China, and that's all that really matters.
But in general, the extreme simplification has nothing to do with the claim.
Generally a business visa means you're there doing commerce with a local while not employed by a local... signing contracts, sales visits, demos. Unless your VPN back home is to download the sales pitch powerpoint to show to a local you're probably OK.
Generally a work visa means you're there working for a local as just another employee. From shoveling dirt to shoveling bits to pulling cable. The only way a VPN back home would matter would be getting accused of industrial espionage, or having two employers means a conflict of interest.
Generally journalists get a special visa solely so customs does not F with them as much resulting in bad PR, or if there's not many in the country, for internal security to track where outsiders are watching them (so.. machine gun the protesters in this city, but not that city where the journalists are, for example)
It would generally appear that generically fooling with a VPN back home for your back home employer has nothing to do with signing contracts with the locals, or working for a local, so a tourist visa generically would be OK for casual logins. Now a firewall violating VPN might be completely illegal, but it wouldn't be a violation of the visa. Since you're going to China and not "generic-land" you need to read their exact laws to make sure.
Generally visas are very interested in how you plan to interact with the locals. If, while sleepless laying in the hotel bed, you think of a new TPS report header for back home, even if you call home to tell people about your amazing new TPS header, as a general rule visas are not designed to care about that, as long as the locals have absolutely nothing to do with it.
Where visas get fuzzy is two foreigners meet at the hotel bar and start talking about a biz deal between two foreign firms, no locals involved... do they seriously expect the host country to enforce the local version of contract law for free? It can get messy.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
In fact, China has real, actual Communism in its history and is still in the process of recovering from that.
But yeah, it's still called a "Communist" country now for largely political reasons that have little to do with their current economic policies.
Saying that communism is bad and doesn't work would be tantamount to saying that Chairman Mao was wrong about his entire philosophy of government, which in China is roughly the equivalent, politically, of going to America and proclaiming that Abraham Lincoln was a complete moron and a horrible President. Worse, actually, because in addition to your political career it could also end your life. So instead the Chinese government says that communism is wonderful, as long as it's done in the Chinese way -- and then they define the Chinese style of "Communism" to be whatever the current economic policies are, totally irrespective of whether anybody would have called that "Communism" when Mao was still alive. Semantics. Western governments mostly play along, because we have several _other_ objections to the Chinese style of government, so having people think of them as "Communist" and therefore evil doesn't really cause any major problems here -- well, not any more it doesn't. There was the whole "Only Nixon can go to China" thing, but that's in the past now.
So it's a holdover, old terminology that no longer strictly applies but we continue using it anyway. That's a bit different from the North Korean situation. There was _never_ anything even _remotely_ democratic about that government.
Cut that out, or I will ship you to Norilsk in a box.
There is so much disinformation here. Just get yourself any standard $5/month VPN service. Set it up, and test it at home before you leave. Problem solved! Here's a great list:
http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs
Now about the other suggestions. Yes, the ALPHA tor correctly configured with bridges works today. But by the time you get there, China may have figured out how to block it again. As mentioned before, it's a cat and mouse game. Not to mention the fact that pages load about 10-20x slower over tor than they do over a regular VPN. This is only something I like to play with and your are nuts and a cheap bastard if you want to use it for your work.
The third option suggested here is to setup your own personal VPN. This is what I have done. I have one to my home computer and one running on Amazon EC2. They both work fine, but you have to know what your doing. If you haven't setup a dozen VPNs before and can't tell me what MTU is stay away.
Even in the major cities, Internet access in China is much slower than most places in America. The fastest Internet you get at home or high end hotels is 5Mbps/1Mbps with 1Mbps/128 the standard. Go into the rural countryside and even the 2 major Cell carriers may not offer Internet. Locals use dialup or deal without. Small towns are somewhere in the middle. Also note that you'll need a L2TP VPN for your smartphone since PPTP VPNs are blocked by cell carrier.
Man Crushed by Steamroller On Orders of Chinese Officials
My wife and I spent 6 months backpacking thru china last year.
a) most ex-pat's we met used a VPN service to get around any firewall issues. This also enables you come privacy as the connection is encrypted.
b) Most backpacker hotels aren't firewalled. It really seems the great firewall of china is mainly directed at citizens. The government doesn't really care that white people get around it. The higher ended hotels or hotels marketed more towards Chinese did appear to be firewalled.
Where are those brave folks, who'd say: Nope, if you're not "Free," then you don't get Me!
If -enough- folks made it -clear- that they won't support restrictions, just maybe it may help.
Another thought I had was: These "Help my data jump over the Great Firewall" articles
-may- be "plants" to help draw out any remaining workarounds to the latest version of
Great Firewall controls.
By answering, we may by listing any of the remaining workarounds, we're helping the ones,
who maintain TGF to close yet another door...?
I have lived in China for some time, and I have found using a ssh tunnel as a socks proxy works wonders. Don't expect it to be fast but that is a problem when connecting to any hosts outside China. You will risk them throttling your speed if you use it all the time with excessive amounts of traffic. Remember some website are blocked through dns so that means you need to configure your browser to resolve this via proxy as well
You obviously don't like the Great Firewall, and presumably don't support China's totalitarian government. So, don't support China's economy and government by visiting China.
There are many other methods, all slowing down your Internet connection substantially, so I'm not going to recommend here.
Was all over China for about a month last year in both urban and rural areas. I used a mifi hotspot with unlimited data (a rental from XCOM) and ExpressVPN. Absolutely no connection issues anywhere in China and all web sites / internet resources were available. I used a separate mifi box from XCOM for Hong Kong.
And hope you don't get caught and sent to prison.
---- Booth was a patriot ----
The ignorance of login doesn't make me a Coward...
What I did after I went to china for the first time was to setup an openVPN server on a free AWS VM.
If you know how to use the Linux command line, this is probably the cheapest way to get around any censorship, insecure wifi and other things. Steps (not very detailed):
1. Get an AWS account (you need a credit card, but it will not be charged until you get over 15GB traffic and then it's 0.12$/GB) (here)
2. Set up a micro VM of your choice (I prefer debian-based OSs)
3. Install openVPN and configure it according to the HOWTO
4. Install the client software on the computer you will be taking there (everything except iOS is supported)
5. Test it
You may want to set up a dynamic DNS for your server so the address doesn't change after restarts.
As a bonus, the location of your AWS server is the exit point, so you can choose where you want your VPN to exit based on what is censored where at which time (I currently have it exiting in the USA because in Germany almost all music on Youtube is blocked).