Behind the Great Firewall: What It's Really Like To Log On From China

alphadogg (971356) writes China makes headlines every other week for its censorship of the Internet, but few people outside the country know what it's like to live with those access controls, or how to get around them. This IDG News Service writer has lived in China for close to six years and censorship has been a near constant, lurking in the background ready to "harmonize" the Web and throw a wrench in his online viewing. It's been especially evident this month. Google's services, which don't follow the strict censorship rules, are currently blocked. How long that will last is unknown, but it coincides with the 25th anniversary of the Tiananmen Square protests earlier this month — an event the Chinese government wants no one to remember.

Much adu about nothing

[ebonum]

I live in China. Everyone I know hops the GFW with ease. It is a non-issue on laptops and cell phones.
These guys have a storefront in Shanghai:
http://vpninja.net/
You go to the store, you pay in Chinese currency and they give you a log in. It is fast and reliable.
Lots of people I know use Astrill. (astrill.com)
Of course anyone who is actually worried about security will set up their own server abroad and use putty or OpenVPN to access YouTube.

There is no Great Firewall:

[Hartree]

"And we'll block any web site that says there is!"

Re:It's a little like Fight Club...

Nonsense.

Here is how you get around the "Great Firewall of China":

ssh -D1234 some.server.outside.china.which.you.rented.com

There, you're done. Yes, that really works, and if you're a tourist, the chances of really getting into trouble over that are, well, not huge. Some system will notice, somewhere - but you'll be gone after two to four weeks, anyways. It's not hard to get around the firewall - it is hard to get around it for a long time without showing up on the radar.

The real, main reason why the Great Firewall works is that it has the threat of legal consequences backing it up, that there is the real (or, something that is nearly as good, imagined to be real) chance that somebody will start asking you questions about what you are doing, if you are tunneling out or such. The other reason why the firewall works is that an average user will not bother - effectively, you block some website in the major ISPs DNS servers and have google remove it, it is out of sight, out of mind for the _vast_ majority of the population.

Agreed

I've spent some time in various parts of China. I simply set up 2 AWS micro instances running SQUID listening only on localhost and then ssh tunneled my laptop into them (I set up several ports for sshd to listen on just in case they blocked one or more). Had no problems. This has been known to work for quite some time reliably. Now and then you'd get a slowdown or your connections would drop, but overall it worked fine. Fire up your SSH client, use the -L option to tunnel a local port over to squid (and the -p option if you need to use an alternate ssh port) and you are all set. I upsed 2 machines just in case they got wise to the first one I'd have a fallback, but they didn't bother it.

Now, a friend of mine that used this technique set up a machine in his basement, and some nice chinese hackers broke into it and rummaged around. So you may find that you COULD get some attention this way, and you probably want to be not-too-foolish about how you utilize your nice little door to the world. In my case I just used it to browse my favorite sites, do some email, and a few things like that.

Its also worth noting that the GFW doesn't seem to do much with non-http protocols. It is known to block most VPN software, but Skype for instance works fine (though again, I wouldn't count on it being safe from prying eyes, and skype is known to leak certain types of information).

Honestly, I think Chinese internet sensorship is intended more to control the information flow INSIDE China and stop people from getting together and DOING anything political. They rarely bother about what people SAY, as long as it isn't "lets get together and club some Communists over the head tomorrow". The other danger is if you talk about specific people, like local officials. Anything that sounds like an actionable complaint is probably unwise. Idle talk OTOH? I don't think they care that much. They might delete it, but basically only a small fraction of Chinese people are stupid enough to bother saying anything like that, or have the time and energy for agitation vs finding gainful employment and some sort of living situation.

What's this internet thing you speak of?

[evilviper]

few people outside the country know what it's like to live with those access controls

It seems a strange sentiment to express, on a technical site.

I've never been to China, and yet I know EXACTLY what their internet access is like. Anyone here can find out for themselves in 10 minutes flat, by hopping on a proxy located in China, and surfing around.

The only extra bit of knowledge that I gained through my extensive time dealing with it, is how incredibly random, frequently changing, and therefore frustrating and utterly-pointless the IP bans are. Send enough traffic over an IPSec tunnel in a short enough period of time, and expect it to be suddenly blocked one day, only to work again in just a few days.

Re:You Can Help

China's attempts to censor the net is magnitudes more successful than ours

I disagree. China's population control is based on direct, overt actions. US' uses indirect, covert actions. While more expensive, these are less likely to make people cause trouble.

the US does not censor the net at all

Remember when the US seized Demonoid's domain?