Slashdot Mirror

← Back to Stories (view on slashdot.org)

Architect of China's Great Firewall Embarrassed After Needing To Use VPN (shanghaiist.com)

Posted by msmash on from the getting-a-taste-of-your-own-medicine dept.

An anonymous reader writes: Fan Binxing, architect of the China's infamous Great Firewall, was put in the embarrassing position of having to use a VPN in front of a live audience when trying to access a blocked web page. Fang Binxing was giving a speech on internet safety at his alma mater, the Harbin Institute Technology. During the speech, he presented a defense for internet sovereignty and used North Korea's own version of the system as a talking point. Things got awkward really fast, however, when he attempted to access blocked web pages hosted in South Korea to demonstrate his point. From there his speech went from being a defense of the Firewall to a demonstration of its stupidity. Unable to access the websites he needed to continue his speech, Fang somewhat unexpectedly resorted to the same illicit tool which all expats in China are all familiar with: the beloved VPN. This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

106 comments

  1. Raises one question.... by Anonymous Coward · · Score: 1

    I believe that's two questions....however, there is only one answer.

    1. Re:Raises one question.... by jellomizer · · Score: 2

      When you have a government VPN catering to about 1/2 of the world's population. You cannot sufficiently lock it down to an ideal settings, as even if you have 1% of the population deserving and exception that is 30 million people who you need to modify. Because of this, it is very easy to find a flaw, as there is a lot of holes to take advantage of.

      Also the problem with communism is the idea in order for it to function the entire population will need to be onboard with the communal living. That just can't happen, so we have groups of people who are more connected to the party who gain more advantages and leeway, while others who are not part of the solution receive harsher treatment, as a way to get them to follow the party method.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:Raises one question.... by peragrin · · Score: 1

      Yep the answers is both. The ruling party gets special treatment and China's great firewall is mostly that easy to bypass. China does keep blocking various vpns which makes it a moving goal.

      --
      i thought once I was found, but it was only a dream.
    3. Re:Raises one question.... by wiggles · · Score: 4, Informative

      When I was there, it was definitely not easy to circumvent. I tried multiple VPNs, dns tricks, all kinds of things, but my internet coverage was spotty at best. If I tried to go to any western news site for any reason, I'd find my phone either throttled to nothing or completely offline for hours or days.

      They seemed to be cracking down on VPN usage via deep packet inspection and/or whack-a-mole with overseas endpoints.

      I was there in November of 2014, so I can't imagine things have gotten much better.

    4. Re:Raises one question.... by MightyMartian · · Score: 4, Interesting

      It really is the same psychological trick that the Communist regimes have been using since the beginning. They've never been able to censor information completely, even in the pre-Internet age it was an impossible technical problem to fully solve. So you play a psychological warfare game instead. So long as the citizens think you have the ability, and that if they read a forbidden book or a forbidden website, that somewhere the vast colossus of state security, a light will flash and a klaxon will go off, and very serious men will appear at your doorstep and you won't be seen again. You reinforce that by making the odd citizen disappear here and there, to build up society's paranoia. The whole point is to make people police themselves.

      That's why the Great Firewall, and the versions that other countries, even some so-called "liberal" democracies are creating, are as much a form of security theater as an actual control on reading forbidden content. These firewalls are like a polygraph test, they are effective because people believe they are effective, so they don't need to actually get anywhere near 100% success rate in blocking content and recording attempts. Heck, I doubt they even have to approach 50%.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    5. Re:Raises one question.... by Anonymous Coward · · Score: 1

      "'Communism doesn't work because people like to own stuff." - Frank Zappa

      "Under Capitalism, man exploits man. Under Communism, it's just the opposite. - J. K. Galbraith

    6. Re:Raises one question.... by Anonymous Coward · · Score: 0

      As usual for Slashdot, this article makes no sense.

      If Mr. Fan Binxing was giving a defense of China's Great Firewall, then why was it so crucial that he be able to access blocked websites located in South Korea? Why was accessing these prohibited websites so important that he couldn't give his speech without them?

    7. Re: Raises one question.... by Anonymous Coward · · Score: 0

      Agreed. Its a rhetorical question. VPNs arent banned in China. Its for the masses and to penalise vpn users in general, not stop them

    8. Re:Raises one question.... by ShanghaiBill · · Score: 5, Interesting

      Blocking 99% is good enough. China is not trying to totally block outside information. They are just trying to keep a lid on organized dissent. Western news publications are commonly available at newsstands, although an occasional story on Tibet, or Xinjiang, or Xi Jinping's offshore bank accounts, will be torn out. Most urban Chinese are better informed about what is going on in the world than typical Americans. China is actually more worried about social networks, where people can organize outside of party control. So Facebook is blocked, and instead they have WeChat and QQ, which are monitored and controlled.

      Also, the Chinese Firewall is not "stupid". It may be evil, but it is not stupid. It is very effective at accomplishing its goals.

      China has never even tried to implement a classless society. In fact, they did the opposite, by strengthening feudalism and binding the poor to the land. Everyone in China is issued a Hukou identification card at birth, that has their hereditary class printed on it. If you have the "wrong" class, as 80% of the population does, then you can be deprived of public education, housing, and even food. 99% of the 30 million people that starved to death during the Great Leap Forward had low class (rural) hukous. Today, about half the children in big cities like Beijing and Shanghai, have no right to attend public school, or go to a public hospital.

      One reason that the Chinese and outsiders see the Tiananmen Square incident very differently, is that the protesters never called for reform of the Hukou system. Outsiders see the protesters as heroes standing against oppression. Many Chinese see them as spoiled offspring of the urban elite trying to preserve their privileges.

    9. Re:Raises one question.... by AaronGabrielson · · Score: 3, Informative

      I just got back from Beijing last week and used a VPN on my phone without much trouble. Mobile data was quite fast and reliable there. Combined with the VPN, it worked just fine. It was so easy to bypass, it almost makes me wonder why they bother.

    10. Re:Raises one question.... by Anonymous Coward · · Score: 0

      thanks. Learnt something today. I never realized this was the basis of effectively a new class system

    11. Re:Raises one question.... by hackingbear · · Score: 2

      somewhere the vast colossus of state security, a light will flash and a klaxon will go off, and very serious men will appear at your doorstep and you won't be seen again

      What first hand stories do you have to support this?

      As someone grew up in China in the 80's, we listened to Voice of America for 10 years and not a single serious man or woman ever appeared at our doorstep. What you said would be true in the Cultural Revolution period in the 70's, and I have first hand story too: when I, as a 5 year old, tried to fold a piece newspaper into a boat, my sister who was 5 years older stopped me because there was a picture of Chairman Mao.

      Today, I also have friend there doing VPN every day for years and he's moving around freely still.

      No, they don't care the shit what an individual sees or says. They care what the mass see or say in some cases.

    12. Re:Raises one question.... by Anonymous Coward · · Score: 0

      What about the poeple in the west that can only afford to rent stuff.

    13. Re:Raises one question.... by Anonymous Coward · · Score: 0

      He wasn't saying there "is" a klaxon that goes off, he was saying that the power of the tool is in the average person "believing" a klaxon will go off.

    14. Re:Raises one question.... by ShanghaiBill · · Score: 2

      thanks. Learnt something today. I never realized this was the basis of effectively a new class system

      The main reason you haven't heard more about it, is because 99% of Chinese that are able to obtain visas and travel to the West belong to the privileged class, and have no reason to criticize a system that benefits themselves and their families.

    15. Re:Raises one question.... by Anonymous Coward · · Score: 0

      The reason why China had set up a hukou system was to make sure that the social services that were provided in the cities wouldn't be overtaxed. When you look at other societies and countries that don't have such a system like e.g. the Philippines, you will see massive lawless slum shantytowns. I'm not sure which is worse, that or the freedom to move and get social services or these type of areas which equally don't get social services. It's also no different than people who argue against illegal immigration.

      It's not like children from rural areas DON'T get any education or health care. That's not true. They just have to go to school in THEIR area. Also urbanites are equally affected. It's not like a guy from one city can just get up and leave and go to another city and enjoy services there as well, they also have to apply and show they have a certain type of job, etc., before being able to move and get residency in the other city.

      Anyways it appears that the hukou system is going to be reform soon, and China is busy right now trying to move rural peasants to urban areas in a massive migration. So all of this may be moot in the future.

    16. Re:Raises one question.... by ShanghaiBill · · Score: 0

      The reason why China had set up a hukou system was to make sure that the social services that were provided in the cities wouldn't be overtaxed.

      Nonsense. For every extra person given education or medical care in a city, is one less given those services in a rural village. So the cost is not higher to relocate the services. Migration to the cities started more than 30 years ago. That was plenty of time to adjust.

      It's also no different than people who argue against illegal immigration.

      More nonsense. Illegal immigrants are not citizens of the country denying them basic services. Also, their status is not hereditary. The child of an illegal immigrant is not considered an illegal.

      It's not like children from rural areas DON'T get any education or health care. That's not true. They just have to go to school in THEIR area.

      You are completely missing the point. These children are NOT "from rural areas". They were BORN IN THE CITY. In many cases, their parents were also born in the city. In some cases, so were their grandparents. Their class has nothing to do with where they were born. It is inherited paternally. So their class is whatever is printed on their father's hukou (identity card). If they are illegitimate, and their father is not identified, then they are screwed, and have no rights to education or healthcare, regardless of their mother's social status.

      The hukou system is no more justified than Apartheid was in South Africa, or Jim Crow in the American South. It is a morally reprehensible system, and it should be abolished.

    17. Re:Raises one question.... by Anonymous Coward · · Score: 0

      Traveled all over china in 2013 and 14, some places not even a vpn was needed for full access, others using a vpn would only work for a short time then strangely stop working.

    18. Re:Raises one question.... by shuying · · Score: 1

      Today, about half the children in big cities like Beijing and Shanghai, have no right to attend public school, or go to a public hospital.

      There are many problems with the hukou system and most people in China do not like it at all. But you are spreading LIES. It may be difficult for a rural hukou child to get public education in a big city, but certainly not impossible. A rural hukou person can get services at any public hospital without any problem. He just doesn't have health insurance to cover his expenses.

      Everyone in China is issued a Hukou [wikipedia.org] identification card at birth, that has their hereditary class printed on it.

      Saying that hukou is hereditary is misleading. Except for the two megacities (Beijing and Shanghai), it's trivial to get a city hukou if you have a college degree. Also things are changing now. In developed areas, a rural hukou may be more desirable than a city hukou because with a rual hukou you are entitled to many unique benefits provided by your village.

    19. Re:Raises one question.... by shuying · · Score: 1

      Their class has nothing to do with where they were born. It is inherited paternally. So their class is whatever is printed on their father's hukou (identity card). If they are illegitimate, and their father is not identified, then they are screwed, and have no rights to education or healthcare, regardless of their mother's social status.

      Stop spreading misinformation. The hukou class of a child can follow either the mother's or the father's.

    20. Re:Raises one question.... by ShanghaiBill · · Score: 1

      The hukou class of a child can follow either the mother's or the father's.

      Here is a citation that says you are wrong. A quick Google search turns up many more. Illegitimate children in China (heihaizi or "black children") are denied many basic rights of citizenship.

    21. Re:Raises one question.... by Anonymous Coward · · Score: 1

      I was in shanghai, oct 2015 and feb 2016.. I used a VPN all the time. The problem is that you get about 1-2 days of it working, and then it completely stops. We had to VPN over strange ports to an ip in chicago, then to germany, and keep moving them around. We got through, but it burned the hell out of our phone batteries pretty quick.

    22. Re:Raises one question.... by ShanghaiBill · · Score: 1

      it's trivial to get a city hukou if you have a college degree.

      Riiiight, because the son of a rice farmer, banned from public schools, should have no problem getting a college degree. And if the peasants don't have bread, let them eat cake!

    23. Re:Raises one question.... by Anonymous Coward · · Score: 0

      I support building a European firewall, I think it is ridiculous that we don't have one yet. China were ahead of the game, still are.

      The firewall is a tool with which you can do things that are beneficial to society or things not so beneficial. We should all have them and it is down to each society to properly use them, much like laws and how they are used.

      As one example: If I run a small site/service then I don't want american providers of similar services ddosing my site offline. So my options are fork out for cloudflare (financial cost and putting my traffic through people I don't trust), look for a European based solution similar to cloudflare (still putting my traffic through extra 3rd party) or invest heavily in infrastructure that;s likely to put me out of business.

      I would like my government to help fix this and protect our indigenous companies from foreign companies with deeper pockets & better resources.

      It is up to the people in each society to enforce their own cultural/societal standards for what is permissible to view/use/communicate whether they have a great firewall or not. I don't subscribe to the 'all or nothing' that seems common with some americans. I don't see firewalls as intrinsically bad so don't see why you think 'so-called liberal democracies' should not have them.

    24. Re:Raises one question.... by shuying · · Score: 1

      it's trivial to get a city hukou if you have a college degree.

      Riiiight, because the son of a rice farmer, banned from public schools, should have no problem getting a college degree. And if the peasants don't have bread, let them eat cake!

      "banned from public schools"? What a joke! You're sickening. Any one who has been to China should know that you're just telling lies.

    25. Re:Raises one question.... by Wycliffe · · Score: 1

      One reason that the Chinese and outsiders see the Tiananmen Square incident very differently, is that the protesters never called for reform of the Hukou system. Outsiders see the protesters as heroes standing against oppression. Many Chinese see them as spoiled offspring of the urban elite trying to preserve their privileges.

      The other reason is that Chinese school children are taught it never happened. I've actually had conversation with college aged kids from China who still don't believe it really ever happened.

    26. Re:Raises one question.... by Anonymous Coward · · Score: 0

      For some odd reason, I suspect you are someone who has always lived in a first world nation, and never really experienced poverty in urban areas. You also don't seem to understand basic social and economic forces at play.
      -----------

      Social services costs won't be the same in the city and rural areas. The cost of living in urban areas is much more than the cost of living in rural areas.

      Migration to cities started more than 30 years ago. But YOU DO REALIZE that China IS NOT RICH. The GDP/capita is MUCH lower than Japan, Korea, Taiwan, and pretty much any Western nation. The GDP/capita is actually a little bit lower than many Middle Eastern/N. African countries where tons of citizens are trying to move to Europe. You DO realize that in the 80s, China/capita was EVEN POORER than N. Korea.

      Status is not hereditary. You can move. I knew people WHO DID move and changed their hukou.

      Seriously have you ever been to any third world nation. India, Philippines, etc.? Have you seen the shantytowns set up? For me at least, it's way worse to have to live in such conditions due to a social breakdown of law and order as well as basic social services than to live in rural areas. You could say that all these other third world nations had plenty of time to adjust but haven't and CAN'T.

      In the end I think you are totally missing the point here. You only have to compare India to China, and there's vast differences. In the 70s-80s, India was actually richer by a little at some point. Now we know India can't even provide bathrooms for most people.

  2. I'm sure by Big+Hairy+Ian · · Score: 3, Funny

    He'll be introduced to "The Great Firing Squad of China"

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    1. Re:I'm sure by Anonymous Coward · · Score: 0

      It is impressive - go watch the emperor and the assassin!

  3. Question by Anonymous Coward · · Score: 0

    This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

    Yes.

    1. Re:Question by Archangel+Michael · · Score: 2

      are members of the government treated differently than normal citizens

      Name me country where this is not so?

      Or, asked a different way, do you REALLY think Hillary is going to prison? Even if convicted?

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  4. He just happened to have one handy? by KGIII · · Score: 4, Insightful

    So he just happened to have a VPN and an account all ready and set to go or is this a normal thing? I'm guessing it's the latter. I'm not sure why you'd be embarrassed about it. It's not like he just happened to notice while being shown live. He had one already there, installed, and an account configured.

    By the way, I've been to China and, as near as I can tell, everyone that I met had a VPN - usually one of the 'free' ones that you load up in your browser as an extension. And no, they didn't seem embarrassed about it. Then again, they weren't live and the person who configured the firewall.

    --
    "So long and thanks for all the fish."
    1. Re:He just happened to have one handy? by decep · · Score: 2

      Nobody is truly embarrassed by the porn like until they have to watch it in front of an audience.

      It is one thing to do something privately and something entirely different to do the same publicly. Especially when there is a reasonable chance of a prison sentence for doing so.

    2. Re:He just happened to have one handy? by Anonymous Coward · · Score: 0

      He surely visited those pages while preparing for his speech. Unless they were blocked overnight. He already used some tool to reach them and he must have known he'll need those tools. So embarrassment shouldn't be a case either.

    3. Re:He just happened to have one handy? by Anonymous Coward · · Score: 0

      It's one of those pre-emptive strike things where everybody breaks the law so that the government has an excuse to arrest you immediately if you're doing anything that bothers them. Same reason Britain's trying to go for full-on Snooper's Charter.

      Whether he gets in any trouble depends on whether this is considered sufficiently embarrassing.

    4. Re:He just happened to have one handy? by Anonymous Coward · · Score: 0

      Then again, they weren't live and the person who configured the firewall.

      That's kind of the whole point of the article.

    5. Re:He just happened to have one handy? by amRadioHed · · Score: 4, Interesting

      Or his personal computers where he works are outside the GFW, so he didn't realize the pages were blocked.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    6. Re:He just happened to have one handy? by KGIII · · Score: 1

      I'm not sure it's really private - as in, I witnessed people using them as I walked through outdoor areas and could see browser extensions. I've also discussed them, specifically, because I found the concept weird. (I'll touch on that in a moment.)

      So, I don't really think it's all that private. An AC mentioned an interesting point below - that he'd surely visited the pages in preparation for his talk. He should have already known. Then again, maybe he'd told someone to have it unblocked for him by the time he was doing his talk and someone dropped the ball? Who knows. We'll, quite likely, never find out.

      Now... I found it odd, the whole censorship thing. They know they're being censored. It's sort of openly discussed. At least nobody had any problems talking with me about it. It's odd enough that I don't really know how to describe it. I've been all over the place and every culture there are many similarities but some are just so unusual that I didn't have time to adjust - it would probably take me years to do so.

      Hmm... How do I try to explain it? Well... I'll try it this way.

      They pretend to believe the government and the government pretends that the citizens believe them.

      At least that's my impression. Keep in mind, I've only spent a total of about three months in China - ever. That's spread out over three separate visits with the longest one being two months where I'd hired a guide and we traveled around. We even flew up north. Beautiful area(s) by the way. Some of China is absolutely stunning.

      But, the lack of time to really adjust and my being a foreigner means there's probably someone more qualified to speak about it. But that's what it seemed like to me. They seemed well aware of the censorship and propaganda. It was openly discussed with me on numerous occasions. Once you get out of the major metropolitan areas, it's almost like little fiefdoms anyhow. But that's just my impression. At any rate, once you get out of the cities and tourist areas, they seem to care more about the local government more than they do the national government.

      I don't know if there's much oversight or not but it certainly seemed like local officials, in the smaller areas, carried some big sticks. (Figuratively.) I had the occasion to talk with two different folks and dine with another, which I'd liken to a mayor or maybe a city councilman, and they carry themselves aloof and "regular" citizens seemed to speak of them with greater "respect" or reverence than they did the State government. I'm not really sure what lines are drawn where or how to reference their politicians.

      Like I said, there's probably someone here who is more adept at explaining it and more familiar with it than I. It was really unusual for me, almost eerie and almost creepy. The last two times that I visited were much different than the first time I visited. The first time was in the 1990s and the last two were just within the past six years. I was last there in 2012.

      Then again, maybe it's "face" if you're an upper-crust and you have to use a VPN? They didn't appear to hide their use and I openly discussed it on more than on occasion with people. There were a surprising number of people with a little onion icon. ;-)

      --
      "So long and thanks for all the fish."
    7. Re:He just happened to have one handy? by KGIII · · Score: 1

      That's a good point, by the way. I hadn't thought of that. The poster below adds to it as well... It's not like the usage was hidden so I'm not sure why anyone would be embarrassed. Ah well. Their culture's quite different as is their politics.

      --
      "So long and thanks for all the fish."
    8. Re:He just happened to have one handy? by Solandri · · Score: 3, Interesting

      Any software designer worth his salt creating a firewall will also keep up to date on methods to bypass that firewall. So I'm not at all surprised he had a VPN all set up and handy.

      The real point of the firewall is probably like the driving code in the U.S. With regular law, what you do is legal unless explicitly stated to be illegal. But by loading up the books with thousands of little laws that everyone occasionally violates in the course of their everyday lives, you invert that situation. The government can just ignore enforcement of the law for 99.9% of people, but if you raise their ire they can arrest you and cite you for violating all those little laws that everyone else breaks every day. You are guilty as a byproduct of living, the government just picks and chooses which of the guilty need to be punished.

    9. Re:He just happened to have one handy? by Anonymous Coward · · Score: 0

      It's sufficiently embarrassing now: it's all over the world news. Making large organizations look bad is never a good idea in terms of career continuation.

    10. Re:He just happened to have one handy? by magarity · · Score: 1

      So he just happened to have a VPN and an account all ready and set to go

      If you were the boss of such a firewall system wouldn't you have that all set up?

      The real question here all Chinese people should be asking is, what VPN service does this guy use and how does on sign up?

    11. Re:He just happened to have one handy? by whoever57 · · Score: 1

      I think that blocking by the GFoC is inconsistent. I don't know the factors, but I suspect that source IP address may affect what sites are blocked.

      The GFoC changes all the time, but when I was there a small number of years ago, OpenVPN was being blocked. It appeared at the time that the system had some heuristics to detect encrypted streams. I read shortly after that playing with the MTU values would allow the OpenVPN-based VPN to connect. I found that SSH was not being blocked, so I just used that.

      In this case, he might have been able to see the sites from his house or office, but not at the speech.

      --
      The real "Libtards" are the Libertarians!
    12. Re: He just happened to have one handy? by Anonymous Coward · · Score: 0

      You are an enemy of the State. Your next visit to the Middle Kingdom will be one you'll long remember.

    13. Re:He just happened to have one handy? by zedaroca · · Score: 1

      Freegate. It used to work pretty well, at least until 2012, and you didn't have to install it. I used to carry it around on a usb stick. So yes, people just happen to have one handy. It probably still works the same, but I'm not in China to tell.

    14. Re:He just happened to have one handy? by The_Revelation · · Score: 1

      I think your post may have missed the point. Its a bit embarrassing because the guy who created the firewall, was being blocked by the firewall, while attempting to retrieve technical information about firewalls which firstly demonstrates that the firewall is blocking legitimate web content on a country-wide level.

      Secondarily, in order to defeat the technological measures that he himself had created in order to protect China's 'innocence', hes fired up an extremely standard tool to bypass the blocking measures, while at the same time demonstrating to others how to bypass the blocking measures, all the while attempting to explain how the blocking measures are a good thing.

      Its the technological equivalent demonstrating how to break an 'unbreakable plate' while demonstrating the virtues of said 'unbreakable plate'

    15. Re:He just happened to have one handy? by Maxo-Texas · · Score: 1

      Ain't cognitive dissonance grand?

      --
      She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    16. Re:He just happened to have one handy? by KGIII · · Score: 1

      Yup. I'd think he'd be as matter-of-fact about it as the rest of 'em.

      Though, now that you mention it... The chances (two of them) that I had to interact with people who were fairly high-level government officials do bring that phrase to mind. I'd called it "role playing" to my traveling companion on multiple occasions but cognitive dissonance might be more accurate.

      --
      "So long and thanks for all the fish."
  5. Re: Summary Question by Anonymous Coward · · Score: 0

    > "...Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?"

    Yes.

  6. it's easy by Anonymous Coward · · Score: 0

    It's just that easy. However you risk going to jail using one correct?

  7. Editors? by Anonymous Coward · · Score: 0

    "the China"?

    Fan vs. Fang

    But kudos for using "raises the question" instead of "begs the question".

  8. The answer is in the question by Teun · · Score: 1

    The answer is in the question.
    I would go one step further, the Chinese are supplying 'approved' VPN IP's for their government people, IP's that are probably green listed in the firewall.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  9. Yes by Anonymous Coward · · Score: 0

    Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

  10. Answer... by Lumpy · · Score: 4, Informative

    Yes and Yes.

    Yes it's that easy to circumvent, and yes they are treated differently.

    --
    Do not look at laser with remaining good eye.
    1. Re:Answer... by arth1 · · Score: 1

      I'd have to say "Yes" and "Maybe".

      The second question doesn't make sense as it is written.
      Should it be "... different from ...", or should it be "... differentlier than ..."?
      I'd say Yes to the first of those, but No to the second, as I believe the Chinese government is too big to have individual rules for all the apparatchiks.

  11. If Only There Was a Website to Answer That! by eldavojohn · · Score: 4, Insightful

    This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

    If only we had a website the covered this sort of stuff ... oh right, we do! New VPN IP addresses probably take a while for them to identify the traffic on and block. But there are plenty of services like HMA that constantly roll out new ip addresses. So as long as you're a mouse willing to play whackamole with your cat overlords ... Annoying, yes, but that's the definition of the internet in China.

    In response to the second part, that is always true regardless of the answer to the first part. Not only are members of the government are treated differently but also their families. The "party" class enjoys many many perks. Unmonitored VPN connections would be laughable compared to their insider trading, disregard for the law and instant attack dogs they routinely utilize.

    While you're accepting suggestions, why isn't my aforementioned article linked in the "You may like to read:" section of this page? Those stories seem to have nothing to do with China's firewall yet a simple google search shows a whole slew of those stories on Slashdot. I think you could get timothy's family to help you track that stuff if you would return his body to them. They only want closure, it doesn't matter if it has to be a closed casket funeral!

    --
    My work here is dung.
  12. Demonstration of whose stupidity? by wvmarle · · Score: 1

    Was it a demonstration of the "stupidity" of a firewall doing it's job (why he had to access those sites is not clear from TFS to me, nor what he tried to achieve with it), or the human stupidity of someone not properly preparing a presentation?

  13. Study about the use by jovius · · Score: 1

    Here's perhaps a useful study about circumvention tools and usage, and what are the most common reasons to use them: https://www.openitp.org/pdfs/C... It's from 2013 though. Anyway, from all the bit over 1000 respondents only 2 had never used any tool.

  14. It is that easy by Anonymous Coward · · Score: 2, Interesting

    American with a Chinese wife here, I was in China last year. I set up vpn service before I left, installed the android app, and it worked in china just fine. You won't have as much luck with TOR, it will be slow or unavailable a lot of the time (tried that too just for giggles when I was there). A large number of foreign born Chinese that are there for tourism or business use VPNs, usually with exit nodes in hong kong, korea, or japan. Several people there including at least one Chinese born one happily explained to me what apps to install and what vpn service to get if I wanted facebook, twitter and google. I don't know what the theoretical legal ramifications for using these services are, but enforcement is near zero. I assume the CCP is happy enough that the less tech savvy aren't accidentally exposed to what they see as subversive material through western media, Wikipedia, and twitter. Those that are tech savvy enough to seek it out likely have contacts in other countries and travel abroad anyway.

    1. Re: It is that easy by Anonymous Coward · · Score: 0

      As mentioned by someone above; it is wonderful to have so many people casually breaking the law. If you catch the attention of the elite you will quickly regret all of your mundane browsing history.

  15. Ethics by JustNiz · · Score: 1

    Seriously as engineers we need to have enough balls to say no and stand up to requests from employers to design/implement anything who's ultimate use is to do something immoral, such as suppressing individual freedom.

    http://www.globaltimes.cn/cont...

    Giiven the indisputable evidence that he actually did circumvent the Chinese firewall, I would love it if the Chinese arrested this joker. If I was Chinese I would have already filed a complaint against him.

    1. Re:Ethics by Anonymous Coward · · Score: 1

      [quote]Seriously as engineers we need to have enough balls to say no and stand up to requests from employers to design/implement anything who's ultimate use is to do something immoral, such as suppressing individual freedom.[/quote]

      I'm sure some of the engineers in China do have enough balls to do that. Or they did, before the government made them disappear...

    2. Re: Ethics by Anonymous Coward · · Score: 0

      I imagine coworkers would be tripping over each other to rat you out and earn favor with the party elite.

  16. As long as they allow SSH, they're screwed by Indy1 · · Score: 1

    as long as you have shell access (doesn't even need to be root level) to an outside unix box running ssh, the great firewall is doomed. Its so easy to use putty to tunnel HTTP traffic, that almost anyone can do it.

    http://www.techrepublic.com/bl...

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
    1. Re:As long as they allow SSH, they're screwed by Anonymous Coward · · Score: 0

      This is exactly what I did when I lived in China. I actually used it more for security reasons than anything else.

      The most interesting thing about the Great Firewall was how completely arbitrary it is. Sometimes you'll find the most innocuous thing imaginable has been blocked. Other times you'll just assume something is blocked until you actually check and discover it isn't.

      There are also a lot of situations where the firewall can be circumvented pretty easily without a VPN. As an example, I often used Yahoo Pipes to access rss feeds that were blocked.

    2. Re:As long as they allow SSH, they're screwed by Anonymous Coward · · Score: 0

      yes,it's a nice workaround, but you need to have access to a (non-public) server elsewhere.

    3. Re:As long as they allow SSH, they're screwed by Anonymous Coward · · Score: 0

      Not really, the great firewall has bots designed to port scan the targets of outgoing connections, https://www.nsc.liu.se/~nixon/sshprobes.html

  17. Didn't need VPN... by Kenja · · Score: 1

    Coulda just connected to any of the various wifi hot-spots all the hotels etc have over there with built in VPN!

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  18. All citizens are equal... by RobinH · · Score: 4, Funny

    "... but some are more equal than others."

    --
    "I have never let my schooling interfere with my education." - Mark Twain
    1. Re:All citizens are equal... by Anonymous Coward · · Score: 0

      In order to be embarrassed you need to have a morality where the Great Firewall is wrong. I imagine Fan Binxing thinks that the GFC is right; there are dozens of ways to rationalize this. In addition I expect he was well paid and that often goes a long way to overcome any moral queasiness.

  19. Anyone can by SumDog · · Score: 4, Interesting

    In graduate school, I asked a Chinese student about this. He said that anyone can get past the filters in China. He did it all the time. He also said, no one cared. The Chinese government didn't care if you did, but they cared if you talked about it. If you start posting things, blocked links or discussing politics in public forums in China, you can expect a knock on your door, fines, jail or worse. But as long as you don't talk about it, you can view whatever the fuck you want.

    1. Re:Anyone can by Zontar_Thing_From_Ve · · Score: 1

      But as long as you don't talk about it, you can view whatever the fuck you want.

      I wouldn't go quite that far. While I'm sure that there are subjects they will let you look at without talking to you, I wouldn't interpret to mean that there's not anything you can view on your own without having to, ahem, talk to the local authorities about. The CCP is still off the charts opposed to Falun Gong and nobody but the upper levels of the party itself seems to know exactly why this is. I've read several completely different explanations for this and they can't really be reconciled. My ex-girlfriend was born and raised in southern China and she told me a story of how when she was in college, she and her dormmates were all taken out once and interrogated pretty roughly by the police because one of the girls had family members who followed Falun Gong. None of the other girls, including my ex-girlfriend, had any knowledge of this. I doubt that normal Chinese people can go to websites supporting Falun Gong without the authorities becoming interested.

    2. Re:Anyone can by Anonymous Coward · · Score: 0

      But as long as you don't talk about it, you can view whatever the fuck you want.

      This was pretty much my experience in China.

      As for Falun Gong, yeah, the Chinese Government has done a lot of bad stuff suppressing it but no one ever talks about the fact that it's a Cult lead by a fucking nutjob.

    3. Re:Anyone can by Anonymous Coward · · Score: 0

      The problem with Fa Lun Gong is that it's so far detached from reality it's hard to say just how many of the crazy claims they make against the CCP actually are remotely based in fact. I'd imagine some of it is an exaggerated/misrepresented version of the truth, but it's basically impossible to extract any truth from all of their nonsense. Frankly, we should be thankful to the CCP for suppressing these crazies (and should let them have a go at Scientology while they're at it).

  20. Huh? by DNS-and-BIND · · Score: 1

    How is this "evidence of its stupidity"? How does that even follow? If anything, it is evidence of its effectiveness. The website was deemed harmful to the citizens by the government, and it was blocked. Even the creator couldn't access it. I'd say, job well done.

    Are members of the government treated differently from normal citizens? How is this even a question? Of course Communist governments think that intelligent people like Party members should be treated differently from the Great Unwashed and the laws they pass don't apply to them. Hell, that attitude has practically 100% acceptance in Washington DC among Democrats and Republicans alike.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    1. Re:Huh? by Anonymous Coward · · Score: 0

      By any chance are you autistic?

    2. Re:Huh? by linuxrocks123 · · Score: 1

      How is this "evidence of its stupidity"? How does that even follow? If anything, it is evidence of its effectiveness. The website was deemed harmful to the citizens by the government, and it was blocked. Even the creator couldn't access it. I'd say, job well done.

      Except for the part where he then proceeded to trivially circumvent the filter and access the website anyway, using a technique any Chinese citizen could use to do the same, and which many do use to do the same.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    3. Re:Huh? by Anonymous Coward · · Score: 0

      Fuck you :D
      I'm autistic and this is obvious to me. No idea why an example of the system being trivially circumvented is supposed to be evidence that it works.

  21. Yes by WillAffleckUW · · Score: 1

    There is only one answer, and offshore trust funds for China's Ruling Elites are the method to arrive at that answer.

    --
    -- Tigger warning: This post may contain tiggers! --
  22. Incorrect summary by thegarbz · · Score: 1

    Fang somewhat unexpectedly resorted to the same illicit tool which all expats in China are all familiar with: the beloved VPN.

    No he didn't. He just used a VPN. VPNs are not illegal, they are not banned, people don't get in trouble for using them, and every multinational corporation doing business in China inadvertently bypasses the great firewall anyway. What is illegal is to view certain types of content but this does not include things that the wall blanket bans. Likewise China's VPN administrators attempt to counteract circumvention by blocking known VPN providers that exist for the purpose of bypassing the great wall, yet no one to my knowledge has ever been prosecuted for running a VPN. Also it's not just expats that are familiar with VPNs. They are a big part of the internet experience for the common Chinese person too with many providers actually accepting payment services from China and having websites only in Chinese.

    This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

    Not a question at all. The firewall captures the uncaring denomination. It is trivial to bypass, though you jump through various hoops depending on if they block your host, also they seem to randomly boot some connections after they are running for an extended period of time but a simple reconnect fixes that. Bypassing the great wall is trivial for the common man and doesn't even require any kind of expert skills.

    1. Re:Incorrect summary by ukoda · · Score: 1

      I worked for a foreign (New Zealand/USA) company in China that used a VPN to connect back to our offices outside China. We were advised that the government would be needing to install monitoring equipment to our LAN. It had not happened at time I left that company but it sounded like it was simply a case of when not if.

    2. Re:Incorrect summary by thegarbz · · Score: 1

      The Chinese government is not one for blanket regulation of businesses. They are very careful of who and how they approach businesses. This is purely conjecture but I would put some money on the fact that wanting to monitor your VPN has nothing to do with keeping citizens uninformed about the outside world, and more to do with the fact that you're a foreign company and there's a potential to gain access to some information you have.

      Industrial espionage is so much easier when you're welcomed in the front door.

    3. Re:Incorrect summary by ukoda · · Score: 1

      You may well be right. It didn't actually happen while I was there, but may have since then. My recommendation was to set up a Linux server spoffing the traffic for a mythical LAN and have it monitor that.

  23. So maybe by Anonymous Coward · · Score: 0

    it's actually the Mediocre Firewall of China?

  24. The power of the state by Dorianny · · Score: 1

    The fear of the Communist Government is public unrest and subversion of state power. As long as you are being a good citizen and keeping the unwanted Western truth and ideology to yourself then you are really no threat to them. To identify these inciters China mostly relies on the human intelligence gathering capabilities of its vast Security Services. Although lately not even China seems to be able to resist the Big Data cool-aid

  25. Sovereignty by Anonymous Coward · · Score: 0

    Sovereignty is a keyword. It means powermongers power over people and the opposite of liberty.

  26. Why either/or? by HalAtWork · · Score: 1

    "This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?"
     
    Why is this an either/or thing?

    --
    Twinstiq, game news
  27. Car analogy by Zibodiz · · Score: 1

    This is like Chevrolet giving a public demonstration to show off how their trucks are better off-road than any other brand, then getting it stuck on live TV, and having to call a Ford truck to pull them out.
    Golf clap, China.

    1. Re:Car analogy by mdm-adph · · Score: 1

      Not quite -- it's more like Chevrolet giving a public demonstration about how easy it is to get out of their cars in an accident, and then the person doing the demonstration gets stuck in the seat belt. Then, to finish the demonstration, they have to perform it again while not wearing a seatbelt.

      --
      It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
  28. It really is just that easy by Giant+Electronic+Bra · · Score: 1

    For example, you can freely SSH from inside China to anywhere outside, except maybe some completely blocked IP address ranges. Certainly things work fine if you SSH to any of the AWS locations.

    So, fire up a nano instance before you go to China, and run a proxy server on it. I think I used squid last time, but there are a billion choices. Then simply port forward localhost port whatever to your proxy, and tell the browser to find the proxy at localhost on that port. My advice is to set your proxy up to listen on 2 or 3 ports, and set up a couple of nano instances with different elastic IPs, just in case one gets blocked (this seems to randomly happen once in a while for a short time period).

    I had no problem at all using this setup. It was usually reasonably snappy too, though YMMV depending on where you go, etc.

    Obviously you can resort to more elaborate schemes like Tor, but frankly I wasn't interested in being that obtuse. DO remember, the Chinese govt employs many fine hackers. I know for a fact they cotton to these kinds of things and while they may or may not bother to probe your systems, they DO sometimes break in and play various games. This is another reason to use an AWS instance, its utterly disposable. If you use a machine on your own network, you're just inviting in unwelcome guests who can be rather hard to get rid of.

    --
    "Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
    1. Re:It really is just that easy by Anonymous Coward · · Score: 0

      Yep. I'm doing that right now, from work, connecting to my server at home via ssh. Hi, websense! Bye, websense! :D

      I can't imagine it would work any less effectively from China than it does here, other than being a bit slower since the connection would be travelling across the world instead of a couple miles. Would they really block a random ssh connection to a specific machine only being used by one person? I can't imagine.

  29. Re:White listing.. by Anonymous Coward · · Score: 0

    As I understand it, China is moving to a "White List" system. By default, all IP's outside it's own national netblock range will be blocked. There will be a system in place to petition access. So for example, Apple, Microsoft, Exxon, etc want their site available, they might have to go through a system of registration. I honestly don't know how that work, but I'm guessing something along those lines. So basically, the majority of international businesses will be available. For your average Joe hosting a blog on a shared webserver??? Who knows, that entire public IP of that box no doubt would be blocked.

  30. VPN must for technical research in China by SvvS · · Score: 2

    A VPN is a must living in China for technical research. Even Baidu's Chinese language result list is bad. I know they have the same information as google,( I see the bot searching my sites), but the order is terrible. Most of the world advance research in computers is in English. but Baidu English sorting algorithm is very much like the funny Chinglish signs. For an engineer and other professionals to have access to the full internet will be required for China to advance and integrate into today's world, BUT.

    I do understand why there is the firewall. From Men in Black, Kay:" A person is smart. People are dumb, panicky dangerous animals and you know it." Social order is very important. The amount of people in China is unbelievable until you live there. There is a different between rural and city education. A VPN is like a test, If a person is smart enough to setup a a VPN they are smart enough to handle information for the "outside", The 2015 riots in Baltimore caused hundreds of millions of dollars in damage. The population density in China is many times that of Baltimore. so any large scale social unrest would cause billions of dollar the amount of problems.

    Even with Chinese characteristic, I believe knowledge and information is required for making wise decisions and to progress humankind. That is why I rented a Linux Virtual Private Sever(VPS) in Hong Kong and used that as my VPN.

    1. Re: VPN must for technical research in China by Anonymous Coward · · Score: 0

      Baltimore was junglebunnies though. China has humans. Big difference.

  31. My experience by Anonymous Coward · · Score: 0

    When I was there, none of the free VPN programs were very reliable. However, I was a student at GA Tech and had access to their VPN, which always worked just fine. So maybe if you could get a good dedicated VPN server somewhere, you would be able to get around it.

  32. Obligatory Orwell quote by Rick+Zeman · · Score: 1

    "...or are members of the government treated differently than normal citizens?"

    All animals are equal but some animals are more equal than others

  33. Two Questions by Anonymous Coward · · Score: 0

    > This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

    Those are two questions.

    Yes, and yes.

  34. What? What? by Anonymous Coward · · Score: 0

    In what country are members of the government treated the same as regular citizens? If I did what Hillary did, I'd be in a cell. If I did what Bush/Cheney did I'd probably be in Guantanamo awaiting death. Seriously. How is China any different?

  35. Internet sovereignty? by Anonymous Coward · · Score: 0

    The benefits of division of powers is clearly not appreciated in China. Hint to the Chinese authorities: it makes fighting corruption little easier when vanity of a powerful individuals cannot prevent the execution of justice.

  36. Not fun making the Internet work there by ukoda · · Score: 1

    A couple of years ago I spent a couple of years working in China leading a technical team and dealing with the Great Firewall of China. It drove me nuts. Yes you can VPN around it, kind of, for while. I set up private VPNs to servers I ran outside China and I paid for commercial VPN services. They work, but not reliably for any length of time. Every week or two they would stop working and I would have to change my set up. It was just a ongoing PIA. I was so happy to be back home where the Internet just worked.

    It grinds you down. A lot of technical people just put up with it and relied on Baidu. Chinese developers are at a significant disadvantage to developers outside China, it feels as if the government just doesn't care how unproductive it makes their developers. I guess they still have too much focus on manufacturing and don't see the value of innovation and development.

    Given the size and density of the population in China you can see why the Government wants to control the Internet but the reality of it is depressing when you live with it every day.

  37. Easy to circumvent by hengist · · Score: 1

    I spent four weeks teaching at two Chinese universities in 2014. All of the students were using VPN to circumvent the Great Firewall, and they all were using Facebook and Twitter. They were doing this openly in class. Circumvention is easy, well-known and seems to be fairly well-tolerated. I think it is tolerated with the students because they are using services like Facebook and Twitter for social activities. I expect there are Chinese government monitors watching what they say,and if they said the wrong thing (like how the president is hiding his money overseas) then there would be a crackdown.

  38. Arbitrary authorities are arbitrary by Anonymous Coward · · Score: 0

    Computers are organized.
    These two states interfere with each other both implicitly and explicitly, particularly when someone who is arbitrary implicitly claims to be organized.

  39. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  40. morons by Anonymous Coward · · Score: 0

    They probably just hack all the vpn's, or hack some other machines that let them watch the traffic going in and out and figure out who's doing what. Didn't you guys read that compared to tor, there were "no contenders for the throne in waiting" ?