Slashdot Mirror
China Cracks Down On International VPN Usage (thestack.com)
An anonymous reader writes: China's government has announced a 14-month crackdown on the use of unauthorised Virtual Private Networks (VPNs), commonly used by visitors and native activists, amongst others, to communicate with the world beyond the Great Firewall of China. Sunday's announcement [Chinese] from the Ministry of Industry and Information Technology reiterated regulations first outlined in 2002, but which have since been subject to sparse, selective or lenient enforcement. The new announcement promises a 'clean up' regarding the VPN situation in China, beginning immediately and running until March of 2018.
Guess we'll have to switch to SSH and HTTPS tunnels instead of brazenly using IPSec and OpenVPN. Got the message loud and clear. :D
OpenVPN port tcp/443. How are you going to stop that? I have one of those for... reasons, I keep bandwidth usage low to avoid volume based detectors.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
The Chinese government promises to clean up.
how stupid this is and how much it could hurt business in their country.
When I used to go to China, I often found that access to sites I need to use to do my work were blocked in whole or in part. Without setting up a vpn, I can't do my work. And even then, it was always a cat and mouse game as the connections were randomly terminated.
So now I just avoid going there at all if I can help it.
A couple of years ago visiting China my TMobile phone's plan included unlimited data at 2G speeds. I got sites that were normally banned to Chinese users as if I were in the US, so I suspect it routed straight to TMobile somehow but never got the details. I wonder if this crackdown will stop that access?
I agree. It's almost as bad as going to the US.
Guess we'll have to switch to SSH and HTTPS tunnels
Yes, but you can't win that game.
If that would ever become popular, it too can be blocked. Also that is beyond the ability of the average person to do. If they "solve" the problem for 99.9% of the population, that's what matters.
The end game is bigger and bigger swaths of the open internet being blocked, until what's left is a white list of approved web destinations, with maybe some special exceptions being made for companies, exceptions not available to the average person.
The internet once held the promise of freedom for all. Now it holds the chains of oppression for all. With each passing year we have seen more and more control, monitoring, and lockdown, not just in China, but all over the world. Some of that was imposed externally, like from the Chinese government, and some we freely signed up for by re-centralizing the decentralized network handed to us by its creators. It is simply too succulent a target for those who would be your masters to ignore.
Governments want it for power over the population. Corporations want it so you are locked into their portals. People want it because in mass they are stupid and cheerfully walk into their own cages.
We are not winning the war on internet freedom. We are losing it, badly. It is more heavily censored, controlled, and monitored than at any time in its history, and that shows no signs of slowing down.
Captcha: prevails.
But it is not necessary. I just quit traveling the world. I'm happy I'm living in a decent region in southern south America, insulated from the troubles of the northern hemisphere. I used to hate the distance, but now I see I'm lucky. Good climate, good food, good women and a first-world like experience.
You can have North America and Eurasia all you want. Hope your civilizations stand the fury of the times.
The great firewall does attempt to connect to suspicious/encrypted hosts, having too many people sshing into one box sounds trivial to detect
So what's your work about? Porno, espionage or spreading US deMOCKracy?
I my experience, it is everyone under 30 using a VPN, at least in the cities.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Gee, imagine living in a country whose government wanted to listen in on all your digital communications. :P
How scary would that be??
Dear fellow netizen. This is one of the greatest posts I have seen in these pages in a long time. It sums up the essence of everything that is at stake. Kudos.
The problem when using encryption communication in a foreign hostile country, is that this is probably illegal to do so. And you don't want to visit that country prison.
I know some people that were questionned on a cuban resort some years ago because they used SSH on a cuban internet connection.
Just don't do this. If you don't want to comply to foreign laws, just do go in those countries...
I feel so sorry for the Chinese people. They're so repressed and clearly is run by an oligarchy. Their environment is ruined. And most of all the world doesn't care. I know I cannot afford American made all the time, so I'm posting AC as part of the problem.
The end game is bigger and bigger swaths of the open internet being blocked, until what's left is a white list of approved web destinations, with maybe some special exceptions being made for companies, exceptions not available to the average person.
Why not just start off with a white list?
You make it look like there is a war going on. There is not. There are no armies and no weapons, only consumer choices. If you wanted to make a metaphor, there is no war either: it has long been over and those who deluded themselves into thinking the old, untamed Internet could continue forever have lost. It's over.
In china using them is not illegal
Yep, get used to it. Because there isn't anything you can do about it. Sure the 0.0001% may be free to use what they want, (That 0.0001% being the people who can mess with ASM, and do hardware glitching to meet their own ends.) but the vast 99.9998% of people just made a new master for them to bow down to. Even better is what happens when we get hard AI that will ensure continuous monitoring and oppression.
So why the grim future? Well because as history shows, people don't give a fuck about something until it bites them hard enough in the ass, and by then it takes a monumental effort to even try to correct the problem. Sadly, that "we don't give a fuck" attitude may very well usher in a new dark ages this time.
You won't get people to care before then. They want it to be cheap, easy to use and forget about, and not to need to use that 10lbs of dead weight that they keep in their skulls while messing with it. That combination (Ignorance, Arrogance, and Apthy) will always result in being taken advantage of, being coerced, and being used. People just don't look out for their own safety when using the damn things. So they are blind and death to attempts to protect them as well as attempts to do them harm.
We have no-one to blame but ourselves. We allowed them to use the things without a care in the world. We allowed them to goof off and not learn how to do basic maintenance, or even basic concepts. We gave them the fish instead of teaching them how to fish. Now we have no choice. Now we must bear the consequences of our actions and our inaction.
A few of the better VPN providers might not have as many issues.
Due to skill and cash flow they can try to avoid deep packet inspection.
The deep packet inspection is looking for any use of an encrypted VPN protocol.
Deep packet inspection is the result of a few vendors that sell into China. Deep packet inspection can be understood.
Any quality VPN provider could look at what deep packet inspection is sold to China and then protect its VPN users.
Domestic spying is now "Benign Information Gathering"
yawn. Do you actually know people in China? 90â of people I know in China use whatever site or service they want, whenever they want. The government blocks it, but it's easy enough to circumvent. Even the non-techie people have enough motivation to figure it out.
China firewall only stops grandmas and such, and I severely doubt that will change.
Censorship is a losing game. They can't block everything, and it takes only one chink in the armor to get out.
Agreed.
Democracy means activism: demonstrations, protests, shutdown of expressways, boycotts, and other acts that disturb the shit slowing down.
Push-back against power that be and against injustices. Accept it someplace, and soon it will be everyplace. Major media is crap, turn it off. Music industry, do not pay a penny to them. Movie industry, ignore their product. News-papers; cancel subscriptions. Anything advertised is suspect and probably unneeded, don't buy it, use recommendations for products.
Stock ownership should mean a vote, public ownership of mutual funds etc, should mean seats on the board, by ownership groups.
Businesses that complains about rules and regulations? Where else are you going to sell your stuff? India?
Electronic voting should be banned, dual-voting places should be used, results should match.
Power is never taken away without some noise, expect some.
Pretty sure the guy who wrote XMPP is closer to MY age (30s) than your crusty old 57. You guys invented MU*s and IRC, the generation before you invented the ARPAnet and helped morph it into the he internet, and the gen between yours and mine helped morph it into the web.
There is plenty of blame to go around, but honestly the technoramuses exist in each generation. They are the guys who had a console instead of a computer. Who bought something at the store rather than getting it as a kit to solder together. Who had their first kiss in k-6 instead of after high school. The sheeple will always be sheep. All you can do is drain the intellect from their society and let it naturally collapse, while you start on the next one and try and fend off the inevitable hordes of idiotic barbarians, just as has been done for thousands upon thousands of years.
This is great. Many more people in China are now aware of the problem, due to the public announcement. So many more people are questioning "why?" and signing up for overseas VPN services. In any case, we have adapted technology already to avoid their DPI and more countermeasures are ready for the next escalation. The more you tighten your grip, the more star systems will slip through ..
Here's a video by some white guys who have lived in china for about a decade, riding their motorcycle around in China and talking about internet censorship in China... from April 2016, so pretty recent. ADVChina
Are you sure? I am Chinese and lived in Shenzhen for the last few months. I can tell that you are wrong on so many counts.
1. VPN has become inaccessible 90% of the time. No hope there.
2. Most Chinese do not know what's outside. They only read Chinese.
3. There is now a sufficient amount of nationalism among the Chinese, since Huawei phones are kicking asses everywhere, and China has many things that the others don't, such as ubiquitous micro-payments with WeChat and Alipay.
4. The remaining freedom-loving Chinese are hoping that America would invade and free them from this mess (one of the reasons that they supported Trump). But they won't tell you.
You think this is funny? You compare US to China?
I hope US becomes like China. Then, you won't think it's funny anymore.
This us why thousands of us have moved to New Hampshire with the Free State Project
Bleak, but there is one good thing. Corporations want to lock people into their portals. They may get the masses, but not those that don't want to. I never started with facebook because it didn't appeal to me - not even with no ads and no tracking. I had no urge to see what people had for dinner today - or post trivia like that. Today, plenty of reasons to not use facebook - and it is easy because I never started. Similiar for other 'portals'.
The masses are doomed, but not necessarily the experts.
As for China, they will merely have to hide their VPNs with steganography. You can already run VPN over DNS to get around firewalls. Not merely running a vpn protocol on port 53, but masquerading as real DNS lookups in order to fool packet inspection.
Vpn over http is even easier to hide. To cencors, it'll look like you're posting & viewing lots of blurry cat images on some foreign picture forum, but with vpn encrypted traffic encoded into the lower bits.
That hackneyed scheme will go on until the Federal Government decides to step in, at which point everyone participating will go home to sulk or there will be another Waco. You cannot win. Stop deluding yourselves.
I spent considerable time in China last time in December, and performance of VPN (particularly, ExpressVPN through Hong Kong) was surprisingly good; most of the time it was better experience than hotel VPNs across Western Europe. Mostly it felt that problems stemmed from something like using negative side effects of CGN as a feature to torture VPNs, but that could be worked around. In general, it may be pretty hard to tell if a network issue for traffic abroad is caused intentionally by the Great Firewall, or if it's just otherwise flaky.
Nonetheless, it's a game against a party which has to be called hostile towards your interests, and with no intent to give up. There are numerous weaknesses on Chinese Internet censorship, but in the end, they will win if they really want it. At this point they're mostly indifferent towards marginal group of foreigners bypassing the censorship, but if it would be a widespread (that is, hundreds of millions of Chinese) political issue (causing trouble to the Party), they would find a way to get things their way...
Guess we'll have to switch to SSH and HTTPS tunnels instead of brazenly using IPSec and OpenVPN. Got the message loud and clear. :D
ISPs appear to throttle TCP connections to outside the GFW to 50kB/s. Since SSH runs over a single TCP connection, you will be accessing the internet at 0.4MBit. SSH connections are also long lived and easy to identify.
Shadowsocks to a server in Hong Kong with good peering (say Microsoft Azure East Asia datacenter) works well. Cheap VPS providers in HK have lousy connections to China with significant package loss.