China Tells Carriers To Block Access to Personal VPNs By February

China's government has told telecommunications carriers to block individuals' access to virtual private networks by Feb. 1, people familiar with the matter said, thereby shutting a major window to the global internet. From a report: Beijing has ordered state-run telecommunications firms, which include China Mobile, China Unicom and China Telecom, to bar people from using VPNs, services that skirt censorship restrictions by routing web traffic abroad, the people said, asking not to be identified talking about private government directives. The clampdown will shutter one of the main ways in which people both local and foreign still manage to access the global, unfiltered web on a daily basis. China has one of the world's most restrictive internet regimes, tightly policed by a coterie of government regulators intent on suppressing dissent to preserve social stability. In keeping with President Xi Jinping's "cyber sovereignty" campaign, the government now appears to be cracking down on loopholes around the Great Firewall, a system that blocks information sources from Twitter and Facebook to news websites such as the New York Times and others.

Business VPNs

[Midnight+Thunder]

How will business users be impacted, since they will typically need to use a VPN if working remotely?

At the same time I wonder how long it will be before the mouse works out how camouflage the VPN access? It really is a cat and mouse arms race.

Re:Business VPNs

[CastrTroy]

Also, if they block VPNs, then the people will just start tunnelling over SSH. Can they block all VPN an SSH connections? That would basically disable a huge portion of the internet.

Re:Business VPNs

[Rick+Schumann]

They very obviously want to tap in to all business communications as well, so much the easier to steal industrial secrets.

Re:Business VPNs

[squiggleslash]

I think we have the same term being used for two completely different things. It's technically possible ISPs will go overboard and ban both "VPNs - commercial services offering proxies" and "VPNs - connections to business's private networks", but it'd be a little like Congress deciding to take action on "Hackers" by passing a law banning IP spoofing, exploiting stack overflows, and the sale of axes and machetes.

Re:Business VPNs

[s.petry]

China does not allow access to that huge portion of the internet. That is the whole point of their great firewall. Not protecting citizens from bad memes and crude jokes, but protecting themselves from dissenting views being visible to their people.

This is how authoritarian regimes work, and nobody should be surprised. It's a great reminder for the rest of us, for when our whackadoodle politicians start claiming they want control.

Re:Business VPNs

[Bob+the+Super+Hamste]

Not protecting citizens from bad memes and crude jokes, but protecting themselves from dissenting views being visible to their people.

Which is why I now like to ask the people working in calls centers in China when they call trying to scam me:
If they are aware of the book sellers in Hong Kong that have turned up in mainland Chines jails
If they know that Tibet was a sovereign nation until it was invaded and now its native population is being replaced.
If they are aware of the Uyghur issues
Asking if they know about the June 4th incident or the student protest of 1989 in Tienanmen Square.
Personally I am hoping to get the Chines government to shut down these scam call centers by bringing up issues it doesn't want discussed as there is a whole list of things one can bring up. Anything else is a side benefit.

On the road to revolution

President Xi should study his people's history. Every dynasty eventually loses the 'mandate of heaven'.

Biggest Surprise

[Oswald+McWeany]

The biggest surprise here is that this loophole hadn't been closed down years ago.

Re:Biggest Surprise

[wvmarle]

China has been going after and is already blocking lots of VPN services. But of course all the time new such servers will pop up, new domain name, new IP address, and the mainlanders have their connection back.

How will they ever be able to block all VPN connections? They could of course start by blocking some common ip ports, but there's nothing stopping people from using a different port, e.g. port 80, and we're back to situation we have now, where they have to go hunt down server after server.

Re:Biggest Surprise

[loonycyborg]

They can do deep packet inspection and detect protocols, but it can be stopped by tunneling via some other protocol that can't be disabled, such as ssh or https. They can go for vpn services, but it's relatively easy to make new one after previous were shut down.

Re:Biggest Surprise

[Strider-]

You don't need to know the content, you just do traffic analysis. A "Normal" https connection has a certain traffic distribution/fingerprint. An SSL connection is setup between the client and server, the http request is made, the content/object delivered, and the connection torn down.

SSL VPNs, even if operating over proper https and port 443, behave very differently. The connection is held open for long periods of time, and there is much more back and forth between the client and the server, as all further browsing connections are multiplexed through the tunnel. You don't need to decode the traffic or protocol to figure this out.

Anyhow, the point is that if you have DPI capabilities, it's pretty trivial to detect most standard SSL VPNs. Is it possible to develop a VPN protocol that would defeat this? Sure, and that's part of the game.

Re: Biggest Surprise

[peragrin]

Communism isn't harmful. Singlular control of all resources is harmful. Restriction of ideas and speech is harmful.

Also nationalizing companies is also harmful. The same way monopolies are harmful. But limiting choices you let scum rise to the top and pollute the structure.

So governments can tax corporate profits but shouldn't get direct benefits other than taxation. That way other companies can come and go and losing one company won't break the country. See Venezuela and all other dictatorships were nationalized companies collapsed and took the country down too.

Re: Biggest Surprise

[silentcoder]

Wow, you sure are opinionated for a topic you know fuckall about.
Marx believed communism wouldn't be viable unless it was part of a democracy. It was later communists who came up with the "state" owning things "on behalf of" the workers - and while they were the ones who took over the Soviet Union and then spread their version world-wide they weren't even the majority until some 20 years AFTER the Russian revolution. The majority of communists were democrats or anarchists - whose version had no state at all, merely the ownership of the means of production vested in the actual workers in the form of coops.
Such anarcho-communists ran Andalusia in Spain for 20 years (and it was a successful, industrial city. George Orwell fought on their side in the Spanish civil war and described them as the closest thing to a perfect society he had ever witnessed - and a society where there was no hunger, poverty or suffering). Nor an overbearing state - in fact, no state whatsoever.

Communism, capitalism and socialism are all, really, collective nouns for dozens of different philosophies (each) which contradict each other on many key points. In each situation - only having one thing actually in common.
In capitalism the means of production are owned by investors ("capitalists"), and in communism it is owned by the workers. This is the only part that applies to all versions of either. Socialism was originally a synonym for what came to be called communism, then Marx defined it as the end-state communism is supposed to one day achieve, currently it's best thought of as "capitalism but with a rock-solid social safety net", another word for "welfare state" as that's how it's mostly used these days.

So yes, communism is actually quite rife in the US - and government has nothing to do with it. America's largest carpet factory, and largest robotics factory, and LA's largest bakery are all worker-owned coops. A worker-owned coop is the very definition of communism - and everyone of those workers will tell you they are MORE free than they would be in any other company since, in this company, they get an equal share of the profits (it doesn't go to outside investors - it all goes to the people who actually did the productive work that produced the profits), and they all get a vote in management decisions. Does the company need a new slogan ? Should we open a new location in Albuquerque or would it be better to reinvest that capital locally in more staff and higher wages for us all ?
Instead of hoping and praying that a bunch of wall street stockholders who have no actual understanding of what they do will direct the CEO to make the best decision (and thus secure their livelihoods) - they can vote on that decision themselves, relying on their actual experience in the business and the wisdom of crowds to guide them. Because it's their business -they own it. And while, of course, every decision has risks - they never have to feel that they are being punished because of somebody else's idiocy in making a terrible business decision. They made that decision, they were part of it - and the decisions that determine whether they can feed their families tomorrow, are decisions they are themselves responsible for.
That's more freedom than most anybody else in the world gets. And it's communist to the very heart and soul of it, in fact, I would say it's much MORE communist than what the Soviet Union did - since those workers never truly owned the means of production - the state did, and without democracy, that state couldn't EVEN legitimately claim to be representing the workers.

By the way - more than 80% of companies in Argentina are worker-owned coops now, representing well over 90% of all employment (the remainder being almost exclusively civil service jobs). This came about after a complete economic collapse led to absolute capital flight and every shop, factory and office in the country was shut as the owners fled with their hoards. The workers just showed up and took over the abandoned businesses and ran those bus

this shows the problem with workarounds

Whenever something unpleasant happens to human rights online, a lot of people shout, "Just use a VPN, and all your problems are solved!"

In a small way, they're not wrong. But this misses the big picture: VPNs are few and easy for centralized authorities to block. The ultimate answer cannot be narrow and fragile circumvention measures. It has to be a robust, decentralized, and authoritarian-resistant internet architecture. It needs to be all-or-nothing: either authoritarians block the entire internet, or none of it, because all content is safe from snoops and they cannot tell the things that please them, from the things that displease them.

VPNs are at best a fragile workaround for a systemic problem. And what's happening in China can easily come to the USA and Europe, because terrorists and because the children. The technical community has to take back the internet, before it's too late, or we will have lost the most important revolution in human communication to happen since the printing press to authoritarians.

Re:this shows the problem with workarounds

[HornWumpus]

You don't know how VPNs work? Unless China bans all encrypted connections to the outside world, this will do exactly fuckall.

I'm pretty confident that China has long since set it up so 'everybody's a criminal', same as the 'western world', so that's not in play.

Re:this shows the problem with workarounds

[HornWumpus]

How many Chinese people in the west with broadband connections? They will provide routing for relatives if they have to. You'll see them tunneling through gaming servers (which will piss the gamers off).

There are already a _buttload_ of VPN services. IP banning will be a never ending, rarely working game of 'whack-a-mole'. With lots of potential for fucking with China by baiting them into banning important hosts.

Impossible due to widespread use of ASICs in netwo

Network engineer here. My theory is that any blocking attempt where the users seek to avoid being blocked is doomed to fail unless literally no traffic of any kind (even DNS etc.) is allowed through. This is because all serious network kit uses ASICs to achieve acceptable performance at the cost of flexibility, but all the endpoints are CPUs that are inherently flexible. If the users have an orchestration system that allows the developers to change the protocols as and when, and they play to the weaknesses of ASICS, the network vendors will never be able to keep up. Anytime you let any traffic through whatsoever between two parties you don't fully control, it's game over for your perimeter. Hurray!

Re:Just imagine

[HornWumpus]

Wait till their real estate bubble pops. It's going to be ugly as fuck.

china simply cant trust its own citizens online...

[Idisagree]

...what are they afraid of them learning on the open internet?

Jail if they catch you

[sjbe]

Also, if they block VPNs, then the people will just start tunnelling over SSH. Can they block all VPN an SSH connections? That would basically disable a huge portion of the internet.

They don't have to. They just put you in jail or worse you if they catch you using a VPN.

Re:Jail if they catch you

[Austerity+Empowers]

Any Chinese person I know would scoff at that threat, only Americans are so dedicated to law and order. Breaking the law is a way of life in many places (and in some places in the US, ask any NYer).

Yes, it's still illegal and if they decide to come after you, you are totally in trouble, and this is a horrible oppressive regime we really ought to hate and stop doing business with. But the reason the regime stays in power, and the reason it has managed to become successful in spite of itself, is because it is impotent and corrupt in all the right places. If their government were to ever fix that, and effectively police itself, I imagine the people would revolt in mere days and they wouldn't need the "free" world to tell them anything.

Deterence

[sjbe]

Any Chinese person I know would scoff at that threat, only Americans are so dedicated to law and order.

Americans aren't the ones with the giant firewall. (Our government is more subtly evil in how it spys on us) You seem to have missed the point. The point isn't that the Chinese government will catch everyone, merely that they will deter VPNs through threats of jail and/or other punishment. I'm sure lots of people will ignore the laws but the stakes just got higher.

Breaking the law is a way of life in many places (and in some places in the US, ask any NYer).

Every citizen breaks the law dozens of times a day. Nevertheless the punishments for some "crimes" are much harsher depending on the locale. China punishes some stuff harshly that wouldn't even be a crime in the US, particularly political dissension.

Re:china simply cant trust its own citizens online

[Zontar_Thing_From_Ve]

...what are they afraid of them learning on the open internet?

All kinds of things. But they are actually more afraid, believe it or not, of the power of social media to encourage wild cat demonstrations against the government. The main job of the CCP (Chinese Communist Party) is not really to make China better. They do want to do that, but the main job is to protect the CCP itself at any cost. Did you know that the Chinese constitution (yes, they have one) actually has something in it pledging the military (so called People's Liberation Army) to protect the CCP? Not the country. The CCP. Anyway, things China doesn't want its citizens to know, include...

1) The truth about the government surpression of the 1989 Tiananmen Square protests. By the way, these are known in China as "the student protests of 1989" or "the student protests of June 1989". If you use the term "Tiananmen Square protests" to people raised in China, they may not know what you are referring to.
2) Anything at all about Falun Gong. Different sources disagree on exactly why the PRC (People's Republic of China) has a problem with it, but it may mostly be because it showed years ago a very strong ability to have large numbers of protesters show up and the CCP fears being overthrown in a spontaneous revolution.
3) Information about corruption by government officials and their family members as it threatens the stability of the CCP.
4) Any meaningful contact and knowledge of Taiwan beyond the superficial because greater knowledge of Taiwan's democratic processes are a threat to the CCP's very existence.

That's not a complete list but it'll do for here. You can see a general thread of paranoia in everything that the CCP might be overthrown quickly by a spontaneous protest that spins out of control faster than the PLA can stop it (and some members might join in anyway). It's not really aimed at secret keeping so much as making sure people can't organize to overthrow the government.

This sucks

[RiddleofSteel]

As the IT manager at a company that has a sister company in China this sucks. As it is they block DropBox, OneDrive, Google, etc. which makes transferring large files a pain in the ass. They are also trying to force everyone to use WeChat which I don't trust at all, so I'm expecting Skype to have even more issues then it does now when using it in China. They really make life hell for IT who have to deal with them and this will be the icing on the cake. I don't understand how they intend to do business globally if they keep making it so difficult to deal with all the restrictions.