Chinese Censor-Beating Software Resembles Malware, But Isn't 160
coondoggie writes "Software designed to beat Chinese censorship may behave in ways that seem suspect, but it is
all part of the application's strategy to fool the Great Firewall of China, according to one programmer of the software. 'There are many built-in tricks that do all kinds of things to confuse the firewall,' says David Tian, a scientist for NASA who works spare-time on UltraSurf, the free software designed to promote unrestricted Internet access for citizens of China persecuted for being members of Falun Gang, the religious group the Chinese government is trying to suppress."
Re:Confuse it? How? (Score:5, Interesting)
It sends out search based noise and obfuscation by making randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN..
*face palm* Googling "how do I blow up government buildings" is going to attract the attention of shub internet no matter how many bogus queries you put before or after it. Most filtering schemes are based on content -- they don't care to do statistical analysis. You're just not that important. All they need to hang you is proof you visited a certain website or looked for certain terms. For example, if I typ[$)%(T^NO CARRIER
Re:Falun Gong (Score:3, Interesting)
Tsk, tsk. This is an important cultural and religious phenomenon that you really should be aware of. Know then that John 6:49 goes something like this. Jesus is getting off the "dividing the loaves and fishes" episode and was evacuating across the lake; the crowd followed him anyway and now they're asking him for a miraculous sign so they can believe in him. They suggest the old manna-in-the-desert trick as an example. Many of them may be operating off of the popular "revolutionary messiah" premise, believing that there will soon be a military overthrow of the existing oppressive world order. They don't quite get what they expected:
Some interpretations dismiss this as a purely symbolic exercise, but the language isn't really the language of symbolism, and furthermore the actual working metaphors for "to eat (someone's) flesh" and "to drink (someone's) blood" mean "to persecute (someone)" and "to oppress (them)". The traditional interpretation for a long time - today, the Catholic and Orthodox stories - integrate this with the subsequent "Last Supper" rite in which blessed bread / wine are said to become his (Jesus's) actual body and blood (though the actual appearance and taste, of course, is unchanged, perhaps recognizing that, in fact, cannibalism is something that people find icky in oractice.)
The whole flesh-as-bread premise probably works a lot better with people who have a diet of mostly-bread, and actually experience handling bread dough, for whatever that's worth.
Re:Falun Gang (Score:5, Interesting)
Re:Falun Gong (Score:3, Interesting)
That's one way in which Protestants have seemed to make more sense to me. It's just an up or down "Accept Jesus y/n" type choice. No chanting, no strange priesthood.
God, sometimes it just boggles my mind that we still have religion. I'll be playing a fantasy game, or reading a novel, with priests and churches and angels and demons, and it hits me that 90% of America fervently believes stuff that seems cheesy in a video game.
Wolves in sheep's clothing (Score:3, Interesting)
Steve Topletz and Jonathan Logan gave a fascinating talk at the BlackHat Briefings this past July, where among other things they discussed how one Chinese tactic in dealing with privacy groups is to set up their own organizations...a darker kind of astroturfing, if you will...that compete against legitimate privacy-focused groups. They also detailed their analysis of UltraSurf, which revealed some fairly horrifying things. For one, it's not just the code itself that historically has been trojan-esque in nature, but the behavior as well. Once they fired it up, it started probing a multitude of networks, all belonging to either Western governments, the financial sector, or the military. Also, it demonstrated that it was listening in within SSL sessions, as demonstrated by its behavior when browsing within SSL would return an error page (even a custom one, that wouldn't be of the normal size expected for a 404 response, for example). So, I'm not too likely to believe a guy just because he works for NASA; NASA is not an organization that was founded to provide bona fides for security researchers, so it really doesn't add any mantle of credibility for this topic.