Forgot your password?
China Censorship Privacy Security Your Rights Online

Inside the Great Firewall of China's Tor Blocking 160

Posted by Unknown Lamer
from the onions-against-the-revolution dept.
Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."
This discussion has been archived. No new comments can be posted.

Inside the Great Firewall of China's Tor Blocking

Comments Filter:
  • by axx (1000412) on Monday January 09, 2012 @07:06PM (#38644720) Homepage

    Do you really believe that a census on over one billion people, who have (who had?) an incentive to lie about their progeny, is credible?

    Hell, I might be wildly off the mark but for all we know there could be two billion people in China, I wouldn't be that surprised.

    Hopefully someone more aware of the reality of the situation will chime in.

  • SSH (Score:2, Interesting)

    by axx (1000412) on Monday January 09, 2012 @07:10PM (#38644770) Homepage

    Does this mean people should start tunnelling their Tor connexions through SSH, at this point?

    Bugged planet indeed, I wonder if any of our lovely "free world" companies like Amesys or Siemens are selling the DPI gear, or if China is using a fully homebaked solution.

    And if so, does it run (Red Flag) Linux, obviously.

  • for helping us build more robust Tor protocols

    Oh, you thought you were going to actually kill the average Chinese citizen's desire for free access to information? You didn't understand that a stronger Tor protocol or something even better than Tor is the actual result of your escalation of the arms race?

    You're pretty ignorant about basic human nature, aren't you, you authoritarian assholes.

    Oh, and btw you grumpy old shitbags: []

    The reason you are lamenting the influence of Western culture on China, and not basking in pride at the influence of Chinese culture on the West, is because YOU CENSOR EVERYTHING IN YOUR CULTURE. So Chinese Culture is hobbled and decimated. Because you think you can control, nevermind why you think you should control, Chinese thought. Instead of a great big strong tree, you have a demented little broken bush. Because of YOUR efforts at preventing Chinese culture from growing, by censoring everything, you morons

    You ignorant controlling douchebags. Your average Chinese citizen understands this, why don't you you stupid old and decrepit paranoid control freaks?

  • Re:obfuscation? (Score:4, Interesting)

    by DCTech (2545590) on Monday January 09, 2012 @07:31PM (#38644988)
    And Chinese will just block it again. And unlike slower cat-and-mouse game in western countries, Chinese can react quickly without going thru all the hierarchies and courts. At the same time, Tor project needs to keep updating their clients and servers, and it probably doesn't take anything at all for Chinese to block new changes. They have the advantage here.
  • Question: what is the greatest ally in the growth of Western Cultural influence in China?

    Answer: The Chinese Central Government, for working so hard to make sure that Chinese Culture can't grow.

    They think that controlling culture, and growing it, are compatible concepts. Culture grows when it freely crosspollinates with other world cultures. Japanese culture has freely been assimilating culture from around the world and we still recognize a distinctly Japanese culture. The game of controlling culture and "protecting" culture from "illegitimate" influences is the game of the insecure little person who believes Chinese culture is inferior. The person proud of being Chinese is freely dabbling in world culture, infusing their own thoughts, and defining Chinese culture as strong and new. Culture needs to crosspollinate to survive and grow. Sit on it, control it, keep it in a box, and your culture dies.

    Look at what these ignorant insecure douchebags are doing: []

    I know: I can hear the typical snobby Western voice now: "I wish my government would censor the Kardashians and Jersey Shore."

    And for thinking that way, you have merely identified yourself as knowing nothing about how culture actually works, and have allied yourself with authoritarianism. congratulations, you're ignorant and you're an asshole. i'd much rather have people watching jersey shore than some government entity telling them what to see and watch. and there is nothing wrong with the pursuit of empty guilty pleasures, that's a PERFECTLY VALID SEGMENT OF CULTURE. think of it as creative ferment from which greater cultural products spring forth. without the base of empty silly nonsense, the "higher" cultural products have nothing to grow out of.

  • by xiando (770382) on Monday January 09, 2012 @08:07PM (#38645444) Homepage Journal
    I tell you, free speech and freedom in general in America is doomed. The NDAA2012 combined with SOPA is just another brick in the wall on the path towards a completely tyrannical fascist government. Some Americans argue that the USA is there already. Today we are talking about Tor being blocked by the Great Firewall of China. How long will it take before we are talking about the Great Firewall of the USA blocking websites, software like Tor, I2P, Freenet and so on? Beware that western corporations like Intel, Cisco, Nokia and Siemens are the ones who are delivering the technology used by countries like China. The US and the west already has this technology. I do not see it as a question of if but when these technologies will be used in the US and other "free" western countries. The Tor project should be supported. Why people in other countries need it today may be why you need it tomorrow.
  • by cp.tar (871488) <> on Monday January 09, 2012 @08:17PM (#38645554) Journal

    Despite the error in your numbers, your post reminded me of Focus in Vernor Vinge’s A Deepness in the Sky.

  • by saleenS281 (859657) on Monday January 09, 2012 @09:36PM (#38646442) Homepage
    You're assuming they're building it themselves. Given the recent accusations and lawsuit against Cisco, it's entirely possible that a US or some other country based company is writing the code they're using. []
  • by peterindistantland (1487953) on Monday January 09, 2012 @11:18PM (#38647232)
    This definitely work. I have no problem using SSH even on the standard port in China. Since ssh is encrypted, deep packet inspection is useless, unless they ban SSH altogether, which they don't.
  • by QQBoss (2527196) on Tuesday January 10, 2012 @03:10AM (#38648388)

    How many people are actually in China, I am in no position to guess. But I am in a position to know that census undercounting does occur and why.

    As I mentioned, the "uncounteds" are both internal and external illegal aliens. Unlike most of the Western world, where the right of free travel is assumed, within China you are only legally allowed to live/work/"own" property in the place where you have a hukou (this is a gross oversimplification, but it is the beginning of a discussion). Many of the presumed 400M illegals are native Chinese who have chosen to live where they have no permission to live, doing so under the radar to avoid sanctions which in the past could have been quite onerous. They aren't at their home city to be counted (though children usually are, staying with grandparents, since without a local hukou they have no right to go to school where their parents are living) and they avoid being counted in the city where they are living because they could be forced to return to their officially registered home.

    About 6 or 7 years ago, the hukou laws were supposedly eliminated, but anyone who says they have been completely abolished is wrong. Decentralized, perhaps, but they still exist and are enforced whenever the right government official gets their panties in a wad. Unless and until the hukou laws are actually abolished, the charade will continue.

  • by Anonymous Coward on Tuesday January 10, 2012 @09:48AM (#38650704)

    I left my job at a major router company around 2004 specifically because Chungwah Telecom was asking for us to implement features to aid spying. Although, interestingly enough, you had to read between the lines to understand that it was for spying... A lot of the techniques that do it are essentially system testing-sounding features like "clone traffic matching this IP to a second address on a different port."

    At that time, deep packet inspection was not yet a reality, but any engineer could easily see that, as the data/traffic moves through numerous custom ASICs and FPGAs, and the headers get inspected, why not examine more of the data in the packet? The first stage I saw of it in the public at large was detection of layer 5 and up protocols, e.g. traffic-limiting bittorrent.

    Last time I was in Taiwan (which has a grumpy relationship w/ China), one of my younger student friends in a University there demonstrated, as his Master's project, an algorithm to detect images without (fully) decoding them. The secret there was to extract, from JPGs only, the DC blocks representing the average RGB values of each 8x8 block. If you know JPG you'll recognize that. The system then ran conventional "porn detection" algorithms, etc. on the extracted mini-images.

    So, yes, I can verify that 1. American companies are writing code to spy on the rest of the world and ourselves. 2. Chinese are asking for it, just like any other feature. 3. The requests for capabilities are often subtle, such that most engineers don't realize what the algorithms are doing and 4. capabilities to do this are steadily growing more powerful.

    So, now, what are you going to do about, boys?

"Never give in. Never give in. Never. Never. Never." -- Winston Churchill