Forgot your password?
typodupeerror
Censorship China Communications Encryption Networking Privacy Your Rights Online

Swedish Researchers Expose China's Tor-Blocking Tricks 73

Posted by timothy
from the one-book-swedish-made-data-pump dept.
An anonymous reader writes "A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts 'to speak Tor' to the hosts. If they reply, they're deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated."
This discussion has been archived. No new comments can be posted.

Swedish Researchers Expose China's Tor-Blocking Tricks

Comments Filter:
  • by Max_W (812974) on Tuesday April 03, 2012 @11:43AM (#39560901)
    What if a tourist saves forbidden website or reading material, packs it onto ZIP, RAR, or 7Z archive, then renames archive as JPG. At home he/she has to just rename .JPG back to .ZIP.

    It is hardly possible to check every JPG file of every tourists. Tourists bring thousands of JPG files back home on flash drives and SDHC cards.
  • Public v. Private (Score:5, Interesting)

    by girlintraining (1395911) on Tuesday April 03, 2012 @11:49AM (#39560983)

    The fundamental problem here is that Tor is accessible to the public. No, you read that right. As long as anyone can download a Tor client and connect, that person will have the IP address of at least one other Tor user. There is very little that can be done to prevent this without limiting access to the Tor network by some kind of handshake/authentication model. At the very least, the network is vulnerable to a denial of service attack; Since it can't tell a legitimate user from an illegitimate one: By design, the traffic is encrypted and the source obfusciated.

    Tor can't ever fully succeed in its objective -- it can only maintain network integrity so long as the ratios between different types of users, client accesses, etc., remain in the green. Should the balance ever tilt, the network will become unusable.

    A real solution is end to end encryption network-wide, which is what IPv6 was supposed to do, but as I'm sure you've all realized; the capitalist owners of the routers, switches, ISPs, etc., have decided artificial scarcity of IP address space could be profitable to them, so IPv6 is sort of dead on arrival. But even if it weren't, the notion that the ISP can't control what connections are made based on content is not something any of them want to give up; again, in the name of profits.

    So basically, we need a whole new internet, built by the people, from the ground up. And it will probably have to be wireless. The problems of wireless high speed internet between buildings is hard enough; Try between cities. :\ But that's the only way I see of re-establishing a free and democratic digital communications medium.

  • by X0563511 (793323) on Tuesday April 03, 2012 @11:59AM (#39561121) Homepage Journal

    It's called steganography [wikipedia.org], and don't get caught. You shall be in a world of shit if you do, because you'll likely be treated as a foreign intelligence operative.

  • by Anonymous Coward on Tuesday April 03, 2012 @12:00PM (#39561123)

    I think their government is too pragmatic to be concerned with small things like this.

    The primary concern seems to be the stability of the country, which, if you imagine the USA with 4x the population density, makes sense.

    If someone goes abroad and gets a banned website and brings it back, who cares?

    But if they start organizing a political revolt or something like it, I would imagine that the record of their text messages would give them away.

    In the same sense, the great firewall seems to be concerned with making it very difficult for most people to access filtered material. I read that it merely sends a bunch of connection interrupt requests to both sides of an http connection when it sees content that doesn't meet the filter.

    And they still allow VPNs as far as I am aware, although the bandwidth of such might be throttled. But I am guessing that an ordinary citizen might have a difficult time buying VPN service from a foreign provider. And again, if as a result of seeing the "free" internet, they develop political notions that threaten the stability of the country and are doing something about those notions (organizing, etc), their text message record or their overt public actions will give them away. That's when it matters...

  • by hrimfaxi (2609767) on Tuesday April 03, 2012 @12:27PM (#39561429)
    I live in China. The obfsproxy tor bridge works for me. The GFW staff now have to find the address of tor obfsproxy bridge manually to block it. As long as so far as they didn't find out the unpublished bridge address yet Tor works fine for me.

    In China people are seeking different ways to breach GFW. We mainly use SSH tunnel, OpenVPN, or some sorts of HTTPS proxy (with some obfuscation needed by both sides or it doesn't work for GFW has capacity to probe SSL/TLS proxy).

    I am glad tor now is functioning again in China. Just began to spread the obfsorxy tor browser to the others who need it.

If I have not seen so far it is because I stood in giant's footsteps.

Working...