Forgot your password?
typodupeerror
Censorship China Government Networking The Internet Your Rights Online

How Some Chinese Users Bypass The Great Firewall 58

Posted by timothy
from the differentially-censored dept.
CowboyRobot writes "The ACM has an article describing the history and present of the Great Firewall of China (GFW). 'Essentially, GFW is a government-controlled attacking system, launching attacks that interfere with legitimate communications and affecting many more victims than malicious actors. Using special techniques, it successfully blocks the majority of Chinese Internet users from accessing most of the Web sites or information that the government doesn't like. GFW is not perfect, however. Some Chinese technical professionals can bypass it with a variety of methods and/or tools. An arms race between censorship and circumvention has been going on for years, and GFW has caused collateral damage along the way.'"
This discussion has been archived. No new comments can be posted.

How Some Chinese Users Bypass The Great Firewall

Comments Filter:
  • So it's just like... (Score:5, Interesting)

    by urusan (1755332) on Saturday December 01, 2012 @06:11AM (#42153551)

    So it's just like the DRM arms race between content companies and technically capable pirates that has caused collateral damage (to legitimate users) along the way?

    Weird.

    • by poity (465672)

      Perhaps in function, but not in essence. DRM has alternatives, there is no alternative to truth. The consequences of you not being able to watch Batman on your laptop is personal in scale, the consequences of not being informed is societal in scale. And even though this may be unpopular on /., I take the stance that content creators have at least some rights over the distribution of their creations, whereas governments have absolutely no rights over the distribution of truth.

  • vpn (Score:5, Informative)

    by Fackamato (913248) on Saturday December 01, 2012 @06:16AM (#42153563)

    I was in China for 2 trips. used a US vpn both times, had no issues.

    • Re:vpn (Score:5, Interesting)

      by Anonymous Coward on Saturday December 01, 2012 @06:37AM (#42153633)

      It's probably easier if you are not a Chinese citizen and don't have to live with possible consequences.

      • by unix_core (943019)
        Most of my local chinese language teachers do it to access facebook, my local classmates in the lab do it (to access japanese porn?). Nobody is afraid. I don't think the goverment really cares unless a significant portion of the population does it to discuss political issues. Actually a lot of educated people in china are quite aware of all the issues being reported in western media, it seems the government is mainly concerned about the masses. Hence for instance the chinese language BBC news website is blo
    • Re:vpn (Score:4, Interesting)

      by Anonymous Coward on Saturday December 01, 2012 @07:51AM (#42153887)

      A few months ago, I tried to help a Chinese national in a hotel in Spain connect to the hotel network. I think his laptop had some really odd network monitoring stack replacement software on it. I think he worked for a Chinese public university.

      I work as a systems integrator and administrator for small businesses in the USA. After 20 minutes, I had to continue my vacation. I don't believe he ever got connected by wifi or directly wired ethernet.

  • by mellyra (2676159) on Saturday December 01, 2012 @06:31AM (#42153611)

    Some Chinese technical professionals can bypass it with a variety of methods and/or tools.

    I've met quite a few Chinese in online games and what they tell is that circumventing the firewall is as easy as using a proxy or VPN, is basically risk-free (to the end-user) and is really nothing special amongst their peer-group (age 15-30, educated, typically upper middle class). Every now and then their preferred proxy or VPN provider gets blocked and they have to look for a new one but that's a minor hassle and not a deal-breaker.

    So the emphasis when reading the summary should definetely be on the variety of tools that are available to sidestep the firewall, not on the level of technical competence that is required to do so.

    • by nurb432 (527695)

      I wouldnt say risk free, as if they get caught bypassing it woudlnt go well for them.

      Somehow i dont think the officals will care or even ask what you were doing across the 'forbidden link', and just doing it is enough crime in itsself for them.

  • by Anonymous Coward on Saturday December 01, 2012 @06:39AM (#42153639)

    I've been living in china for a year by now. And I'm rather sorprised by how easy is to bypass the firewall. It doesn't take technical knowledge of any kind. You simply have to use one of the great number of programs that allow you to do it and that most chinese people tend to share using usb.

    The firewall is mostly an annoyance than anything else, since the programs that bypass it use proxys which slow your internet speed and make it so that you cannot use it for activities that require decent bandwith. Still if you are pacient enough, it's like it's not there.

    • by BeTeK (2035870)
      Yup, I was in china in a conference few years back and bypassing the firewall to get to the facebook was as simple as ssh -D 1234 username@my.server.com. And then setting browser proxy setting correctly.
  • by sc0rpi0n (63816) on Saturday December 01, 2012 @06:51AM (#42153681)

    I live in China and noticed that since a few weeks (starting before the congress) the quality of OpenVPN UDP connections deteriorated severely. Formerly traffic worked fine, but now a ping over OpenVPN has significantly higher packet loss and latency than a direct ping to the same host, while these used to be similar. The connection often drops for 5-10 minutes, after which it is reestablished. A tunnel over ssh now performs a lot better than an OpenVPN connection.

    Note that I am using my own servers and non-default ports, not established VPN providers that are easier to block. This behavior occurs on different networks from different ISPs. Additionally, L2TP connections now fail most of the time, while they worked a few months ago.

    • by Anonymous Coward

      Yep. I've been in China for 16 months, and the "Great Firewall" is more of the "Great Unicorn" (not to be confused with the one who used to own the lair recently found in North Korea).

      When a foreigner gets a job here, the orientation consists of "Here's your desk. Here's your username and password. Here's where we keep the proxy program. There's tea in the breakroom; if you want coffee, you'll have to go to the cafe down the street--it's between the brothel and the lottery store."

      Seriously.. the "techn

    • Re: (Score:2, Funny)

      by Anonymous Coward

      What are you doing? I should report you to the authorities for violating the law.

      People like you make me ashamed to be Chinese.

    • by fufufang (2603203)

      I live in China and noticed that since a few weeks (starting before the congress) the quality of OpenVPN UDP connections deteriorated severely. Formerly traffic worked fine, but now a ping over OpenVPN has significantly higher packet loss and latency than a direct ping to the same host, while these used to be similar. The connection often drops for 5-10 minutes, after which it is reestablished. A tunnel over ssh now performs a lot better than an OpenVPN connection.

      Note that I am using my own servers and non-default ports, not established VPN providers that are easier to block. This behavior occurs on different networks from different ISPs. Additionally, L2TP connections now fail most of the time, while they worked a few months ago.

      I have a home server (an O2 Joggler running Ubuntu) in China, to enable my parents to go over the firewall. I basically configured my home server to connect to my VPS via OpenVPN. And UDP seems to have stopped working completely about a month ago. Then I switched to TCP 443. That stop working about 2 weeks ago. Now I switched to TCP 3389, and it works like a charm.

  • Ignore this story (Score:2, Informative)

    by Anonymous Coward

    This story hurts China's tender heart and makes pandas cry. Stop being so mean.

  • by Anonymous Coward

    Happens everywhere tomorrow

    • Tomorrow? It's already here, just better veiled.

      Bluntly, the main difference between "capitalist" and "communist" (I use the terms loosely here and just to label things) repression is just that "we" have the better PR department.

      • Tomorrow? It's already here, just better veiled.

        Bluntly, the main difference between "capitalist" and "communist" (I use the terms loosely here and just to label things) repression is just that "we" have the better PR department.

        The word "authoritarian" pretty much sums up both China and the USA, soon to be USSA, now that Mr Soetero has secured at least another four years to accomplish his puppetmasters plans for America.. Watch China.. we'll be completely there in a short while...

        • Maybe, but the sock puppet on their right hand would have been no different.

          • by blade8086 (183911)

            Nono - of course not!

            Clearly because :

            Obamas middle name is 'hussain' and not 'Honkey Mc Wasp Cracker'

            The obama presedency is:

            A half baked conspiricy theory that doesn't make any sense, whereby his dead islamic but free-market liberal (aka 'liberal' not 'librul') step father secretly controls his president stepson Barrack to implement Chinese-style free-market authoritarian 'communism' despite the fact that the Chinese government is hostile at worst and ambivalent at best to any form of organized religion.

            T

  • by Anonymous Coward

    Thanks for this post, Slashdot. Quality of this article is much higher than the too often linked informationweek, computerworld or wired stories. More articles like this one, please.

  • Speaking to friends who work and live in China it really isn't that hard to get around the GFW. China are using it to keep the masses controlled and limit their access, but at the same time, leaving it easy enough to get around that the "elite" are still able to use the Internet to its full potential. Making it possible for large companies to compete globally.
  • I RTFA, and was disappointed that it was more of a history lesson and "how the firewall works" with a small portion at the bottom which can be summed up to "encrypted proxy/vpn".

    I was expecting some novel ideas of how to bypass the firewall.

  • by ebonum (830686) on Saturday December 01, 2012 @08:35AM (#42154035)

    I live in China. I don't know anyone who has significant problems with the GFW. It is very easy to hop over. Personally, I use a paid for VPN. I used one for about 3 years without problems. It was finally shut down about a month ago, so I switched. Without a VPN, it is only mildly annoying. You can't get on Youtube and Google is very slow. Most things work normally. For instance, CNN works, but the video section does not.

    Funny thing. If you are on the phone with someone and say "VPN", the call sometimes drops immediate. Works better in Chinese than English.

    When you don't have a VPN, what is really annoying is are all the US sites that pop-up messages saying that their service is not available in your country. Grrr. Then sites like Microsoft keep bumping you back to their Chinese site and hiding "the show me the page in English" button. It is sad how the internet is getting to sensitive to location. The great thing about the internet was that you could be anywhere. Now companies want to figure out where you are based and serve you country specific content. If you have a Galaxy SIII that you bought in China, try going to the US app store. You can't. Even with a VPN or flying to the US, it will not work.

    • Well, there's a twofold reason for companies to track your location. One, because they had to cave in to some "requests" from various governments who don't like the idea that their subjects do what they want to do and not what they're told and allowed to do. And I'm not really talking about China and Iran here...

      And second, of course, that they can charge a lot more depending on the country you're in. if you ever bought a legal DVD in south east asia, you'd wonder why people even bother pirating since the o

    • by Anonymous Coward

      If you have a Galaxy SIII that you bought in China, try going to the US app store. You can't. Even with a VPN or flying to the US, it will not work.

      you need a non chinese sim. I carry a Hong Kong prepay sim to buy stuff from the app store. It has no credit, but if you're surfing by wifi you're fine.

      --Ben

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I think it is a crime to put geofences, a crime against the evolution of society. People have worked hard to make everything on the internet "one click away", and here come various countries (eg: China, Arab countries) and companies (eg: Hulu) that reject us based on location. Then links get posted on forums with international attendance and half the members can't see the content. It's a restriction of speech. This and the DVD zoning, another moron restriction that reduced sales worldwide.

      • by arielCo (995647)

        I wholeheartedly agree except for private businesses like Hulu refusing to serve you. It's their bandwidth and their infrastructure. Freedom of speech doesn't force private entities to provide the means for such communication, much less when one of the parties licensed entertainment programmes destined to certained audiences.

    • by cciRRus (889392)

      Funny thing. If you are on the phone with someone and say "VPN", the call sometimes drops immediate. Works better in Chinese than English.

      Is this really true? Did you actually experience it? It sounds incredible.

  • by nihaopaul (782885)

    Most of the blocks are by DNS .. Using opendns alternative ports solves this or DNS over TCP

    • by fufufang (2603203)

      Most of the blocks are by DNS .. Using opendns alternative ports solves this or DNS over TCP

      DNS over TCP solves it. In fact if you use Google DNS as the upstream resolver, and use TCP port 53, you will be okay. However it seems web services with local server in China all slow down, because Google DNS resolves the domain names to foreign IP addresses.

  • by fufufang (2603203) on Saturday December 01, 2012 @07:59PM (#42158075)

    I think this article shows why UN should not control the Internet. I much prefer US to control it. US is not perfect. However I would rather not let controls like China to meddle with the Internet.

  • How Some Chinese Users used to Bypass The Great Firewall

    **millions of Chinese users grumble and wonder why their techniques don't work anymore.

  • The summary is far too technical, perhaps someone can provide a car analogy.

Maternity pay? Now every Tom, Dick and Harry will get pregnant. -- Malcolm Smith

Working...