How Some Chinese Users Bypass The Great Firewall 58
CowboyRobot writes "The ACM has an article describing the history and present of the Great Firewall of China (GFW). 'Essentially, GFW is a government-controlled attacking system, launching attacks that interfere with legitimate communications and affecting many more victims than malicious actors. Using special techniques, it successfully blocks the majority of Chinese Internet users from accessing most of the Web sites or information that the government doesn't like. GFW is not perfect, however. Some Chinese technical professionals can bypass it with a variety of methods and/or tools. An arms race between censorship and circumvention has been going on for years, and GFW has caused collateral damage along the way.'"
So it's just like... (Score:5, Interesting)
So it's just like the DRM arms race between content companies and technically capable pirates that has caused collateral damage (to legitimate users) along the way?
Weird.
Re: (Score:3)
"i dont think sony ever killed people for bypassing drm though..."
I don't think China has ever sentenced to death someone for merely bypassing the Firewall. Which isn't to say that dissidents aren't tortured or arrested on bogus charges, or that you can get jailed merely for repeating rumors about the health or wealth of certain Party officials. But you have to be doing some seriously disruptive activities in REAL life to get the capital punishment.
Re:So it's just like... (Score:4, Insightful)
This is true. If people were actually punished in the legal sense for accessing information blocked by the firewall there would be a ruckus. Not a huge one, but big enough that it keeps government from acting brashly. It's the sending of information, writing blogs on banned topics, weibo-ing controversial things, etc. that could get you in IRL trouble.
Re:So it's just like... (Score:5, Informative)
Well then you have never gotten caught or tried then.
Actually, I would say that the punishment in the US is far more severe for piracy than the Chinese punishment for censorship laws.
That said, its seems that using proxies to bypass the firewall just for normal every day activities is not even really considered illegal in and of itself. The general answer to the question of, "what is the risk/punishment" is there is none.
Re: (Score:1)
how is it less severe? Over here you get a civil lawsuit, over there you get disappeared, imprisoned, or tortured for months on end. I find that hard to compare.
Re: (Score:2)
Only 'cause it would be horrible to deal with for their PR department. Unlike rootkits, people do actually know what torture is [theregister.co.uk], or at least have an idea that it might not be a good thing.
Re:So it's just like... (Score:4, Funny)
i dont think sony ever killed people for bypassing drm though...
That doesn't conclusively demonstrate that they don't want to.
Re: (Score:3)
Perhaps in function, but not in essence. DRM has alternatives, there is no alternative to truth. The consequences of you not being able to watch Batman on your laptop is personal in scale, the consequences of not being informed is societal in scale. And even though this may be unpopular on /., I take the stance that content creators have at least some rights over the distribution of their creations, whereas governments have absolutely no rights over the distribution of truth.
vpn (Score:5, Informative)
I was in China for 2 trips. used a US vpn both times, had no issues.
Re:vpn (Score:5, Interesting)
It's probably easier if you are not a Chinese citizen and don't have to live with possible consequences.
Re: (Score:1)
Re:vpn (Score:4, Interesting)
A few months ago, I tried to help a Chinese national in a hotel in Spain connect to the hotel network. I think his laptop had some really odd network monitoring stack replacement software on it. I think he worked for a Chinese public university.
I work as a systems integrator and administrator for small businesses in the USA. After 20 minutes, I had to continue my vacation. I don't believe he ever got connected by wifi or directly wired ethernet.
Sensationalist Summary (Score:5, Interesting)
Some Chinese technical professionals can bypass it with a variety of methods and/or tools.
I've met quite a few Chinese in online games and what they tell is that circumventing the firewall is as easy as using a proxy or VPN, is basically risk-free (to the end-user) and is really nothing special amongst their peer-group (age 15-30, educated, typically upper middle class). Every now and then their preferred proxy or VPN provider gets blocked and they have to look for a new one but that's a minor hassle and not a deal-breaker.
So the emphasis when reading the summary should definetely be on the variety of tools that are available to sidestep the firewall, not on the level of technical competence that is required to do so.
Re: (Score:3)
I wouldnt say risk free, as if they get caught bypassing it woudlnt go well for them.
Somehow i dont think the officals will care or even ask what you were doing across the 'forbidden link', and just doing it is enough crime in itsself for them.
Technical professionals? (Score:5, Insightful)
I've been living in china for a year by now. And I'm rather sorprised by how easy is to bypass the firewall. It doesn't take technical knowledge of any kind. You simply have to use one of the great number of programs that allow you to do it and that most chinese people tend to share using usb.
The firewall is mostly an annoyance than anything else, since the programs that bypass it use proxys which slow your internet speed and make it so that you cannot use it for activities that require decent bandwith. Still if you are pacient enough, it's like it's not there.
Re: (Score:2)
Recently attempts are made to block UDP VPNs (Score:5, Informative)
I live in China and noticed that since a few weeks (starting before the congress) the quality of OpenVPN UDP connections deteriorated severely. Formerly traffic worked fine, but now a ping over OpenVPN has significantly higher packet loss and latency than a direct ping to the same host, while these used to be similar. The connection often drops for 5-10 minutes, after which it is reestablished. A tunnel over ssh now performs a lot better than an OpenVPN connection.
Note that I am using my own servers and non-default ports, not established VPN providers that are easier to block. This behavior occurs on different networks from different ISPs. Additionally, L2TP connections now fail most of the time, while they worked a few months ago.
Re: (Score:1)
Yep. I've been in China for 16 months, and the "Great Firewall" is more of the "Great Unicorn" (not to be confused with the one who used to own the lair recently found in North Korea).
When a foreigner gets a job here, the orientation consists of "Here's your desk. Here's your username and password. Here's where we keep the proxy program. There's tea in the breakroom; if you want coffee, you'll have to go to the cafe down the street--it's between the brothel and the lottery store."
Seriously.. the "techn
Re: (Score:2, Funny)
What are you doing? I should report you to the authorities for violating the law.
People like you make me ashamed to be Chinese.
Re: (Score:2)
I live in China and noticed that since a few weeks (starting before the congress) the quality of OpenVPN UDP connections deteriorated severely. Formerly traffic worked fine, but now a ping over OpenVPN has significantly higher packet loss and latency than a direct ping to the same host, while these used to be similar. The connection often drops for 5-10 minutes, after which it is reestablished. A tunnel over ssh now performs a lot better than an OpenVPN connection.
Note that I am using my own servers and non-default ports, not established VPN providers that are easier to block. This behavior occurs on different networks from different ISPs. Additionally, L2TP connections now fail most of the time, while they worked a few months ago.
I have a home server (an O2 Joggler running Ubuntu) in China, to enable my parents to go over the firewall. I basically configured my home server to connect to my VPS via OpenVPN. And UDP seems to have stopped working completely about a month ago. Then I switched to TCP 443. That stop working about 2 weeks ago. Now I switched to TCP 3389, and it works like a charm.
Ignore this story (Score:2, Informative)
This story hurts China's tender heart and makes pandas cry. Stop being so mean.
Re: (Score:3, Funny)
Re: (Score:2)
I wonder if they make whale sauce the same way they make fish sauce...
What happens in China today (Score:1)
Happens everywhere tomorrow
Re: (Score:2)
Tomorrow? It's already here, just better veiled.
Bluntly, the main difference between "capitalist" and "communist" (I use the terms loosely here and just to label things) repression is just that "we" have the better PR department.
Re: (Score:1)
Tomorrow? It's already here, just better veiled.
Bluntly, the main difference between "capitalist" and "communist" (I use the terms loosely here and just to label things) repression is just that "we" have the better PR department.
The word "authoritarian" pretty much sums up both China and the USA, soon to be USSA, now that Mr Soetero has secured at least another four years to accomplish his puppetmasters plans for America.. Watch China.. we'll be completely there in a short while...
Re: (Score:2)
Maybe, but the sock puppet on their right hand would have been no different.
Re: (Score:2)
Nono - of course not!
Clearly because :
Obamas middle name is 'hussain' and not 'Honkey Mc Wasp Cracker'
The obama presedency is:
A half baked conspiricy theory that doesn't make any sense, whereby his dead islamic but free-market liberal (aka 'liberal' not 'librul') step father secretly controls his president stepson Barrack to implement Chinese-style free-market authoritarian 'communism' despite the fact that the Chinese government is hostile at worst and ambivalent at best to any form of organized religion.
T
Nice Job (Score:1)
Thanks for this post, Slashdot. Quality of this article is much higher than the too often linked informationweek, computerworld or wired stories. More articles like this one, please.
China is not the only one (Score:1)
Not sure they are really trying (Score:1)
How? More like a history lesson (Score:2)
I RTFA, and was disappointed that it was more of a history lesson and "how the firewall works" with a small portion at the bottom which can be summed up to "encrypted proxy/vpn".
I was expecting some novel ideas of how to bypass the firewall.
It's only a speed bump (Score:5, Interesting)
I live in China. I don't know anyone who has significant problems with the GFW. It is very easy to hop over. Personally, I use a paid for VPN. I used one for about 3 years without problems. It was finally shut down about a month ago, so I switched. Without a VPN, it is only mildly annoying. You can't get on Youtube and Google is very slow. Most things work normally. For instance, CNN works, but the video section does not.
Funny thing. If you are on the phone with someone and say "VPN", the call sometimes drops immediate. Works better in Chinese than English.
When you don't have a VPN, what is really annoying is are all the US sites that pop-up messages saying that their service is not available in your country. Grrr. Then sites like Microsoft keep bumping you back to their Chinese site and hiding "the show me the page in English" button. It is sad how the internet is getting to sensitive to location. The great thing about the internet was that you could be anywhere. Now companies want to figure out where you are based and serve you country specific content. If you have a Galaxy SIII that you bought in China, try going to the US app store. You can't. Even with a VPN or flying to the US, it will not work.
Re: (Score:2)
Well, there's a twofold reason for companies to track your location. One, because they had to cave in to some "requests" from various governments who don't like the idea that their subjects do what they want to do and not what they're told and allowed to do. And I'm not really talking about China and Iran here...
And second, of course, that they can charge a lot more depending on the country you're in. if you ever bought a legal DVD in south east asia, you'd wonder why people even bother pirating since the o
Re: (Score:1)
If you have a Galaxy SIII that you bought in China, try going to the US app store. You can't. Even with a VPN or flying to the US, it will not work.
you need a non chinese sim. I carry a Hong Kong prepay sim to buy stuff from the app store. It has no credit, but if you're surfing by wifi you're fine.
--Ben
Re: (Score:2, Interesting)
I think it is a crime to put geofences, a crime against the evolution of society. People have worked hard to make everything on the internet "one click away", and here come various countries (eg: China, Arab countries) and companies (eg: Hulu) that reject us based on location. Then links get posted on forums with international attendance and half the members can't see the content. It's a restriction of speech. This and the DVD zoning, another moron restriction that reduced sales worldwide.
Re: (Score:2)
I wholeheartedly agree except for private businesses like Hulu refusing to serve you. It's their bandwidth and their infrastructure. Freedom of speech doesn't force private entities to provide the means for such communication, much less when one of the parties licensed entertainment programmes destined to certained audiences.
Re: (Score:2)
Is this really true? Did you actually experience it? It sounds incredible.
dns (Score:2)
Most of the blocks are by DNS .. Using opendns alternative ports solves this or DNS over TCP
Re: (Score:2)
Most of the blocks are by DNS .. Using opendns alternative ports solves this or DNS over TCP
DNS over TCP solves it. In fact if you use Google DNS as the upstream resolver, and use TCP port 53, you will be okay. However it seems web services with local server in China all slow down, because Google DNS resolves the domain names to foreign IP addresses.
Handing the control of Internet to the UN (Score:3)
I think this article shows why UN should not control the Internet. I much prefer US to control it. US is not perfect. However I would rather not let controls like China to meddle with the Internet.
How Some Chinese Users Bypass The Great Firewall (Score:2)
How Some Chinese Users used to Bypass The Great Firewall
**millions of Chinese users grumble and wonder why their techniques don't work anymore.
Too technical (Score:2)
The summary is far too technical, perhaps someone can provide a car analogy.