Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Censorship China Software The Internet IT Technology Your Rights Online

Architect of China's Great Firewall Embarrassed After Needing To Use VPN (shanghaiist.com) 106

An anonymous reader writes: Fan Binxing, architect of the China's infamous Great Firewall, was put in the embarrassing position of having to use a VPN in front of a live audience when trying to access a blocked web page. Fang Binxing was giving a speech on internet safety at his alma mater, the Harbin Institute Technology. During the speech, he presented a defense for internet sovereignty and used North Korea's own version of the system as a talking point. Things got awkward really fast, however, when he attempted to access blocked web pages hosted in South Korea to demonstrate his point. From there his speech went from being a defense of the Firewall to a demonstration of its stupidity. Unable to access the websites he needed to continue his speech, Fang somewhat unexpectedly resorted to the same illicit tool which all expats in China are all familiar with: the beloved VPN. This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?
This discussion has been archived. No new comments can be posted.

Architect of China's Great Firewall Embarrassed After Needing To Use VPN

Comments Filter:
  • by Anonymous Coward

    I believe that's two questions....however, there is only one answer.

    • When you have a government VPN catering to about 1/2 of the world's population. You cannot sufficiently lock it down to an ideal settings, as even if you have 1% of the population deserving and exception that is 30 million people who you need to modify. Because of this, it is very easy to find a flaw, as there is a lot of holes to take advantage of.

      Also the problem with communism is the idea in order for it to function the entire population will need to be onboard with the communal living. That just can

      • by MightyMartian ( 840721 ) on Thursday April 07, 2016 @11:25AM (#51860695) Journal

        It really is the same psychological trick that the Communist regimes have been using since the beginning. They've never been able to censor information completely, even in the pre-Internet age it was an impossible technical problem to fully solve. So you play a psychological warfare game instead. So long as the citizens think you have the ability, and that if they read a forbidden book or a forbidden website, that somewhere the vast colossus of state security, a light will flash and a klaxon will go off, and very serious men will appear at your doorstep and you won't be seen again. You reinforce that by making the odd citizen disappear here and there, to build up society's paranoia. The whole point is to make people police themselves.

        That's why the Great Firewall, and the versions that other countries, even some so-called "liberal" democracies are creating, are as much a form of security theater as an actual control on reading forbidden content. These firewalls are like a polygraph test, they are effective because people believe they are effective, so they don't need to actually get anywhere near 100% success rate in blocking content and recording attempts. Heck, I doubt they even have to approach 50%.

        • somewhere the vast colossus of state security, a light will flash and a klaxon will go off, and very serious men will appear at your doorstep and you won't be seen again

          What first hand stories do you have to support this?

          As someone grew up in China in the 80's, we listened to Voice of America for 10 years and not a single serious man or woman ever appeared at our doorstep. What you said would be true in the Cultural Revolution period in the 70's, and I have first hand story too: when I, as a 5 year old, tried to fold a piece newspaper into a boat, my sister who was 5 years older stopped me because there was a picture of Chairman Mao.

          Today, I also have friend there doing VP

      • by Anonymous Coward

        "'Communism doesn't work because people like to own stuff." - Frank Zappa

        "Under Capitalism, man exploits man. Under Communism, it's just the opposite. - J. K. Galbraith

      • by ShanghaiBill ( 739463 ) on Thursday April 07, 2016 @11:58AM (#51860941)

        Blocking 99% is good enough. China is not trying to totally block outside information. They are just trying to keep a lid on organized dissent. Western news publications are commonly available at newsstands, although an occasional story on Tibet, or Xinjiang, or Xi Jinping's offshore bank accounts, will be torn out. Most urban Chinese are better informed about what is going on in the world than typical Americans. China is actually more worried about social networks, where people can organize outside of party control. So Facebook is blocked, and instead they have WeChat and QQ, which are monitored and controlled.

        Also, the Chinese Firewall is not "stupid". It may be evil, but it is not stupid. It is very effective at accomplishing its goals.

        China has never even tried to implement a classless society. In fact, they did the opposite, by strengthening feudalism and binding the poor to the land. Everyone in China is issued a Hukou [wikipedia.org] identification card at birth, that has their hereditary class printed on it. If you have the "wrong" class, as 80% of the population does, then you can be deprived of public education, housing, and even food. 99% of the 30 million people that starved to death during the Great Leap Forward had low class (rural) hukous. Today, about half the children in big cities like Beijing and Shanghai, have no right to attend public school, or go to a public hospital.

        One reason that the Chinese and outsiders see the Tiananmen Square incident very differently, is that the protesters never called for reform of the Hukou system. Outsiders see the protesters as heroes standing against oppression. Many Chinese see them as spoiled offspring of the urban elite trying to preserve their privileges.

        • by shuying ( 752029 )

          Today, about half the children in big cities like Beijing and Shanghai, have no right to attend public school, or go to a public hospital.

          There are many problems with the hukou system and most people in China do not like it at all. But you are spreading LIES. It may be difficult for a rural hukou child to get public education in a big city, but certainly not impossible. A rural hukou person can get services at any public hospital without any problem. He just doesn't have health insurance to cover his expenses.

          Everyone in China is issued a Hukou [wikipedia.org] identification card at birth, that has their hereditary class printed on it.

          Saying that hukou is hereditary is misleading. Except for the two megacities (Beijing and Shanghai), it's trivial to get a city hukou

          • it's trivial to get a city hukou if you have a college degree.

            Riiiight, because the son of a rice farmer, banned from public schools, should have no problem getting a college degree. And if the peasants don't have bread, let them eat cake!

            • by shuying ( 752029 )

              it's trivial to get a city hukou if you have a college degree.

              Riiiight, because the son of a rice farmer, banned from public schools, should have no problem getting a college degree. And if the peasants don't have bread, let them eat cake!

              "banned from public schools"? What a joke! You're sickening. Any one who has been to China should know that you're just telling lies.

        • One reason that the Chinese and outsiders see the Tiananmen Square incident very differently, is that the protesters never called for reform of the Hukou system. Outsiders see the protesters as heroes standing against oppression. Many Chinese see them as spoiled offspring of the urban elite trying to preserve their privileges.

          The other reason is that Chinese school children are taught it never happened. I've actually had conversation with college aged kids from China who still don't believe it really ever happened.

    • Yep the answers is both. The ruling party gets special treatment and China's great firewall is mostly that easy to bypass. China does keep blocking various vpns which makes it a moving goal.

      • by wiggles ( 30088 ) on Thursday April 07, 2016 @11:21AM (#51860663)

        When I was there, it was definitely not easy to circumvent. I tried multiple VPNs, dns tricks, all kinds of things, but my internet coverage was spotty at best. If I tried to go to any western news site for any reason, I'd find my phone either throttled to nothing or completely offline for hours or days.

        They seemed to be cracking down on VPN usage via deep packet inspection and/or whack-a-mole with overseas endpoints.

        I was there in November of 2014, so I can't imagine things have gotten much better.

        • Re: (Score:3, Informative)

          I just got back from Beijing last week and used a VPN on my phone without much trouble. Mobile data was quite fast and reliable there. Combined with the VPN, it worked just fine. It was so easy to bypass, it almost makes me wonder why they bother.
        • by Anonymous Coward

          I was in shanghai, oct 2015 and feb 2016.. I used a VPN all the time. The problem is that you get about 1-2 days of it working, and then it completely stops. We had to VPN over strange ports to an ip in chicago, then to germany, and keep moving them around. We got through, but it burned the hell out of our phone batteries pretty quick.

  • I'm sure (Score:4, Funny)

    by Big Hairy Ian ( 1155547 ) on Thursday April 07, 2016 @11:04AM (#51860533)
    He'll be introduced to "The Great Firing Squad of China"
  • by KGIII ( 973947 ) <uninvolved@outlook.com> on Thursday April 07, 2016 @11:04AM (#51860541) Journal

    So he just happened to have a VPN and an account all ready and set to go or is this a normal thing? I'm guessing it's the latter. I'm not sure why you'd be embarrassed about it. It's not like he just happened to notice while being shown live. He had one already there, installed, and an account configured.

    By the way, I've been to China and, as near as I can tell, everyone that I met had a VPN - usually one of the 'free' ones that you load up in your browser as an extension. And no, they didn't seem embarrassed about it. Then again, they weren't live and the person who configured the firewall.

    • by decep ( 137319 )

      Nobody is truly embarrassed by the porn like until they have to watch it in front of an audience.

      It is one thing to do something privately and something entirely different to do the same publicly. Especially when there is a reasonable chance of a prison sentence for doing so.

      • by KGIII ( 973947 )

        I'm not sure it's really private - as in, I witnessed people using them as I walked through outdoor areas and could see browser extensions. I've also discussed them, specifically, because I found the concept weird. (I'll touch on that in a moment.)

        So, I don't really think it's all that private. An AC mentioned an interesting point below - that he'd surely visited the pages in preparation for his talk. He should have already known. Then again, maybe he'd told someone to have it unblocked for him by the time

        • I think that blocking by the GFoC is inconsistent. I don't know the factors, but I suspect that source IP address may affect what sites are blocked.

          The GFoC changes all the time, but when I was there a small number of years ago, OpenVPN was being blocked. It appeared at the time that the system had some heuristics to detect encrypted streams. I read shortly after that playing with the MTU values would allow the OpenVPN-based VPN to connect. I found that SSH was not being blocked, so I just used that.

          In this

    • by Solandri ( 704621 ) on Thursday April 07, 2016 @12:08PM (#51861063)
      Any software designer worth his salt creating a firewall will also keep up to date on methods to bypass that firewall. So I'm not at all surprised he had a VPN all set up and handy.

      The real point of the firewall is probably like the driving code in the U.S. With regular law, what you do is legal unless explicitly stated to be illegal. But by loading up the books with thousands of little laws that everyone occasionally violates in the course of their everyday lives, you invert that situation. The government can just ignore enforcement of the law for 99.9% of people, but if you raise their ire they can arrest you and cite you for violating all those little laws that everyone else breaks every day. You are guilty as a byproduct of living, the government just picks and chooses which of the guilty need to be punished.
    • So he just happened to have a VPN and an account all ready and set to go

      If you were the boss of such a firewall system wouldn't you have that all set up?

      The real question here all Chinese people should be asking is, what VPN service does this guy use and how does on sign up?

    • Freegate [dit-inc.us]. It used to work pretty well, at least until 2012, and you didn't have to install it. I used to carry it around on a usb stick. So yes, people just happen to have one handy. It probably still works the same, but I'm not in China to tell.

    • I think your post may have missed the point. Its a bit embarrassing because the guy who created the firewall, was being blocked by the firewall, while attempting to retrieve technical information about firewalls which firstly demonstrates that the firewall is blocking legitimate web content on a country-wide level.

      Secondarily, in order to defeat the technological measures that he himself had created in order to protect China's 'innocence', hes fired up an extremely standard tool to bypass the blocking mea
    • Ain't cognitive dissonance grand?

      • by KGIII ( 973947 )

        Yup. I'd think he'd be as matter-of-fact about it as the rest of 'em.

        Though, now that you mention it... The chances (two of them) that I had to interact with people who were fairly high-level government officials do bring that phrase to mind. I'd called it "role playing" to my traveling companion on multiple occasions but cognitive dissonance might be more accurate.

  • The answer is in the question.
    I would go one step further, the Chinese are supplying 'approved' VPN IP's for their government people, IP's that are probably green listed in the firewall.
  • Answer... (Score:5, Informative)

    by Lumpy ( 12016 ) on Thursday April 07, 2016 @11:12AM (#51860595) Homepage

    Yes and Yes.

    Yes it's that easy to circumvent, and yes they are treated differently.

    • by arth1 ( 260657 )

      I'd have to say "Yes" and "Maybe".

      The second question doesn't make sense as it is written.
      Should it be "... different from ...", or should it be "... differentlier than ..."?
      I'd say Yes to the first of those, but No to the second, as I believe the Chinese government is too big to have individual rules for all the apparatchiks.

  • This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?

    If only we had a website the covered this sort of stuff ... oh right, we do [slashdot.org]! New VPN IP addresses probably take a while for them to identify the traffic on and block. But there are plenty of services like HMA that constantly roll out new ip addresses. So as long as you're a mouse willing to play whackamole with your cat overlords ... Annoying, yes, but that's the definition of the internet in China.

    In response to the second part, that is always true regardless of the answer to the first part. Not only are members of the government are treated differently but also their families. The "party" class enjoys many many perks. Unmonitored VPN connections would be laughable compared to their insider trading, disregard for the law and instant attack dogs they routinely utilize.

    While you're accepting suggestions, why isn't my aforementioned article linked in the "You may like to read:" section of this page? Those stories seem to have nothing to do with China's firewall yet a simple google search shows a whole slew of those stories on Slashdot. I think you could get timothy's family to help you track that stuff if you would return his body to them. They only want closure, it doesn't matter if it has to be a closed casket funeral!

  • Was it a demonstration of the "stupidity" of a firewall doing it's job (why he had to access those sites is not clear from TFS to me, nor what he tried to achieve with it), or the human stupidity of someone not properly preparing a presentation?

  • Here's perhaps a useful study about circumvention tools and usage, and what are the most common reasons to use them: https://www.openitp.org/pdfs/C... [openitp.org] It's from 2013 though. Anyway, from all the bit over 1000 respondents only 2 had never used any tool.

  • It is that easy (Score:2, Interesting)

    by Anonymous Coward

    American with a Chinese wife here, I was in China last year. I set up vpn service before I left, installed the android app, and it worked in china just fine. You won't have as much luck with TOR, it will be slow or unavailable a lot of the time (tried that too just for giggles when I was there). A large number of foreign born Chinese that are there for tourism or business use VPNs, usually with exit nodes in hong kong, korea, or japan. Several people there including at least one Chinese born one happily

  • Seriously as engineers we need to have enough balls to say no and stand up to requests from employers to design/implement anything who's ultimate use is to do something immoral, such as suppressing individual freedom.

    http://www.globaltimes.cn/cont... [globaltimes.cn]

    Giiven the indisputable evidence that he actually did circumvent the Chinese firewall, I would love it if the Chinese arrested this joker. If I was Chinese I would have already filed a complaint against him.

    • by Anonymous Coward

      [quote]Seriously as engineers we need to have enough balls to say no and stand up to requests from employers to design/implement anything who's ultimate use is to do something immoral, such as suppressing individual freedom.[/quote]

      I'm sure some of the engineers in China do have enough balls to do that. Or they did, before the government made them disappear...

  • as long as you have shell access (doesn't even need to be root level) to an outside unix box running ssh, the great firewall is doomed. Its so easy to use putty to tunnel HTTP traffic, that almost anyone can do it.

    http://www.techrepublic.com/bl... [techrepublic.com]

  • Coulda just connected to any of the various wifi hot-spots all the hotels etc have over there with built in VPN!
  • by RobinH ( 124750 ) on Thursday April 07, 2016 @11:29AM (#51860719) Homepage
    "... but some are more equal than others."
  • Anyone can (Score:5, Interesting)

    by SumDog ( 466607 ) on Thursday April 07, 2016 @11:34AM (#51860747) Homepage Journal

    In graduate school, I asked a Chinese student about this. He said that anyone can get past the filters in China. He did it all the time. He also said, no one cared. The Chinese government didn't care if you did, but they cared if you talked about it. If you start posting things, blocked links or discussing politics in public forums in China, you can expect a knock on your door, fines, jail or worse. But as long as you don't talk about it, you can view whatever the fuck you want.

    • But as long as you don't talk about it, you can view whatever the fuck you want.

      I wouldn't go quite that far. While I'm sure that there are subjects they will let you look at without talking to you, I wouldn't interpret to mean that there's not anything you can view on your own without having to, ahem, talk to the local authorities about. The CCP is still off the charts opposed to Falun Gong and nobody but the upper levels of the party itself seems to know exactly why this is. I've read several completely different explanations for this and they can't really be reconciled. My ex-gi

  • How is this "evidence of its stupidity"? How does that even follow? If anything, it is evidence of its effectiveness. The website was deemed harmful to the citizens by the government, and it was blocked. Even the creator couldn't access it. I'd say, job well done.

    Are members of the government treated differently from normal citizens? How is this even a question? Of course Communist governments think that intelligent people like Party members should be treated differently from the Great Unwashed and th

    • How is this "evidence of its stupidity"? How does that even follow? If anything, it is evidence of its effectiveness. The website was deemed harmful to the citizens by the government, and it was blocked. Even the creator couldn't access it. I'd say, job well done.

      Except for the part where he then proceeded to trivially circumvent the filter and access the website anyway, using a technique any Chinese citizen could use to do the same, and which many do use to do the same.

  • There is only one answer, and offshore trust funds for China's Ruling Elites are the method to arrive at that answer.

  • Fang somewhat unexpectedly resorted to the same illicit tool which all expats in China are all familiar with: the beloved VPN.

    No he didn't. He just used a VPN. VPNs are not illegal, they are not banned, people don't get in trouble for using them, and every multinational corporation doing business in China inadvertently bypasses the great firewall anyway. What is illegal is to view certain types of content but this does not include things that the wall blanket bans. Likewise China's VPN administrators attempt to counteract circumvention by blocking known VPN providers that exist for the purpose of bypassing the great wall, yet no o

    • by ukoda ( 537183 )
      I worked for a foreign (New Zealand/USA) company in China that used a VPN to connect back to our offices outside China. We were advised that the government would be needing to install monitoring equipment to our LAN. It had not happened at time I left that company but it sounded like it was simply a case of when not if.
      • The Chinese government is not one for blanket regulation of businesses. They are very careful of who and how they approach businesses. This is purely conjecture but I would put some money on the fact that wanting to monitor your VPN has nothing to do with keeping citizens uninformed about the outside world, and more to do with the fact that you're a foreign company and there's a potential to gain access to some information you have.

        Industrial espionage is so much easier when you're welcomed in the front doo

        • by ukoda ( 537183 )
          You may well be right. It didn't actually happen while I was there, but may have since then. My recommendation was to set up a Linux server spoffing the traffic for a mythical LAN and have it monitor that.
  • The fear of the Communist Government is public unrest and subversion of state power. As long as you are being a good citizen and keeping the unwanted Western truth and ideology to yourself then you are really no threat to them. To identify these inciters China mostly relies on the human intelligence gathering capabilities of its vast Security Services. Although lately not even China seems to be able to resist the Big Data cool-aid
  • "This raises one question: Is China's Great Firewall that easy to circumvent, or are members of the government treated differently than normal citizens?"
     
    Why is this an either/or thing?

  • This is like Chevrolet giving a public demonstration to show off how their trucks are better off-road than any other brand, then getting it stuck on live TV, and having to call a Ford truck to pull them out.
    Golf clap, China.
    • Not quite -- it's more like Chevrolet giving a public demonstration about how easy it is to get out of their cars in an accident, and then the person doing the demonstration gets stuck in the seat belt. Then, to finish the demonstration, they have to perform it again while not wearing a seatbelt.

  • For example, you can freely SSH from inside China to anywhere outside, except maybe some completely blocked IP address ranges. Certainly things work fine if you SSH to any of the AWS locations.

    So, fire up a nano instance before you go to China, and run a proxy server on it. I think I used squid last time, but there are a billion choices. Then simply port forward localhost port whatever to your proxy, and tell the browser to find the proxy at localhost on that port. My advice is to set your proxy up to liste

  • A VPN is a must living in China for technical research. Even Baidu's Chinese language result list is bad. I know they have the same information as google,( I see the bot searching my sites), but the order is terrible. Most of the world advance research in computers is in English. but Baidu English sorting algorithm is very much like the funny Chinglish signs [transparent.com]. For an engineer and other professionals to have access to the full internet will be required for China to advance and integrate into today's worl

  • "...or are members of the government treated differently than normal citizens?"

    All animals are equal but some animals are more equal than others

  • A couple of years ago I spent a couple of years working in China leading a technical team and dealing with the Great Firewall of China. It drove me nuts. Yes you can VPN around it, kind of, for while. I set up private VPNs to servers I ran outside China and I paid for commercial VPN services. They work, but not reliably for any length of time. Every week or two they would stop working and I would have to change my set up. It was just a ongoing PIA. I was so happy to be back home where the Internet ju
  • I spent four weeks teaching at two Chinese universities in 2014. All of the students were using VPN to circumvent the Great Firewall, and they all were using Facebook and Twitter. They were doing this openly in class. Circumvention is easy, well-known and seems to be fairly well-tolerated. I think it is tolerated with the students because they are using services like Facebook and Twitter for social activities. I expect there are Chinese government monitors watching what they say,and if they said the wrong t

Sentient plasmoids are a gas.

Working...