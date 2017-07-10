China Tells Carriers To Block Access to Personal VPNs By February (bloomberg.com) 40
China's government has told telecommunications carriers to block individuals' access to virtual private networks by Feb. 1, people familiar with the matter said, thereby shutting a major window to the global internet. From a report: Beijing has ordered state-run telecommunications firms, which include China Mobile, China Unicom and China Telecom, to bar people from using VPNs, services that skirt censorship restrictions by routing web traffic abroad, the people said, asking not to be identified talking about private government directives. The clampdown will shutter one of the main ways in which people both local and foreign still manage to access the global, unfiltered web on a daily basis. China has one of the world's most restrictive internet regimes, tightly policed by a coterie of government regulators intent on suppressing dissent to preserve social stability. In keeping with President Xi Jinping's "cyber sovereignty" campaign, the government now appears to be cracking down on loopholes around the Great Firewall, a system that blocks information sources from Twitter and Facebook to news websites such as the New York Times and others.
How will business users be impacted, since they will typically need to use a VPN if working remotely?
At the same time I wonder how long it will be before the mouse works out how camouflage the VPN access? It really is a cat and mouse arms race.
Also, if they block VPNs, then the people will just start tunnelling over SSH. Can they block all VPN an SSH connections? That would basically disable a huge portion of the internet.
They don't have to. They just put you in jail or worse you if they catch you using a VPN.
President Xi should study his people's history. Every dynasty eventually loses the 'mandate of heaven'.
The biggest surprise here is that this loophole hadn't been closed down years ago.
Chinese leadership is getting desperate, losing contact with what is and isn't technically possible.
They will be playing 'whack a mole' until they 'declare victory' and give up.
Since the concept of connecting to a private network and alt-routing around infrastructure has existed since the days of dial-up concentrators, I'd say this delay is more political than anything.
China has been going after and is already blocking lots of VPN services. But of course all the time new such servers will pop up, new domain name, new IP address, and the mainlanders have their connection back.
How will they ever be able to block all VPN connections? They could of course start by blocking some common ip ports, but there's nothing stopping people from using a different port, e.g. port 80, and we're back to situation we have now, where they have to go hunt down server after server.
Wait till their real estate bubble pops. It's going to be ugly as fuck.
Whenever something unpleasant happens to human rights online, a lot of people shout, "Just use a VPN, and all your problems are solved!"
In a small way, they're not wrong. But this misses the big picture: VPNs are few and easy for centralized authorities to block. The ultimate answer cannot be narrow and fragile circumvention measures. It has to be a robust, decentralized, and authoritarian-resistant internet architecture. It needs to be all-or-nothing: either authoritarians block the entire internet, or none of it, because all content is safe from snoops and they cannot tell the things that please them, from the things that displease them.
VPNs are at best a fragile workaround for a systemic problem. And what's happening in China can easily come to the USA and Europe, because terrorists and because the children. The technical community has to take back the internet, before it's too late, or we will have lost the most important revolution in human communication to happen since the printing press to authoritarians.
You don't know how VPNs work? Unless China bans all encrypted connections to the outside world, this will do exactly fuckall.
I'm pretty confident that China has long since set it up so 'everybody's a criminal', same as the 'western world', so that's not in play.
You don't know how VPNs work? Unless China bans all encrypted connections to the outside world
No. They only have to ban connections to the VPN services, which are relatively few and well known IP ranges. It's just like some US companies or web forums will ban those ranges for incoming connections. If they can do it, China can also do it.
I wish the Chinese government luck (not really), they're going to need it.
How many Chinese people in the west with broadband connections? They will provide routing for relatives if they have to. You'll see them tunneling through gaming servers (which will piss the gamers off).
There are already a _buttload_ of VPN services. IP banning will be a never ending, rarely working game of 'whack-a-mole'. With lots of potential for fucking with China by baiting them into banning important hosts.
The protocol is known at negotiation time and can be banned consequentially. This is a well known technique and available off the shelf.
Network engineer here. My theory is that any blocking attempt where the users seek to avoid being blocked is doomed to fail unless literally no traffic of any kind (even DNS etc.) is allowed through. This is because all serious network kit uses ASICs to achieve acceptable performance at the cost of flexibility, but all the endpoints are CPUs that are inherently flexible. If the users have an orchestration system that allows the developers to change the protocols as and when, and they play to the weaknesses of ASICS, the network vendors will never be able to keep up. Anytime you let any traffic through whatsoever between two parties you don't fully control, it's game over for your perimeter. Hurray!
...what are they afraid of them learning on the open internet?
...what are they afraid of them learning on the open internet?
It's a phobia that is similar to the frothing at the mouth defenders of the US Constitution's second amendment. They feel if they give even an inch that it will become an unstoppable force that ultimately destroys them thus they must not let up in allowing even the most minor of concessions. People can be reasonable but some individuals just aren't.
So China is protecting itself against communist, leftist, progressive, NWO fake news? Are they "MACA" (Making China Great Again)?
As for the inevitable snowflake trolls that will moderate this down - Are you familiar with the concept of self-fornication?