×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Inside the Great Firewall of China's Tor Blocking

Unknown Lamer posted more than 2 years ago | from the onions-against-the-revolution dept.

China 160

Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

160 comments

And you say Chinese can't innovate (5, Insightful)

DCTech (2545590) | more than 2 years ago | (#38644634)

Clearly they're one of the best software engineers in the world when they want to, being capable of real-time packet inspection and probing. China has over 1.7 billion people who almost all want to work in IT. They will rule the world.

Re:And you say Chinese can't innovate (4, Funny)

Anonymous Coward | more than 2 years ago | (#38644674)

Where did they pick up the extra 400 million people from?

Re:And you say Chinese can't innovate (2, Interesting)

axx (1000412) | more than 2 years ago | (#38644720)

Do you really believe that a census on over one billion people, who have (who had?) an incentive to lie about their progeny, is credible?

Hell, I might be wildly off the mark but for all we know there could be two billion people in China, I wouldn't be that surprised.

Hopefully someone more aware of the reality of the situation will chime in.

Re:And you say Chinese can't innovate (2)

gman003 (1693318) | more than 2 years ago | (#38644854)

Wikipedia cites 1.3 billion [wikipedia.org]

The margin of error in the US census is 0.009%. [census.gov]

Even allowing for China to have a margin of error a hundred times that of America's, you're looking at a maximum inaccuracy of ~12 million people, not 300.

Re:And you say Chinese can't innovate (2)

QQBoss (2527196) | more than 2 years ago | (#38646602)

It isn't an issue of error bars, it is more an issue of outright fraud in the census.

Illegal aliens (both internal and external... do you know anything about the hukou system?) have an extremely high incentive to remain uncounted, particularly if they have children.

From 2008:

http://www.china-briefing.com/news/2008/09/01/is-china%E2%80%99s-population-really-13-billion.html [china-briefing.com]

Re:And you say Chinese can't innovate (1)

swalve (1980968) | more than 2 years ago | (#38647332)

Where did these 400 million people come from? That would basically be the entire population of the rest of Asia, besides India.

Re:And you say Chinese can't innovate (4, Interesting)

QQBoss (2527196) | more than 2 years ago | (#38648388)

How many people are actually in China, I am in no position to guess. But I am in a position to know that census undercounting does occur and why.

As I mentioned, the "uncounteds" are both internal and external illegal aliens. Unlike most of the Western world, where the right of free travel is assumed, within China you are only legally allowed to live/work/"own" property in the place where you have a hukou (this is a gross oversimplification, but it is the beginning of a discussion). Many of the presumed 400M illegals are native Chinese who have chosen to live where they have no permission to live, doing so under the radar to avoid sanctions which in the past could have been quite onerous. They aren't at their home city to be counted (though children usually are, staying with grandparents, since without a local hukou they have no right to go to school where their parents are living) and they avoid being counted in the city where they are living because they could be forced to return to their officially registered home.

About 6 or 7 years ago, the hukou laws were supposedly eliminated, but anyone who says they have been completely abolished is wrong. Decentralized, perhaps, but they still exist and are enforced whenever the right government official gets their panties in a wad. Unless and until the hukou laws are actually abolished, the charade will continue.

Re:And you say Chinese can't innovate (0)

Anonymous Coward | more than 2 years ago | (#38646630)

You don't know what you don't know.

You can guess all you want.

But you don't know what you don't know.

How - hard - is - that?

Re:And you say Chinese can't innovate (2)

sadboyzz (1190877) | more than 2 years ago | (#38647882)

The reality of the situation in China is that the government is under _huge_ pressure to drop the draconian population control policy, aka one-child policy. However, there is no sign from the regime that it would even consider budging on this issue. So if anything, they have an incentive to _overstate_ the population, rather than understate it.

The other reality is that hundreds of elementary schools rural areas were closed down over the past few years due to not having enough school kids. Class rooms that once hold 40 children were down to 5, so the local gov simply closed the under attended schools and moved the children into bigger schools in towns, forcing some kids to travel great distances just to get to school everyday. The Hong Kong based Phoenix media ran a documentary on this a couple of years ago, which for some reason, was not aired in mainland China.

Re:And you say Chinese can't innovate (0)

Bert64 (520050) | more than 2 years ago | (#38648124)

Why is their policy draconian? Over population is a HUGE problem that needs to be dealt with, can you think of any alternative methods that are less "draconian"?

Re:And you say Chinese can't innovate (-1)

Anonymous Coward | more than 2 years ago | (#38644736)

US after they attack to collect their money and seize whole North America?

Re:And you say Chinese can't innovate (1)

crutchy (1949900) | more than 2 years ago | (#38648394)

Where did they pick up the extra 400 million people from?

that might be their daily population growth :)

An alternative (0)

Anonymous Coward | more than 2 years ago | (#38644748)

Alternatively, China has one of the biggest piles of money in the world and there are a lot of companies around the world who will do anything to get their hands on some of it.

Re:And you say Chinese can't innovate (2)

Ethanol-fueled (1125189) | more than 2 years ago | (#38645326)

Haw, I might believe you if you can prove to us that it's solely Chinese technology doing the filtering, and not solutions from Western vendors such as Naurus [narus.com] or Procera. [proceranetworks.com]

All of the big links provide only details about the type of filtering and not the hardware used.

Re:And you say Chinese can't innovate (1)

crutchy (1949900) | more than 2 years ago | (#38648408)

i would be less surprised if western companies were copying the chinese

Re:And you say Chinese can't innovate (0)

Anonymous Coward | more than 2 years ago | (#38645360)

Simply scan for connections that you can't probe and shit can them immediately.

It really isn't that mysterious.

Re:And you say Chinese can't innovate (4, Interesting)

cp.tar (871488) | more than 2 years ago | (#38645554)

Despite the error in your numbers, your post reminded me of Focus in Vernor Vinge’s A Deepness in the Sky.
Spooky.

Re:And you say Chinese can't innovate (0)

Anonymous Coward | more than 2 years ago | (#38647198)

that's funny, a few minutes ago, when I saw the article above this one, about the FBI sentinel program, I thought of the 'ubiquitous survellaince' society of the Emergents, and the emphasis on advanced forms of automation.

Re:And you say Chinese can't innovate (1)

Tracy Reed (3563) | more than 2 years ago | (#38646372)

Or they paid some round-eye to implement this for them. They certainly have the resources.

Re:And you say Chinese can't innovate (2)

wisty (1335733) | more than 2 years ago | (#38647032)

Are they actually capable of real time packet encryption; or do they just run it like a proxy? The lag can be horrific, like there's some server at the border waiting for the whole page to download, before they forward it to you.

Re:And you say Chinese can't innovate (1)

lsatenstein (949458) | more than 2 years ago | (#38647298)

Is it perhapa a combination of quality software engineers and the quantity of software engineers that China can put to the monitoring function? With quantity and quality, one can divide and conquer.

boycott (0)

Anonymous Coward | more than 2 years ago | (#38644694)

the CHICOMs

Fear & Lolling (0)

Anonymous Coward | more than 2 years ago | (#38644704)

They might be able to block TOR, but you have a *dozen* of VPN services that works flawlessly since years, to tunnel under the wall. And not a day of failure, tunnel is happily tunneling data. That firewall is about as effective as was the brick & mortar wall to stop invasion : symbolic value. (Written from Panda Land)

Re:Fear & Lolling (1)

Anonymous Coward | more than 2 years ago | (#38644728)

Care to name some? Many free public proxy servers are banned, and the paid ones are expensive enough, such that the masses cannot afford it.

Re:Fear & Lolling (0)

Anonymous Coward | more than 2 years ago | (#38644802)

name some? Sure.

Re:Fear & Lolling (1)

Anonymous Coward | more than 2 years ago | (#38645008)

I won't name any, advertisement for it are common if you surf popular websites from Panda Land. But I can tell you that yes, it's not for free, but no, it's not expensive, affordable for a Chinese city dweller level of income (8 USD for 6 months, about 50 RMB, which is the price of cinema ticket without the popcorn bucket).

Re:Fear & Lolling (1)

mveloso (325617) | more than 2 years ago | (#38644734)

VPN access exists as long as the Chinese government allows it to exist. If they can probe and whack TOR, that shows they can whack anything - and that they choose not to.

Note that some sites in China do actively block VPN connections.

Re:Fear & Lolling (1)

PiSkyHi (1049584) | more than 2 years ago | (#38647248)

Conversely, if you can access global information from within China and its still just a blacklist of IPs, then a VPN can always get through.

My college did it easier (4, Informative)

The MAZZTer (911996) | more than 2 years ago | (#38644756)

Tor has to connect to so-called "dictionary servers" periodically to refresh its list of tor nodes to try to use. If you block those servers, tor breaks.

At least, that's how it worked when they finally figured out how to block it after 3 years. Maybe tor has improved since then.

Re:My college did it easier (1)

The MAZZTer (911996) | more than 2 years ago | (#38644834)

Whoops, looks like they're called "directory servers". Not sure if I remember it wrong or if I really did think they were called "dictionary servers".

Re:My college did it easier (4, Informative)

TSHTF (953742) | more than 2 years ago | (#38644914)

Tor has changed since you read last... "Bridges" were added to Tor and are not listed in any central directory.

Tor bridges [torproject.org]

Re:My college did it easier (1)

Anonymous Coward | more than 2 years ago | (#38646140)

Any SSL connection from China to outside is tracked and they attempt to connect to it in a few minutes after original connection is made. They try to establish a tor handshaking and if it succeeds, the IP is blocked in the great firewall.

Re:My college did it easier (1)

Anonymous Coward | more than 2 years ago | (#38644940)

You can use Tor without connecting to directory servers. That's the point of bridge nodes, which this article is about...

Re:My college did it easier (1)

Synerg1y (2169962) | more than 2 years ago | (#38645024)

But... but, if you have an unlisted / unknown proxy server that accepts YOUR connections, wtf is the point of TOR lol? Just start channeling through it over the designated ports. I mean it just uses SOCKS along w the other proxies, tor's gold lies in obfuscating your connection by sending it through relays around the world. Not sure what else is going on that would prevent the above. Either way you set with what tor calls a bridged node :)

Re:My college did it easier (4, Informative)

xiando (770382) | more than 2 years ago | (#38645014)

Tor has to connect to so-called "dictionary servers" periodically to refresh its list of tor nodes to try to use. If you block those servers, tor breaks. At least, that's how it worked when they finally figured out how to block it after 3 years. Maybe tor has improved since then.

This was the situation. Countries did download the entire Tor directory and block all the nodes listed in it. This is why bridge relays were invented, and there is no public list off all bridge relays. It works like this: You get a bridge address, you connect to a bridge and the bridge then connects to the Tor network. This changed the arms-race. GFW is now able to detect the Tor bridges and this is a set-back for the Tor-project. They will find a solution which fools the GFW and the Chinese will lose face.

Lose face (5, Funny)

Anonymous Coward | more than 2 years ago | (#38645220)

For those unfamiliar with the concept "face", it's the social equivalent of getting modded -1

Re:My college did it easier (4, Informative)

BitterOak (537666) | more than 2 years ago | (#38645236)

Tor has to connect to so-called "dictionary servers" periodically to refresh its list of tor nodes to try to use. If you block those servers, tor breaks.

At least, that's how it worked when they finally figured out how to block it after 3 years. Maybe tor has improved since then.

We have to remember though what Tor was designed to do and what it was not designed to do. Tor was designed to protect the privacy of individuals who don't want their browsing habits revealed. It does this by preventing your IP address from being available to the web server you connect to, and additionally it encrypts traffic so intermediaries, such as your ISP can't snoop on your traffic. It was NOT designed as a means of bypassing firewalls that are actively try to block Tor. That was never its purpose.

Re:My college did it easier (4, Insightful)

Fluffeh (1273756) | more than 2 years ago | (#38646356)

It was NOT designed as a means of bypassing firewalls that are actively try to block Tor. That was never its purpose.

Totally agree that it was not the original purpose, but I would add to your comment and congratulate the folks behind Tor for taking a stand and trying to allow their software to get past the GFW. Sometimes when you realize that your software is being used for something more important (possibly something much more important than not letting your ISP know what you are doing) then it is a great opportunity to change your purpose somewhat. If the purpose itself isn't being changed, then it is still heart warming to see the effort being made anyhow.

Re:My college did it easier (1)

cool_arrow (881921) | more than 2 years ago | (#38647704)

my understanding is that connections to and from entry and exit nodes are unencrypted . only connections between relays are encrypted.

SSH (1, Interesting)

axx (1000412) | more than 2 years ago | (#38644770)

Does this mean people should start tunnelling their Tor connexions through SSH, at this point?

Bugged planet indeed, I wonder if any of our lovely "free world" companies like Amesys or Siemens are selling the DPI gear, or if China is using a fully homebaked solution.

And if so, does it run (Red Flag) Linux, obviously.

Re:SSH (4, Informative)

xiando (770382) | more than 2 years ago | (#38645056)

Bugged planet indeed, I wonder if any of our lovely "free world" companies like Amesys or Siemens are selling the DPI gear, or if China is using a fully homebaked solution.

If you watch the 28c3 Torproject presentation available at http://tinyurl.com/7c893sl [tinyurl.com] then you will learn that western corporations like Intel, Nokia and Cisco are heavily involved in Internet surveillance and censorship around the world.

Re:SSH (1)

toopok4k3 (809683) | more than 2 years ago | (#38648366)

I did not look at your link, but are you sure you don't mean Nokia Siemens Networks instead of Nokia? They are not the same thing.

obfuscation? (2)

wierd_w (1375923) | more than 2 years ago | (#38644778)

If we learned more about how they detect the tor session, couldn't we obfuscate the data to combat detection?

I mean, encrypted data stands out from normal traffic like a sore thumb, and unless the user is a bank, transacting large amounts of it puts up a red flag. But, what if we obfuscated the data so that it looks like ordinary unencrypted/uncoded data?

Re:obfuscation? (3, Interesting)

DCTech (2545590) | more than 2 years ago | (#38644988)

And Chinese will just block it again. And unlike slower cat-and-mouse game in western countries, Chinese can react quickly without going thru all the hierarchies and courts. At the same time, Tor project needs to keep updating their clients and servers, and it probably doesn't take anything at all for Chinese to block new changes. They have the advantage here.

Re:obfuscation? (3, Insightful)

mSparks43 (757109) | more than 2 years ago | (#38648286)

I mean, encrypted data stands out from normal traffic like a sore thumb.

Actually, I think this is something of a myth.
"normal traffic" these days is mostly compressed.
Since the goal of both encryption and compression is to achieve a byte stream that is otherwise indistinguishable from random noise, I don't think one set of random noise stands out much more than another set of random noise.

Only thing that really separates traffic these days is imperfections in these algs and the negotiation protocols.
____
My suggestion for their problems would be to negotiate an otherwise compressed stream that is widely used (e.g. gzip) then tunnel the encrypted data through this stream, ideally encrypting post compression.

Tor is designed to be easily censored (-1)

Anonymous Coward | more than 2 years ago | (#38644786)

Tor is explicitly designed to be easy to find and censor so that network administrators can block it on their networks.

You can get a list of the exit servers here:

https://svn.torproject.org/svn/check/trunk/cgi-bin/TorBulkExitList.py

It is not really a good choice for Chinese dissidents.

Re:Tor is designed to be easily censored (1)

nurb432 (527695) | more than 2 years ago | (#38644838)

FreeNet would have been a better choice i think. harder to track down who is running it. Tho not impossible.

Re:Tor is designed to be easily censored (2)

xiando (770382) | more than 2 years ago | (#38645094)

Freenet and I2P both serve their purpose. None of them serve the same purpose as Tor. Tor lets you connect to the normal Internet so you can view your normal web comics, visit CIA information gathering honey-pots like Facebook and so forth. Freenet and I2P are designed for hidden internal traffic in those networks. Sure, you can share a file on Freenet, but you can not visit your favorite news website. Different tools for different jobs.

Re:Tor is designed to be easily censored (1)

nurb432 (527695) | more than 2 years ago | (#38645532)

Ultimately, FreeNet is more about publishing 'sites' than sharing files ( tho i agree it can do both ), and if we waned to help out our oppressed brothers, we would mirror 'outside' sites on FreeNet. Even setup auto run scripts to do it.

And while its not been done yet, i don't see a technical obstacle why a "gateway" couldn't be created that sucks in outside data and inserts it into FreeNet, on demand. I also don't see it compromising security, except for the guy(s) running the gateway, in a presumed free country. Once its inserted, its just as secure as any other traffic.

Re:Tor is designed to be easily censored (0)

Anonymous Coward | more than 2 years ago | (#38646274)

Such an automatic gateway would be a reverse proxy - very simple to impliment, except I doubt the desire to do so is there for obvious reasons...

Quite sure I remember an XKCD comic about encryption and a $5 wrench...

Thank you Chinese government (5, Interesting)

circletimessquare (444983) | more than 2 years ago | (#38644884)

for helping us build more robust Tor protocols

Oh, you thought you were going to actually kill the average Chinese citizen's desire for free access to information? You didn't understand that a stronger Tor protocol or something even better than Tor is the actual result of your escalation of the arms race?

You're pretty ignorant about basic human nature, aren't you, you authoritarian assholes.

Oh, and btw you grumpy old shitbags:

http://www.nytimes.com/2012/01/04/world/asia/chinas-president-pushes-back-against-western-culture.html [nytimes.com]

The reason you are lamenting the influence of Western culture on China, and not basking in pride at the influence of Chinese culture on the West, is because YOU CENSOR EVERYTHING IN YOUR CULTURE. So Chinese Culture is hobbled and decimated. Because you think you can control, nevermind why you think you should control, Chinese thought. Instead of a great big strong tree, you have a demented little broken bush. Because of YOUR efforts at preventing Chinese culture from growing, by censoring everything, you morons

You ignorant controlling douchebags. Your average Chinese citizen understands this, why don't you you stupid old and decrepit paranoid control freaks?

Re:Thank you Chinese government (5, Funny)

Anonymous Coward | more than 2 years ago | (#38645010)

And how you do really feel?

Re:Thank you Chinese government (4, Interesting)

circletimessquare (444983) | more than 2 years ago | (#38645214)

Question: what is the greatest ally in the growth of Western Cultural influence in China?

Answer: The Chinese Central Government, for working so hard to make sure that Chinese Culture can't grow.

They think that controlling culture, and growing it, are compatible concepts. Culture grows when it freely crosspollinates with other world cultures. Japanese culture has freely been assimilating culture from around the world and we still recognize a distinctly Japanese culture. The game of controlling culture and "protecting" culture from "illegitimate" influences is the game of the insecure little person who believes Chinese culture is inferior. The person proud of being Chinese is freely dabbling in world culture, infusing their own thoughts, and defining Chinese culture as strong and new. Culture needs to crosspollinate to survive and grow. Sit on it, control it, keep it in a box, and your culture dies.

Look at what these ignorant insecure douchebags are doing:

http://www.nytimes.com/2012/01/01/world/asia/censors-pull-reins-as-china-tv-chasing-profit-gets-racy.html?pagewanted=all [nytimes.com]

I know: I can hear the typical snobby Western voice now: "I wish my government would censor the Kardashians and Jersey Shore."

And for thinking that way, you have merely identified yourself as knowing nothing about how culture actually works, and have allied yourself with authoritarianism. congratulations, you're ignorant and you're an asshole. i'd much rather have people watching jersey shore than some government entity telling them what to see and watch. and there is nothing wrong with the pursuit of empty guilty pleasures, that's a PERFECTLY VALID SEGMENT OF CULTURE. think of it as creative ferment from which greater cultural products spring forth. without the base of empty silly nonsense, the "higher" cultural products have nothing to grow out of.

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38645548)

As a Westerner (born and bred in the US in the 3rd oldest colonial city), I have to say its not so much that we wish the government would censor such shows, merely that people would stop watching them. Part of the price of freedom is putting up with inanity.

Re:Thank you Chinese government (0)

Alex Belits (437) | more than 2 years ago | (#38646026)

Part of the price of freedom is putting up with inanity.

No, that's actually something VERY specific to so-called Western culture. The rest of the world embraces the concept of government acting on behalf of the population even when it goes against so-called freedom of speech -- another uniquely Western concept.

Re:Thank you Chinese government (1)

circletimessquare (444983) | more than 2 years ago | (#38646142)

Freedom of speech is a human concept, not a western concept. Or I suppose your condescending patronizing opinion is that nonwesterners like being slaves?

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38646578)

you're a stupid, stupid, asshole.

freedom of speech is a human right.

Re:Thank you Chinese government (1)

crutchy (1949900) | more than 2 years ago | (#38648480)

freedom of speech is a human right

i agree, but...

the problem in "free" countries like america is that some people just don't know when to shut the fuck up

direct that somewhere else (2)

s.petry (762400) | more than 2 years ago | (#38645628)

I have no idea why you are on a tangent accusing someone else of wanting censorship. The point was that your rant (now two of them) is being directed at technical people in the US, not the Chinese Government.

How about writing mean letters to the Chinese Government, or getting involved in Politics instead of ranting here on /.?

Trust me, personally I'm not for anything that China does. With out of control IP laws, rampant corruption, and pay-for-politics in the US we have a shitload to worry about at home. With things like SB1867 being passed on 1/31/11 by our President, and now the big push for SOPA we are on our way to becoming a whole like like them.

Oh.. one more thing.. The US Government will not censor anything like you mentioned. What better way of distracting people from the fucked up shit they are doing than to spoon feed people stuff like that?

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38647098)

I don't always agree with you, but this post is why you always show up with a green ball next to your name.

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38647132)

The funny thing is, most communist party officials studied the French Revolution. In depth. That's part of the marxist-leninist cursus. So they must know that the old regime of king and nobles was not just brought down by the ideas of Voltaire and Rousseau. It was also brought down by porn. Very low grade porn, that featured the queen and nobles as just people. The porn was travelling through the same channels that also peddled philosophy and forbidden novels. I am sure that when the communist bosses are blocking the popular shows, they have that in mind too. They know they are the new kings and nobles. They know their days are counted. And they know that porn and crass will get them, eventually.

Re:Thank you Chinese government (0)

dankasak (2393356) | more than 2 years ago | (#38645260)

That's a lot of venom you have there. You do realise that your own government censors your internet access as well, right?

Vent much? (1)

s.petry (762400) | more than 2 years ago | (#38645412)

I get it, we all do (or at least I hope). But do you really think that the Chinese government reads /.? We can hope, but sheesh if world leaders can't get them to open up why would they listen to someone vent on /. and say "Eureka! He's on to something!"

Re:Vent much? (0)

Anonymous Coward | more than 2 years ago | (#38646976)

Sometimes you just need to vent where anyone can hear/read. Even if it's not the most relevant person.

Do you really think he expects Chinese officials to read this?

Re:Thank you Chinese government (-1)

Anonymous Coward | more than 2 years ago | (#38645792)

It's ignorant and arrogant responses like this, knee jerk reactions with no citation backing their generally false or over-exaggerated claims, that make me visit /. less and less...

And what's with all the name calling and general rage? Completely unnecessary, and generally childish.

Go ahead and vote troll, but it's the truth.

Re:Thank you Chinese government (1)

f3rret (1776822) | more than 2 years ago | (#38645964)

I don't think the Chinese can hear you homie.
Maybe you should try doing it in all caps, that's louder.

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38646014)

You actually think that they're going to read what you have to say and give a damn about what your lazy, dirty, overweight american mind thinks?

Calm the hell down. You don't matter to them.

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38646568)

> You ignorant controlling douchebags. Your average Chinese citizen understands this, why don't you you stupid old and decrepit paranoid control freaks?

You realize we're facing similar problems with proprietary software and *AAs in the Western world, don't you?

Not to go against your argument, it's ok; but do realize the problem is "everyone wants to know" and some people want to avoid that for power-related reasons. When we call these guys "controlling", they probably feel flattered...

Re:Thank you Chinese government (1)

circletimessquare (444983) | more than 2 years ago | (#38646872)

i never understood this point of view. that because we have domestic problems we cannot criticize others. on that basis, no matter how much worse a country is, we can never criticize them

"there is a problem somewhere in my country. therefore i will refrain from critical thinking on international issues"

i just don't understand

is it because you think it is hypocrisy? you do realize the nature of american censorship is far different from that of chinese censorship? the inability to express your politicla opinion: is that the same thing in your mind as media cartels making a desperate bid to remain relevant in the internet age?

"some congresscritters have whored themselves out to support SOPA. this is exactly the same as china not allowing any political dissent."

really? do you lack all critical thinking skills or do you just avoid the skillset?

Re:Thank you Chinese government (0)

Anonymous Coward | more than 2 years ago | (#38648142)

One of the best comments I've ever read. This makes up for a sea of "me too," mindless contradiction and trolls.

Not that much new here... (1, Insightful)

A beautiful mind (821714) | more than 2 years ago | (#38644900)

Tor exit node based blocking has been used on various IRC servers to combat abuse for years and years now, The chinese might be doing something more fancy, but that only shows that they didn't go for the fairly easy and quick solution.

Re:Not that much new here... (4, Insightful)

xiando (770382) | more than 2 years ago | (#38645150)

Tor exit node based blocking has been used on various IRC servers to combat abuse for years and years now, The chinese might be doing something more fancy, but that only shows that they didn't go for the fairly easy and quick solution.

The Torproject responded with bridges when countries started to block entire countries like those IRC servers do. The entire list of Bridges is not public. What GFW now does to detect and block those bridges is something new and it is something entirely different. The "download the entire list of Tor servers and block them" method was used and stopped being efficient thanks to Tor bridges.

Re:Not that much new here... (1, Informative)

dissy (172727) | more than 2 years ago | (#38648080)

I've used the previous method on my own IRC network, not to block Tor outright, but to prevent people from clicking 'refresh' to get a new IP and avoid channel bans or client side /ignores placed on them after spamming, harassing others, and generally trying to go where their behavior makes them unwanted.

With a daemon linked to tor, my server can send some info to the tor network to ask if this is a tor connection. It needs my servers IP and port, as well as the users IP and source port.
Upon a successful reply, services changes that users vhost to @tor
It's fully up to each channels ops how to handle it, if at all.

Some channels do +b *!*@tor while others have the same ban but add exceptions for registered nicks using +e nick!*@tor while yet other channels are nothing BUT tor users.

I've never seen someone refresh their Tor IP and reconnect from a node that wasn't also detected by this method.
I haven't heard of tor bridges until just today, however their use doesn't seem to aid with harassment or spamming from what I can tell.

We also do bayesian filtering where if the IP is on 4 or more of the 8 DNS blacklists checked, they get a temporary 10 minute gline with a URL showing which blacklists failed, and links to each for figuring out exactly why one is listed, and after cleaning up any infections they can request a delisting.
As that process usually takes more than 10 minutes, this filtering method only stops bots and other automations, while a human can easily fix the problem and not be denied their chatting.

It's pretty hard these days to find a decent balance between allowing privacy while at the same time preventing obvious abuses like spamming, harassment, and bots trying to DCC trojans to not-so-net-savvy newbies.

I had absolutely no issues with Tor when their goal was only to provide privacy and anonymity. But if their new goals are to provide an easy and one-click way to avoid bans set on a particular user with bad behavior through their service, then it will only serve to harm their reputation (for good reason this time)

Re:Not that much new here... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38645544)

They're not blocking exit nodes -- they're blocking your first hop(s) into the tor network

Tor is (apparently) easy to identify (0)

Anonymous Coward | more than 2 years ago | (#38644904)

Here is the l7-filter rule:

# Tor - The Onion Router - used for anonymization - http://tor.eff.org/ [eff.org]
# Pattern attributes: good notsofast notsofast
# Protocol groups: networking
# Wiki: http://protocolinfo.org/wiki/Tor [protocolinfo.org]
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
#
# This pattern has been tested and is believed to work well.
#
# It matches on the second packet. I have no idea how the protocol
# works, but this matches every stream I have made using Tor 0.1.0.16 as
# a client on Linux.
#
# It does NOT attempt to match the HTTP request that fetches the list of
# Tor servers.

tor
TOR1.*

Tor, China and the USA (5, Interesting)

xiando (770382) | more than 2 years ago | (#38645444)

I tell you, free speech and freedom in general in America is doomed. The NDAA2012 combined with SOPA is just another brick in the wall on the path towards a completely tyrannical fascist government. Some Americans argue that the USA is there already. Today we are talking about Tor being blocked by the Great Firewall of China. How long will it take before we are talking about the Great Firewall of the USA blocking websites, software like Tor, I2P, Freenet and so on? Beware that western corporations like Intel, Cisco, Nokia and Siemens are the ones who are delivering the technology used by countries like China. The US and the west already has this technology. I do not see it as a question of if but when these technologies will be used in the US and other "free" western countries. The Tor project should be supported. Why people in other countries need it today may be why you need it tomorrow.

Re:Tor, China and the USA (1)

luther349 (645380) | more than 2 years ago | (#38645876)

agreed. but we are there aruldy or laws like sopa could never pass with only 15% public support. but the sad part is 90% of the usa still think we have not turned into a communism government.we lost control years ago. its just with all are jobs gone and the usd becoming useless are government is just in its death throws and grabbing all the power and money they can before there all out of power. weather it be a new party by votes or guns its coming.

Re:Tor, China and the USA (1, Insightful)

Anonymous Coward | more than 2 years ago | (#38646680)

you're a fucking moron. the united states of america is nothing close to communist. did you just type a bunch of shit and hope you look brilliant by chance? ...further evidence that most americans dont realize how good they have it, and that most stupid americans continue to misuse labeled like "communist" and "fascist"

these words have meaning beyond shock value when tossed around carelessly in conversation. words MEAN something. use the right words, or keep your stupid fucking ideas confined to your fat little american head.

Re:Tor, China and the USA (4, Insightful)

Anonymous Coward | more than 2 years ago | (#38647702)

You're right--the US is nothing close to communist. The US is however VERY close to or has already acheived fascism, which is properly defined by the inventor of the word as the merger of corporate and state interestes. We absolutely have that. Right now the only thing we're missing is the traditional single dictator, but I'm not all that certain that it's required in version 2.0.

It is kind of amusing to see people equate "socialism" with "communism" or use either of those terms in conjunction with fascism though--and it's even more amusing to watch people blame government for "stealing" things when, at best, it's been the enabler of the theft by large multinational bankers and corporations. It's everyone's vaunted "private industry" and "free enterprise" that are the thieves. They rig the game, or they outright steal, and they use part of their takings to enable a media campaign to get everyone to hate the one force that could possibly stop all that--proper (in the interests of the people) government regulation.

Were it not so tragic, it would be even more amusing to watch people complain about "big government" willingly step into the TSA's porno scanners, support indefinite detention of whoever doesn't look like them, and generally engage in their fawning behavior over the ever-militarized police forces who truly occupy our cities and our streets. It is "law enforcement", which is almost never used against the rich and corporate, that is the greatest threat to freedom, liberty, and especially life these days, and yet that's the one part of government these morons never seem to question. "Law enforcement" has tried and will continue to try to bring this and many other evils to the US, and that sort of thing must be stopped at all costs.

Re:Tor, China and the USA (0)

Anonymous Coward | more than 2 years ago | (#38648010)

THANK YOU.

Re:Tor, China and the USA (0)

Anonymous Coward | more than 2 years ago | (#38648202)

Well, the rhetoric of large parts of the republican party's candidates *is* fascistic in tendency. Although, things like the death penalty, an appallingly bad judicial system, a broken political system in Washington, Guantanamo bay, etc., all show that fascism is on the rise in the US. This are mere facts. Those who do not see it are morons, indeed.

Re:Tor, China and the USA (0)

Anonymous Coward | more than 2 years ago | (#38646362)

Why speculate the companies when really you have no idea. Please remember China has their own companies (including Huawei) which make networking equipment capable of such. Bashing Intel, Cisco, Nokia etc. on speculation makes you sound like a hippy.

Re:Tor, China and the USA (1)

Anonymous Coward | more than 2 years ago | (#38646884)

you have to understand though that tor in itself is not a longterm solution. Should the majority of users be in countries that have taken the path of USA or China, there would be no point left in using tor, which works on its user nodes.

Re:Tor, China and the USA (0)

Anonymous Coward | more than 2 years ago | (#38647896)

We are definitely there already. We were there in the 70's I believe. If not the 20's. We have drivers licenses, social security, and vehicular license plates. All things I think should be repealed.

Not that amazing... (0)

Anonymous Coward | more than 2 years ago | (#38645892)

Any stream processor / dsp / custom ASIC - even at moderate frequencies (hundreds of Mhz) can do simple pattern recognition on a real time signal in the order of tbps. Hell, low end (think shitty quadros, half height cards w/ passive cooling) consumer GPUs on consumer motherboards with no special interface (to overcome the PCI bus bottleneck) can do it in the order of tens of gbps.

If China controls all international IO, it wouldn't be too much of a feat for them to build some custom hardware to either filter, or report on traffic in real time as part of their network interfaces (though obviously it gets more complicated the lower level you do it at, and more expensive the higher level you do it at)

They wouldn't even need to do 100% of the traffic, statistical sampling of packets is going to catch the crap you don't want anyway (and with most websites and services having absurd amounts of protocol requests/second (especially HTTP) - it wouldn't run a huge risk of letting much undesired content through).

ssh tunnel on nonstandard port (2)

gatkinso (15975) | more than 2 years ago | (#38646102)

This seems a bit obvious... does anybody know how much luck folks have had with this method?

Re:ssh tunnel on nonstandard port (0)

Anonymous Coward | more than 2 years ago | (#38647084)

No, they don't check the port, they do Deep Packet Inspection (DPI).

Re:ssh tunnel on nonstandard port (5, Interesting)

peterindistantland (1487953) | more than 2 years ago | (#38647232)

This definitely work. I have no problem using SSH even on the standard port in China. Since ssh is encrypted, deep packet inspection is useless, unless they ban SSH altogether, which they don't.

If TOR is no longer of use in China .... (0)

Anonymous Coward | more than 2 years ago | (#38646200)

If TOR is no longer of use in China and other totalitarian states, does that mean its OK to use it for torrents?

this could be bad? (1)

Anonymous Coward | more than 2 years ago | (#38646524)

So if they can inspect in real time, is it possible that them letting the connection go for a few minutes means they are collecting the tor bridges data, and other data like exit points before they terminate?

The U.S. (0)

Anonymous Coward | more than 2 years ago | (#38646672)

will doing the same tin shortly once all the money, power, and graft gets SOPA passed. It will be the great MPAA Firewall! Then only the Chinese will be able to pirate movies :)

Wireless? (0)

Anonymous Coward | more than 2 years ago | (#38646990)

If this is how they're treating (presumably) wired connections, why not create a grounded satellite dish that bounces your connection to somewhere other than China -- especially useful if you're living near the border... Perhaps a sort of signal repeater? You can have your wireless through the other country -- paid, borrowed, whatever -- and meanwhile the signal repeater would ensure you're not going through any Chinese lines directly. Hell, I'd take an old satellite dish and implement it if I were living there. Not fond of the censorship at all...

Re:Wireless? (1)

Bert64 (520050) | more than 2 years ago | (#38648192)

The countries bordering china are generally not good choices for where you'd route your connectivity... Some of them even use china for connectivity themselves. And the border region with some countries is either very sparsely populated, or filled with mountains that would block your wifi signal.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...