×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Some Chinese Users Bypass The Great Firewall

timothy posted about a year ago | from the differentially-censored dept.

Censorship 58

CowboyRobot writes "The ACM has an article describing the history and present of the Great Firewall of China (GFW). 'Essentially, GFW is a government-controlled attacking system, launching attacks that interfere with legitimate communications and affecting many more victims than malicious actors. Using special techniques, it successfully blocks the majority of Chinese Internet users from accessing most of the Web sites or information that the government doesn't like. GFW is not perfect, however. Some Chinese technical professionals can bypass it with a variety of methods and/or tools. An arms race between censorship and circumvention has been going on for years, and GFW has caused collateral damage along the way.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

58 comments

So it's just like... (4, Interesting)

urusan (1755332) | about a year ago | (#42153551)

So it's just like the DRM arms race between content companies and technically capable pirates that has caused collateral damage (to legitimate users) along the way?

Weird.

Re:So it's just like... (0)

Anonymous Coward | about a year ago | (#42153565)

Or putting pressure on payment processors that deal with websites you don't like.

Re:So it's just like... (1, Insightful)

safehaven25 (2587445) | about a year ago | (#42153579)

i dont think sony ever killed people for bypassing drm though...

Re:So it's just like... (2)

aNonnyMouseCowered (2693969) | about a year ago | (#42153713)

"i dont think sony ever killed people for bypassing drm though..."

I don't think China has ever sentenced to death someone for merely bypassing the Firewall. Which isn't to say that dissidents aren't tortured or arrested on bogus charges, or that you can get jailed merely for repeating rumors about the health or wealth of certain Party officials. But you have to be doing some seriously disruptive activities in REAL life to get the capital punishment.

Re:So it's just like... (0)

Anonymous Coward | about a year ago | (#42154131)

"i dont think sony ever killed people for bypassing drm though..."

I don't think China has ever sentenced to death someone for merely bypassing the Firewall. Which isn't to say that dissidents aren't tortured or arrested on bogus charges, or that you can get jailed merely for repeating rumors about the health or wealth of certain Party officials. But you have to be doing some seriously disruptive activities in REAL life to get the capital punishment.

If a country is willing to arrest and/or torture based on violation, what in the hell makes you think you could ever prove beyond certainty that capital punishments aren't carried out.

People disappear. Or perhaps they die suddenly for inexplicable reasons. That kind of shit wouldn't exactly be difficult to hide in a billion-strong population.

As far as REAL disruptive activities, spewing negative rhetoric across the intertubes is about as REAL as it gets. The local government knows the audience it can and will reach, therefore I have little doubt there have been deaths.

Re:So it's just like... (3, Insightful)

poity (465672) | about a year ago | (#42154605)

This is true. If people were actually punished in the legal sense for accessing information blocked by the firewall there would be a ruckus. Not a huge one, but big enough that it keeps government from acting brashly. It's the sending of information, writing blogs on banned topics, weibo-ing controversial things, etc. that could get you in IRL trouble.

Re:So it's just like... (4, Informative)

wisnoskij (1206448) | about a year ago | (#42153773)

Well then you have never gotten caught or tried then.
Actually, I would say that the punishment in the US is far more severe for piracy than the Chinese punishment for censorship laws.
That said, its seems that using proxies to bypass the firewall just for normal every day activities is not even really considered illegal in and of itself. The general answer to the question of, "what is the risk/punishment" is there is none.

Re:So it's just like... (1)

Anonymous Coward | about a year ago | (#42158697)

how is it less severe? Over here you get a civil lawsuit, over there you get disappeared, imprisoned, or tortured for months on end. I find that hard to compare.

Re:So it's just like... (3, Funny)

K. S. Kyosuke (729550) | about a year ago | (#42157053)

i dont think sony ever killed people for bypassing drm though...

That doesn't conclusively demonstrate that they don't want to.

Re:So it's just like... (2)

poity (465672) | about a year ago | (#42154539)

Perhaps in function, but not in essence. DRM has alternatives, there is no alternative to truth. The consequences of you not being able to watch Batman on your laptop is personal in scale, the consequences of not being informed is societal in scale. And even though this may be unpopular on /., I take the stance that content creators have at least some rights over the distribution of their creations, whereas governments have absolutely no rights over the distribution of truth.

vpn (5, Informative)

Fackamato (913248) | about a year ago | (#42153563)

I was in China for 2 trips. used a US vpn both times, had no issues.

Re:vpn (5, Interesting)

Anonymous Coward | about a year ago | (#42153633)

It's probably easier if you are not a Chinese citizen and don't have to live with possible consequences.

Re:vpn (0)

Anonymous Coward | about a year ago | (#42157331)

Our China office does the same thing...uses the VPN connection to our development resources and routes traffic through that connection. They haven't seen any consequences.

Re:vpn (1)

unix_core (943019) | about a year ago | (#42166457)

Most of my local chinese language teachers do it to access facebook, my local classmates in the lab do it (to access japanese porn?). Nobody is afraid. I don't think the goverment really cares unless a significant portion of the population does it to discuss political issues. Actually a lot of educated people in china are quite aware of all the issues being reported in western media, it seems the government is mainly concerned about the masses. Hence for instance the chinese language BBC news website is blocked but the english version is completely available.

Re:vpn (4, Interesting)

Anonymous Coward | about a year ago | (#42153887)

A few months ago, I tried to help a Chinese national in a hotel in Spain connect to the hotel network. I think his laptop had some really odd network monitoring stack replacement software on it. I think he worked for a Chinese public university.

I work as a systems integrator and administrator for small businesses in the USA. After 20 minutes, I had to continue my vacation. I don't believe he ever got connected by wifi or directly wired ethernet.

Re:vpn (0)

Anonymous Coward | about a year ago | (#42157551)

I've been to China 3x in the past year or so. This is what I've learned.

1) That "free" wifi is the government. CCMC or something. They also jam your legit wifi, and then you drop to the CCMC one, they do statistical eavesdropping, then you drop back to your wifi. Its a PITA. What I had to do on my Mac was to lock down my wifi access and have it ask me for a password to change. I learned this from my iPhone working better over wifi than my laptop. I then noticed that my iPhone *never* connected to CCMC and my laptop did. Once I locked down my laptop, all was good!

2) The firewall is not that bad. It sucks not having google, but 1.3billion chinese don't have google, so they are OK with it. I am not, I'm used to it.

Sensationalist Summary (5, Interesting)

mellyra (2676159) | about a year ago | (#42153611)

Some Chinese technical professionals can bypass it with a variety of methods and/or tools.

I've met quite a few Chinese in online games and what they tell is that circumventing the firewall is as easy as using a proxy or VPN, is basically risk-free (to the end-user) and is really nothing special amongst their peer-group (age 15-30, educated, typically upper middle class). Every now and then their preferred proxy or VPN provider gets blocked and they have to look for a new one but that's a minor hassle and not a deal-breaker.

So the emphasis when reading the summary should definetely be on the variety of tools that are available to sidestep the firewall, not on the level of technical competence that is required to do so.

Re:Sensationalist Summary (2)

nurb432 (527695) | about a year ago | (#42154641)

I wouldnt say risk free, as if they get caught bypassing it woudlnt go well for them.

Somehow i dont think the officals will care or even ask what you were doing across the 'forbidden link', and just doing it is enough crime in itsself for them.

Re:Sensationalist Summary (0)

Anonymous Coward | about a year ago | (#42156589)

Unless they were doing something to really piss off the government, nothing bad will happen. They might get shaken down for a bribe, but as long as they're not trying to stir up dissent or be some kind of political activist, the government won't care.

Technical professionals? (5, Insightful)

Anonymous Coward | about a year ago | (#42153639)

I've been living in china for a year by now. And I'm rather sorprised by how easy is to bypass the firewall. It doesn't take technical knowledge of any kind. You simply have to use one of the great number of programs that allow you to do it and that most chinese people tend to share using usb.

The firewall is mostly an annoyance than anything else, since the programs that bypass it use proxys which slow your internet speed and make it so that you cannot use it for activities that require decent bandwith. Still if you are pacient enough, it's like it's not there.

Re:Technical professionals? (2)

BeTeK (2035870) | about a year ago | (#42154203)

Yup, I was in china in a conference few years back and bypassing the firewall to get to the facebook was as simple as ssh -D 1234 username@my.server.com. And then setting browser proxy setting correctly.

Millions of Chinese users bypass great firewall (0)

Anonymous Coward | about a year ago | (#42153665)

I keep in touch with some friends in China through Facebook, one of the sites the Chinese government doesn't like... And my friends are definitely not 'technical professionals'...

Recently attempts are made to block UDP VPNs (5, Informative)

sc0rpi0n (63816) | about a year ago | (#42153681)

I live in China and noticed that since a few weeks (starting before the congress) the quality of OpenVPN UDP connections deteriorated severely. Formerly traffic worked fine, but now a ping over OpenVPN has significantly higher packet loss and latency than a direct ping to the same host, while these used to be similar. The connection often drops for 5-10 minutes, after which it is reestablished. A tunnel over ssh now performs a lot better than an OpenVPN connection.

Note that I am using my own servers and non-default ports, not established VPN providers that are easier to block. This behavior occurs on different networks from different ISPs. Additionally, L2TP connections now fail most of the time, while they worked a few months ago.

Re:Recently attempts are made to block UDP VPNs (1)

Anonymous Coward | about a year ago | (#42153781)

Yep. I've been in China for 16 months, and the "Great Firewall" is more of the "Great Unicorn" (not to be confused with the one who used to own the lair recently found in North Korea).

When a foreigner gets a job here, the orientation consists of "Here's your desk. Here's your username and password. Here's where we keep the proxy program. There's tea in the breakroom; if you want coffee, you'll have to go to the cafe down the street--it's between the brothel and the lottery store."

Seriously.. the "technical expertise" required consists of "clicking on any of the bazillion 'get your VPN & proxy here!' ads that fill every Chinese website you visit".

The reason that most Chinese don't go to Facebook and Twitter is not because they can't, but because they *don't want to*.

Re:Recently attempts are made to block UDP VPNs (2, Funny)

Anonymous Coward | about a year ago | (#42153983)

What are you doing? I should report you to the authorities for violating the law.

People like you make me ashamed to be Chinese.

Re:Recently attempts are made to block UDP VPNs (0)

Anonymous Coward | about a year ago | (#42155713)

Exactly - it's legitimate and it's known many professionals use proxies. Encrypted L2TP is often blocked or throttled, but unencrypted PPTP is not. Often businesses out of Beijing have very high bandwidths which all trafic go through proxies, while personal users don't. Basically they just want to know what you're doing and if you're doing legitimate work and nothing wrong it's cool.

Re:Recently attempts are made to block UDP VPNs (1)

fufufang (2603203) | about a year ago | (#42158063)

I live in China and noticed that since a few weeks (starting before the congress) the quality of OpenVPN UDP connections deteriorated severely. Formerly traffic worked fine, but now a ping over OpenVPN has significantly higher packet loss and latency than a direct ping to the same host, while these used to be similar. The connection often drops for 5-10 minutes, after which it is reestablished. A tunnel over ssh now performs a lot better than an OpenVPN connection.

Note that I am using my own servers and non-default ports, not established VPN providers that are easier to block. This behavior occurs on different networks from different ISPs. Additionally, L2TP connections now fail most of the time, while they worked a few months ago.

I have a home server (an O2 Joggler running Ubuntu) in China, to enable my parents to go over the firewall. I basically configured my home server to connect to my VPS via OpenVPN. And UDP seems to have stopped working completely about a month ago. Then I switched to TCP 443. That stop working about 2 weeks ago. Now I switched to TCP 3389, and it works like a charm.

Ignore this story (2, Informative)

Anonymous Coward | about a year ago | (#42153691)

This story hurts China's tender heart and makes pandas cry. Stop being so mean.

What happens in China today (1)

Anonymous Coward | about a year ago | (#42153737)

Happens everywhere tomorrow

Re:What happens in China today (1)

Opportunist (166417) | about a year ago | (#42154255)

Tomorrow? It's already here, just better veiled.

Bluntly, the main difference between "capitalist" and "communist" (I use the terms loosely here and just to label things) repression is just that "we" have the better PR department.

Re:What happens in China today (0)

LVSlushdat (854194) | about a year ago | (#42154975)

Tomorrow? It's already here, just better veiled.

Bluntly, the main difference between "capitalist" and "communist" (I use the terms loosely here and just to label things) repression is just that "we" have the better PR department.

The word "authoritarian" pretty much sums up both China and the USA, soon to be USSA, now that Mr Soetero has secured at least another four years to accomplish his puppetmasters plans for America.. Watch China.. we'll be completely there in a short while...

Re:What happens in China today (1)

SteveFoerster (136027) | about a year ago | (#42155313)

Maybe, but the sock puppet on their right hand would have been no different.

Re:What happens in China today (2)

blade8086 (183911) | about a year ago | (#42155585)

Nono - of course not!

Clearly because :

Obamas middle name is 'hussain' and not 'Honkey Mc Wasp Cracker'

The obama presedency is:

A half baked conspiricy theory that doesn't make any sense, whereby his dead islamic but free-market liberal (aka 'liberal' not 'librul') step father secretly controls his president stepson Barrack to implement Chinese-style free-market authoritarian 'communism' despite the fact that the Chinese government is hostile at worst and ambivalent at best to any form of organized religion.

This theory is justified, because some doof on fox news has made some sort of bolony equation that the islamic 'caliphate' expressed in the koran in the mid 600's is really a form of subverted marxist communism which was invented in the mid 1800s to early 1900s,
and also because donald trump manages to say through 10 layers of facelift, botox, and hair bleach, that in fact *barak obamas* legitimate birth certificate is a fake, instead of his entire visage.

So obviously:

Electing a wishy washy, opinion changing ex-outsourcer-to-china who believes in *mormonism* for crying out loud, would have enabled a sea change of US opinion and therefore the end of the chineese empire, enabled the so-called 'liberation' of
the 'secular' state of Israel from the evil Islamic tear-wrists, thereby proving american exceptionalism, and the recreation
of the third temple which would magically bring forth the tribulation and end times, and the fulfillment of Gods promise to the Jews
that they would be the chosen people but somehow would automatically convert to Christianity upon this event and thankfully since I am a WASP would be raptured up to heaven with my pre-1985 class III weapons and I wouldn't have to ever look at someone who has dark skin or speaks spanish ever again because the unclean 'darkies' were not predestined by Zwingli and John Weslayan, the apostles of the true made up faith, to have a place in the hereafter halleluja!

Testify my Brothers! It is the Truth!

Re:What happens in China today (0)

Anonymous Coward | about a year ago | (#42158731)

then please move to china and enjoy their far superior hospitality. And please express your distrust of the government for full effect.

Nice Job (1)

Anonymous Coward | about a year ago | (#42153779)

Thanks for this post, Slashdot. Quality of this article is much higher than the too often linked informationweek, computerworld or wired stories. More articles like this one, please.

Not sure they are really trying (1)

homebrandcola (983781) | about a year ago | (#42153829)

Speaking to friends who work and live in China it really isn't that hard to get around the GFW. China are using it to keep the masses controlled and limit their access, but at the same time, leaving it easy enough to get around that the "elite" are still able to use the Internet to its full potential. Making it possible for large companies to compete globally.

How? More like a history lesson (1)

Stalks (802193) | about a year ago | (#42153847)

I RTFA, and was disappointed that it was more of a history lesson and "how the firewall works" with a small portion at the bottom which can be summed up to "encrypted proxy/vpn".

I was expecting some novel ideas of how to bypass the firewall.

I'd pay for this service! (0)

Anonymous Coward | about a year ago | (#42153923)

Only read the 1st paragraph, but I was sold with that alone. Blocking twitter, facebook, youtube, .... I would miss wikipedia, however.

It's only a speed bump (5, Interesting)

ebonum (830686) | about a year ago | (#42154035)

I live in China. I don't know anyone who has significant problems with the GFW. It is very easy to hop over. Personally, I use a paid for VPN. I used one for about 3 years without problems. It was finally shut down about a month ago, so I switched. Without a VPN, it is only mildly annoying. You can't get on Youtube and Google is very slow. Most things work normally. For instance, CNN works, but the video section does not.

Funny thing. If you are on the phone with someone and say "VPN", the call sometimes drops immediate. Works better in Chinese than English.

When you don't have a VPN, what is really annoying is are all the US sites that pop-up messages saying that their service is not available in your country. Grrr. Then sites like Microsoft keep bumping you back to their Chinese site and hiding "the show me the page in English" button. It is sad how the internet is getting to sensitive to location. The great thing about the internet was that you could be anywhere. Now companies want to figure out where you are based and serve you country specific content. If you have a Galaxy SIII that you bought in China, try going to the US app store. You can't. Even with a VPN or flying to the US, it will not work.

Re:It's only a speed bump (1)

Opportunist (166417) | about a year ago | (#42154269)

Well, there's a twofold reason for companies to track your location. One, because they had to cave in to some "requests" from various governments who don't like the idea that their subjects do what they want to do and not what they're told and allowed to do. And I'm not really talking about China and Iran here...

And second, of course, that they can charge a lot more depending on the country you're in. if you ever bought a legal DVD in south east asia, you'd wonder why people even bother pirating since the originals are cheaper than the copies are here. But free trade only applies if you're a corporation, don't even think about buying your next movie in Malaysia.

Re:It's only a speed bump (1)

Anonymous Coward | about a year ago | (#42154283)

If you have a Galaxy SIII that you bought in China, try going to the US app store. You can't. Even with a VPN or flying to the US, it will not work.

you need a non chinese sim. I carry a Hong Kong prepay sim to buy stuff from the app store. It has no credit, but if you're surfing by wifi you're fine.

--Ben

Re:It's only a speed bump (2, Interesting)

Anonymous Coward | about a year ago | (#42154285)

I think it is a crime to put geofences, a crime against the evolution of society. People have worked hard to make everything on the internet "one click away", and here come various countries (eg: China, Arab countries) and companies (eg: Hulu) that reject us based on location. Then links get posted on forums with international attendance and half the members can't see the content. It's a restriction of speech. This and the DVD zoning, another moron restriction that reduced sales worldwide.

Re:It's only a speed bump (1)

arielCo (995647) | about a year ago | (#42155601)

I wholeheartedly agree except for private businesses like Hulu refusing to serve you. It's their bandwidth and their infrastructure. Freedom of speech doesn't force private entities to provide the means for such communication, much less when one of the parties licensed entertainment programmes destined to certained audiences.

Re:It's only a speed bump (1)

cciRRus (889392) | about a year ago | (#42158547)

Funny thing. If you are on the phone with someone and say "VPN", the call sometimes drops immediate. Works better in Chinese than English.

Is this really true? Did you actually experience it? It sounds incredible.

What's Going on with Recent Distruptions (0)

Anonymous Coward | about a year ago | (#42154325)

You'll notice several threads here of people saying "I live in China, there's no problem, but oh, actually in the last few weeks even my VPN/proxy has been flakey".

Those who follow politics will know that since at least September some pretty serious politicol turmoil in China has been leaking to the public.
Every year when the Chinese National Congress meets at the beginning of October the GFW gets much more draconian, usually loosening up after a week or two. This year, however, it has just gotten worse. My older realative who's lived in China all his life says in the last few days they even started blocking regular hotmail messages, and cut off cable TV. In his interpretation, there's a really serious fight going on between the "we've made a ton of money, let's keep things the same" crowd and the "lets go back to Mao" crowd.

 

dns (1)

nihaopaul (782885) | about a year ago | (#42154583)

Most of the blocks are by DNS .. Using opendns alternative ports solves this or DNS over TCP

Re:dns (1)

fufufang (2603203) | about a year ago | (#42158091)

Most of the blocks are by DNS .. Using opendns alternative ports solves this or DNS over TCP

DNS over TCP solves it. In fact if you use Google DNS as the upstream resolver, and use TCP port 53, you will be okay. However it seems web services with local server in China all slow down, because Google DNS resolves the domain names to foreign IP addresses.

ACM does article posting right! (0)

Anonymous Coward | about a year ago | (#42154625)

No spammy adverts.
Clear references.
No popups.
PDF of the whole thing right at the top.
No, I don't want to e-mail, tweet or otherwise share this. I want the article available so I can cite it later in my meeting about doing business in China.

Blocking the World they Maliciously Attack. (0)

Anonymous Coward | about a year ago | (#42156497)

How convenient; Let's hide behind the world's largest firewall, keep our citizens and visitors under lockdown while we spy on them and simultaneously have the world's largest military hacker team penetrate and interfere with everything on the other side.
UN my butt; What's so united about this? China; Biting the hands that feed it since ____.
Seems to me that everyone should stop buying products made in China, and we'll see how that turns out for them.
Geesh!

have we turned into a bunch of pink pussies? (0)

Anonymous Coward | about a year ago | (#42157467)

Why are we giving these yellow fuckers the time of day? And then moan about it after the facts?
Let's take all our business to the brown fuckers of India. At least they have semi free speech like us.
Better yet, how about keeping the jobs right here at home. I'm sure some people would be interested in $2,000 iPhones.

Handing the control of Internet to the UN (2)

fufufang (2603203) | about a year ago | (#42158075)

I think this article shows why UN should not control the Internet. I much prefer US to control it. US is not perfect. However I would rather not let controls like China to meddle with the Internet.

How Some Chinese Users Bypass The Great Firewall (1)

thoughtlover (83833) | about a year ago | (#42158289)

How Some Chinese Users used to Bypass The Great Firewall

**millions of Chinese users grumble and wonder why their techniques don't work anymore.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...