
China's Great Cannon - acdha
https://citizenlab.org/2015/04/chinas-great-cannon/
======
wsxcde
> _We remain puzzled as to why the GC’s operator chose to first employ its
> capabilities in such a publicly visible fashion._

This is the most important question here. I think it's fair to assume this
must've been a deliberate choice by the Chinese authorities to conduct such a
visible attack. The alternative, that they didn't realize what they were
getting into, that they thought Github would cave quickly, seems much to
simplistic and naive. And whatever else you can say about the Chinese
government, you can't accuse them of being naive.

If you believe this was deliberate attack, it seems this is a parade
demonstrating electronic warfare abilities. The message being sent seems to
be, "don't mess with us, we can do everything you can do and possibly more."

~~~
bsder
> If you believe this was deliberate attack, it seems this is a parade
> demonstrating electronic warfare abilities.

Probably deliberate with a lot of incompetence mixed in.

Most politicians have zero understanding of the Internet. They decided to do
this as a demonstration of force and may not have consulted the people who
built the Great Cannon. Or, the people who built it don't have the clout to
say not to use it except for important reasons.

They also probably didn't realize that Github could eat the attack.

The problem with having done this is that, I suspect, that a lot of ISP's now
have null routes of China on standby along with bandwidth monitors that will
choke traffic spikes from China almost immediately.

So, it didn't actually succeed. And people have now analyzed the attack and
deployed coutermeasures.

Not a great result for China.

~~~
wsxcde
I don't think DDoS is a real offensive weapon in cyber-warfare. It's just a
noise-making attention-drawing machine.

What the paper calls targeted exploitation is the real weapon here. The main
thing I took away from this paper is that the Chinese government now has the
infrastructure to pwn anyone who visits websites hosted in China. This is
pretty scary and simultaneously an amazing engineering feat.

~~~
LiweiZ
Any advice for visitors of those websites hosted in China? As a Chinese, I am
always wondering if there is a way to avoid this. Many of us are aware of the
backdoors in the Chinese apps (across all the platforms). No matter how big
names they are, they have to comply with the order from the ruling ones (I
guess most of them cooperate with little guilty feeling). The best I can think
of is to have different devices for visiting/using Chinese apps/websites. To a
larger scale, I think average users have very limited resources to hide from
big organizations. What average Joe could do is a more general question I have
not figured out. Thanks in advance.

~~~
Buge
The ideal answer is to convince the sites you visit to use https.

~~~
alphapapa
If the Chinese government controls a single CA that's installed by default,
couldn't they MitM any TLS connection that isn't pinning certs?

Are there any Chinese CAs in any browsers' default installs? If so, they
should probably be removed immediately.

~~~
kijin
CNNIC is no longer trusted by Chrome due to recent incidents, and you can
manually remove it from Firefox and IE. While you're at it, take a few minutes
to browse the list and also remove anything that sounds Chinese.

If any website you visit legitimately uses a Chinese SSL certificate, you can
whitelist it specifically. I actually do this for SSL certificates signed by
my own country's CA (not China), and it works wonderfully.

------
ddlatham
I mentioned this as a reply in the other thread on this topic, but just to
make sure it is clear to those who may not have read or reasoned about the
full report:

The reason it is powerful is not this particular attack. It's a demonstration
that they are willing and able to inject malicious responses to any request
going to a Chinese resource (web site, analytics service, ads, etc.). Imagine
if instead of returning some DoS javascript they deliver a payload to silently
exploit a vulnerability in your browser/OS (and they are surely capable of
finding or purchasing those) to do whatever they want with it:

\- Add it to a botnet

\- Steal your personal data

\- Infiltrate your corporate network

\- Wipe your system (punishment for those accessing or producing GFW
circumvention software)

Are you confident your browser never makes HTTP requests to Chinese servers?
Are there tools we can install to prevent it?

[EDIT: It looks like two separate HN stories got merged, and the comments
along with them. Didn't know that could happen, but this comment now appears
twice here at different places.]

~~~
pdkl95
> Imagine if instead of returning some DoS javascript they deliver a payload
> to silently exploit a vulnerability

It would be foolish to imagine that this is still theoretical. Tools this
powerful are tempting to use. Unfortunately, the first _publicly known_ use of
a tool or method is often assumed to be the use in general.

Not only are you correct in that the GFW will be used for much smaller attacks
that will probably go unnoticed, it almost certainly already has.

------
jonawesomegreen
I hope that this drives home the need to be using HTTPS _everywhere_ we can
be. It would make this kind of wide scale man-in-the-middle attack much harder
to pull off and easier for users to detect. If only getting a certificate was
an easier (less costly) process.

~~~
leereeves
When considering the effectiveness of HTTPS everywhere, we should assume the
Chinese government will have the ability to create valid certificates.

This would allow them to perform MITM attacks against anyone who visits
Chinese websites, even with HTTPS.

~~~
kpcyrd
They need to sign those certs with a CA. If they do this, they create a
cryptographic proof that they're abusing their trust and are removed from the
trust store quickly.

~~~
leereeves
In fact that happened about a week ago:

[http://arstechnica.com/security/2015/04/google-chrome-
will-b...](http://arstechnica.com/security/2015/04/google-chrome-will-banish-
chinese-certificate-authority-for-breach-of-trust/)

But if China chose to, they could simply require all Chinese websites to use
government-issue certificates, forcing the world to choose between allowing
Chinese MITM monitoring and losing access to China.

~~~
acdha
> But if China chose to, they could simply require all Chinese websites to use
> government-issue certificates, forcing the world to choose between allowing
> Chinese MITM monitoring and losing access to China.

The more likely outcome of that gambit would just be that the CA would be
restricted to .cn domains, possibly with some sort of install-on-demand
warning.

~~~
leereeves
> The more likely outcome of that gambit would just be that the CA would be
> restricted to .cn domains, possibly with some sort of install-on-demand
> warning.

A reasonable compromise, but one which wouldn't prevent MITM snooping or
alteration of communications with Chinese websites, like this attack.

And to allow snooping of outgoing communications, the Chinese could also
require that all browsers used in China trust the Chinese government CA
without that restriction.

~~~
acdha
Agreed, although it technically would have helped against attacks like the
ones we just saw where most of the parties involved – including Baidu – are
using .com domains. No question, of course, that this would only result in
heavy pressure on everyone doing business in China to use .cn domains.

------
EthanHeilman
If China is responsible for this, it shows extreme recklessness on their part,
a deep disrespect for the rule of law and the customs of the internet. The
people in the chain of command responsible for this should be held criminally
liable.

The lack of sophistication, ineffectiveness, and bluntness of the attack
speaks toward a fundamental capability gap between China and the other
"cyberpowers".

~~~
xnull6guest
There is no rule of law of customs of the internet, however. That's been the
big push for the last decade within the US: to develop an international norms
framework for the internet. The problem is that many of the activities being
performed by China, Russia, France, Germany, the UK, Israel, Canada, the US,
etc are being performed by others - it's difficult for us to condemn China
without equally condemning the others. (Those wanting to argue a straw man
will suggest that the technical details of this attack are somehow above and
beyond the pale of what other nations are known to do and make their argument
about js injection.)

It's true that China is much more crass and less developed in their cyber
capability. It isn't that much less effective however.

~~~
rwallace
And that is one of the reasons it would be a good idea for the US and other
Western countries to dial down some of their more aggressive actions: those
actions set precedence that encourage other countries like China to match the
escalation.

~~~
cpncrunch
There does seem to be a difference, though. The US monitors communications,
adds backdoors to infrastructure to monitor communications, and injects
malware into Iranian nuclear reactors that could be used to make weapons.

China, on the other hand, deliberately attacks anyone who criticises their
government. In the US you are perfectly free to say the government are a bunch
of fuckwits who should be kicked out of office, if that is your opinion.

I'm not necessarily saying that what the US does is legal or morally
acceptable, just that it is more morally acceptable than what China does. It's
like the difference between a private investigator illegally breaking into
someone's house to gather information, and a gangster going in and shooting
everyone.

~~~
rwallace
I'm not even taking a position on whether action A is more morally acceptable
than action B. I'm just saying, maybe so, but at the end of the day, not only
are they both ethically dodgy but A creates an environment that encourages B,
so that in itself is reason to think A should be dialed back a few notches.

------
jgrahamc
State level injection is not new. Prior to the Tunisian revolution this was
happening on HTTP Facebook pages: [http://blog.jgc.org/2011/01/code-injected-
to-steal-passwords...](http://blog.jgc.org/2011/01/code-injected-to-steal-
passwords-in.html)

HTTPS everything.

~~~
acdha
I think the big difference here is that it's being used to launch attacks
outside of the country. For too many years, the assumption was that these
large scale attacks either didn't happen or were only limited to people
already subject to a particular government.

> HTTPS everything

… and with HSTS, too

------
jacquesm
If this was meant as a demonstration of power it failed miserably. A nation
state attacking a single corporation, and not even a very large one at that
and all they managed to achieve was being blackholed in various spots and
seeing their attack being consumed. Minor nuisance at best, and very much
losing face, both in terms of goodwill and in terms of power.

If this was officially sanctioned heads will likely roll.

~~~
AaronFriel
On the contrary, it sounds like this was just an initial test. It crippled
GitHub for days, called into question the reliability of the service, and took
a team of people to trace down the attack.

And if this paper's allegations are accurate, China's government did this
while only targeting less than 2% of the people who pulled down only a very
small subset of scripts that will only exist on a small subset of pages.
Imagine what would have happened if the Great Cannon were to inject this
script into the <head> of every page?

~~~
jacquesm
What will happen is simple: China will find itself in an internet black-hole.

~~~
AaronFriel
The problem is that from GitHub's perspective, or that of GitHub's ISP, this
would do little to avert the attack. That's because the "attackers" in this
case appear to be users outside of China's great firewall who have accessed a
service inside of China.

Consequently, it is primarily Chinese-speaking users worldwide and web
services that provide Chinese language services (and would be likely to use
Baidu's or another Chinese service's scripts) that end up looking like the
attackers. In this case, it appears most of the requests came from Taiwan,
Hong Kong, and the US.

China could of course filter this further. With only 1.75% of requests being
turned into DDOS attacks, they could throttle this up to ~100% and filter the
IPs they target to, say, only US IP addresses. Now the attackers appear to be
regular US citizens.

What will you do then? Black-hole the US? Beg consumer ISPs to black-hole
China?

------
borgia
It is and it isn't powerful. I was pretty impressed by _how_ they attacked
GitHub (not _why_ ) and in doing so they showed the power of the tool.

However, the requests it made could have easily been turned back against
Chinese business if Github so wanted. It couldn't be done because there was no
reasonable _who_ to turn the traffic back against. If non-Chinese companies
simply said "If China uses these tools we will redirect the traffic at a
number of large Chinese businesses" then a lot of the power in the tool is
immediately withdrawn.

At least that's my interpretation of it.

~~~
fweespeech
Yeah, if GitHub had used a 301 Moved Permanently to some Chinese website I
think it would have been interesting [rather than responding with the alert
message]....however that probably would be deemed "attacking" someone.

~~~
samiam1
It would've been interesting if they had made the 301 point back to Baidu.

~~~
Sanddancer
While fun, it almost certainly would have resulted in China moving to the Syn
flood stage faster. That being said, I'm always a fan of the classics, and
would have probably gone for a redirect to goatse or the like. Given that the
script was giving github full control of the page, a bit of shock and awe
would have been rather fun.

------
lovemenot
A bit far-fetched perhaps, but could it be that this attack on Github's front-
end was a mere feint for a separate attack on their back-end?

If there's a repo hosted there that someone in China wanted to modify, perhaps
they would use DOS as cover for a surreptitious maneuver which might otherwise
get noticed.

This is likely just showing my ignorance of Git, but could an attacker having
sufficient compute resources to arrange a Git hash collision and having back-
end access to Github, modify sources without it being noticed by the repo
owner?

~~~
JoachimS
This is actually a very good and interesting question. It would be good if
Github started to at least show signed commits and on a per repo level block
non-signed commits.

And Git should migrate to something better than SHA1.

------
mike-cardwell
Pretty much any country _could_ perform this attack. The interesting thing
about this, is that China thinks it can get away with openly attacking foreign
companies. And it might even be right about that.

Anyone remember what happened when North Korea attacked Sony? Where are the
sanctions this time?

~~~
cinskiy
AFAICR there is still no evidence that North Korea attacked Sony, but
everybody seems to think they did.

~~~
xnull6guest
There's tons of evidence that NK attacked SONY and the reason they did it was
revealed when the Guardians of Peace leaked the Lynton emails.

------
rayalez
Another weird thing about the whole situation, besides the reasons for the
attack and reasons for it failing, there's a question - why github?

Seems like a weird choice for a target. Github is neutral, and githib is
unambiguously good. Aren't there better targets attacking which would have at
least a semi-plausible excuse?

I mean attacking github is like screaming "I'm evil".

Besides if you want to "demonstrate your power", github is the worst choice
for that purpose. They are likely to successfully fend off the attack, yet at
the same time even if China would succeed it wouldn't have much to be proud of
either(country vs a small company). It's a lose-lose....

~~~
cpncrunch
The reason they attacked github is because github was hosting greatfire and
cn-nytimes.

------
classicsnoot
People talk of boycotting china's products, but has there ever been a real
discussion about refusing to sell products in China? With the growing desire
for western/external goods, cutting off the Chinese people's access to
our[sic] trinkets and stuff might put real pressure on the State to back off
on censorship and HRVs to forestall any popular movement...

~~~
maverick2
Exactly, if we can root people to become vegan, oragnic and not by fur etc.
Why not have campaigns to not support products made by countries with
oppressive governments.

~~~
borgia
>Why not have campaigns to not support products made by countries with
oppressive governments.

Nobody cares. It's _over there_ , it's not something we need to worry about.

It's not like the working conditions of those making our clothes, those making
our smartphones, those pulling the materials for our electronics from the
earth, etc. aren't unknown. They're very well known. We know damn well that
there's children sewing together our shoes. We know that the people making our
smart technology products are so miserable that their offices have anti-
suicide nets in place around the building and throughout the stairwells.

We know this stuff and we don't care. We want our products and we want them as
cheap as possible. The shareholders in these companies want the company to
perform as best as they can to maximize returns, that means acting nefariously
in many cases and we all know that.

People do not are and they will not care. If you gave people the choice, to be
made anonymously and that nobody would ever know their choice, between paying
multiple times what they pay for their technology or abolishing child labour
and horrible working conditions they would choose the cheaper option. Or maybe
not, maybe they would choose abolishing these things in an effort to delude
themselves and make themselves feel better, but when it comes time to purchase
a product they will still go for the cheaper one manufactured in horrible
conditions.

People simply do not care so long as it is not them feeling the affects.
That's the same damned reason nothing is being done about the NSA revelations,
or the corporate corruption of the US government, or the torture allegations
about the CIA and the list goes on.

~~~
classicsnoot
_people do not care and they will not care_ you may be right, but you are
painting with an immensely broad brush. you care. i care. i bet many care.
does that mean anything? time will tell. _...nothing is being done about NSA,
Gubniment corruption, torture allegations, etc_ Jeez. What did you expect, a
revolution? This country of mine [ours?] was built to do things slowly. The
original idea was to make it hard for the central government to do things
quickly, thereby weakening its power. It may have worked for a while, but it
also severely handicapped anyone in the government to stand up to banking and
commercial interests [there are some in the government, past and present, who
legitimately care about people and earnestly try to do the right thing].
things take time. understand, i have said, verbatim, everything you stated
more than once in many different situations. i agree, but i guess seeing it in
writing from another person rustled some optimistic feathers i had not known i
had. a personal story, so take it with a grain of salt: someone i know, very
personally, works for no such agency. at the time of the Snowden Revelations,
_they_ were obviously mum. to date, _they_ have said nothing about it, but i
have watched the bags under the eyes deepen, the gray hairs multiply, the
demeanor sag. Does this mean anything to anyone, does it mean there is hope?
who knows such things. i encourage you to consider two things: 1) wedding
bands serve the very important function of reminding a person what they
already know; the effort is the point. the building is the amalgam of the
bricks put into it. 2) no one changes their mind during an argument; it is
only after silent and solitary consideration that a person's mind changes.

------
moe
I don't like the underlying assumption in all these articles that the Chinese
government was behind the attacks, as if we had proof for anything.

Apart from the rather blurry technical analysis this particular article
claims:

 _In recent public statements, China has deflected questions regarding whether
they are behind the attack_

But when you follow the actual citation[1] it refers to this rather
underwhelming exchange, taken place on a chinese press conference:

    
    
      QUESTION: [..] a report says that a US website was under
                hacker attack, and the source of the attack was from China.
                How do you respond?
    
      ANSWER: [..] it is quite odd that every time a website in
              the US or any other country is under attack, there
              will be speculation that Chinese hackers are behind it.
              I'd like to remind you that China is one of the
              major victims of cyber attacks. [..]
    

So the chinese press lady gave her standard boilerplate response, to a less
than specific inquiry (which she probably hears on _every_ press conference),
in between handling questions about illegal fishing in Somali waters and the
Arab League Summit's commitment to a joint Arab military force.

And this is now "compelling evidence" for China being officially behind the
Github attack?

[1]
[http://www.fmprc.gov.cn/mfa_eng/xwfw_665399/s2510_665401/251...](http://www.fmprc.gov.cn/mfa_eng/xwfw_665399/s2510_665401/2511_665403/t1250354.shtml)

~~~
NelsonMinar
Your comment is thoughtful so I'll reply in kind. Is there any other plausible
actor who could be carrying on this attack for so long? And is motivated to
attack GreatFire? The Chinese government controls their Internet connection to
the world with a firm hand. Who else could it be?

I agree that more technical evidence of the attack's source would be welcome.
But the analysis published here is pretty convincing. Specifically "the GC
acted on traffic between hop 17 and hop 18, the same link we observed as
responsible for the GFW". There's pcap files if you want to verify for
yourself.

~~~
moe
_Is there any other plausible actor who could be carrying on this attack for
so long?_

For me the more interesting question remains: Why would _China_ be carrying
out this attack? I have yet to hear a plausible motive.

Other plausible actors would be the people who have an interest in creating
the perception of a "cyber threat", in order to implement more "protections".

Protections like an Executive Order[1] "to target those attempting cyber
attacks on US assets and infrastructure".

After all, with both China _and_ Russia[2] attacking us, who would argue
against the urgent need for such measures?

And yet, technically either China _or_ the NSA (via their control over Tier1
carriers) could be responsible for this attack. Perhaps it _really_ was China.
But considering we're talking about state-level secret agencies in any case
it's a bit sad how reluctant many HNers seem to be to even consider any
scenario other than the mainstream narrative.

[1] [http://www.nationaljournal.com/tech/obama-declares-cyber-
att...](http://www.nationaljournal.com/tech/obama-declares-cyber-attacks-a-
national-emergency-20150401)

[2] [http://www.dailymail.co.uk/news/article-3029768/Russian-
hack...](http://www.dailymail.co.uk/news/article-3029768/Russian-hackers-
blamed-cyber-attack-exposed-president-s-private-schedule-Obama-aide-insists-
White-House-computer-secure.html)

~~~
imron
> Why would China be carrying out this attack? I have yet to hear a plausible
> motive.

Exactly this. Not to mention the hundreds (if not thousands) of sites the
government is more likely to target, that are far less known than GitHub and
that they could take off-line indefinitely, with little or no outrage from
anyone in the West.

------
ck2
They did this because they have nothing to lose and can show off their
technical prowess.

What exactly is the world going to do - sanction them and stop buying nearly
everything from their factories?

I fear the US is going to seriously regret building up China with all our
economic business instead of building up all of Central and South America.

------
ddoolin
Why would China only swap scripts for users OUTSIDE China? And why only 1.75%
of the time? If they're willing to do this level of `cyber warfare`, why stop
at it's own citizenry, or cap it at a number like that?

~~~
acdha
In this case, the goal was to attack GitHub. If you only use clients in one
country, the target would have the option of simply having their edge routers
drop traffic from the entire country. Using international clients removes that
option and likely makes the attack more successful because it generates more
traffic closer to the target.

------
vondur
I wonder how hard it would be to take down the Great Firewall? I'd imagine
that may cause some consternation within the ruling party.

------
cooleng
Is there an addon/extension for firefox/chrome that can block all the website
from China?

------
hacktavist
Crazy my friend Bill worked on this he's the one mention in the article

------
eyeareque
Is it too late for http2 to require encryption by default?

~~~
amaranth
According to
[http://en.wikipedia.org/wiki/HTTP/2#Encryption](http://en.wikipedia.org/wiki/HTTP/2#Encryption)
and the browser support section this is already the case, at least for
server<->browser communication. If unencrypted HTTP/2 gets any use at all it
will only be for server<->server communication (RPC and such).

------
bkmrkr
Is citizenlab down for anyone else?

------
fown9
China has an authoritarian government that produces pollution that threatens
the entire world, ignores human rights and free speech, and supports dictators
in Russia and Africa. If China gets anymore powerful, the world is doomed. We
need to curb commerce with China.

~~~
Lorento
Replace China with USA and see how it looks.

~~~
wmt
Much further from the reality. The US has huge flaws and gaping failures with
these matters, but still compared to China it is objectively way less
authoritan, and has a much better track record with respecting free speech and
human rights.

~~~
leereeves
> The US...has a much better track record with respecting free speech and
> human rights.

The rights of US citizens, yes, but our track record on human rights and free
speech worldwide is not so good.

~~~
maverick2
But when China is at par with what US has been, China's record of human rights
and free speech worldwide will be much worse than that of US.

------
sarciszewski
The Great Cannon is basically a proprietary WebLOIC, which of course means
Web-based Low Orbit Ion Cannon. You may have heard of LOIC; a DDoS tool being
used by script kiddies and activists for the past 4 or so years.

"Powerful New Weapon"? Pure clickbait.

Playing catch-up with Anonymous is neither new nor powerful.

~~~
TorKlingberg
The new part is MitM:ing a popular site to use unsuspecting peoples computers
in the attack.

~~~
sarciszewski
Watering hole attacks and MitM aren't really new either. I know people who
used hacked sites to drop slowloris.js payloads to coordinate "Anonymous-
related" attacks. (Not really Anonymous related; quotes are sarcasm.)

~~~
fweespeech
Yeah, the only new part is the scale it operates on since it can MitM any site
in an entire country and use legal means to guarantee its access.

~~~
sarciszewski
Yep. Using legal means to maintain a privileged position to do malicious
things to the rest of the Internet is an innovation that few can enact.

------
newuser88273
To play devil's advocate: If you had the choice between identifying all
domestic users of GFW circumvention tools, rounding them up, and shooting
them, or attacking some of the foreign devil peddlers of such tools, which is
the more humanitarian and mild measure?

Edit: I'll try to make this a little clearer. Consider that many of the most
free and civilized countries you know will identify, round up and harshly
punish consumers of child pornography. Imagine a China (or another state of
your choice) that sets its mind to providing the deprived and opressed western
masses with as much child pornography as they can download. Is the West's only
admissible choice to dutifully round up and punish its own citizens? Is it
clearer now?

~~~
joncp
So you're comparing access to child pornography with access to news?

~~~
newuser88273
You were supposed to compare --- not the forbidden things AS SUCH, but (a) the
abstract fact that they're illegal, composed with (b) SANE ways your OWN
country can react to the fact of a NON-FRIENDLY FOREIGN power engages in
ENABLING, ENCOURAGING and ENTICING your own citizens to breach same law.

To give yet another example: At some point in time, exporting an 128 bit
symmetrical block cypher from the US may have been grounds for punishing you,
the perp.

Let's counterfactually assume that China was successfully propagandizing tens
of thousands of US citizens about both the ridicoulousness and the anti-
freedomness of this law. Assume that thusly propagandized US citizens resisted
and breached the law.

Again: Would you prefer that the US, assumed to be quite aware of the Chinese
efforts, would have identified, rounded up and harshly punished US citizens
having exported "munitions" in the form of 128 bit symmetrical block cyphers
after having been successfully turned against perfectly patriotic (even if
misguided) US policy by non-friendly Chinese propaganda, while completely not
doing ANYTHING to stop that propaganda, even though PROVEN to put US CITIZENS
IN JAIL??

------
xiaq
An irrelevant rant, but the map of China looks really, really ugly without the
two southern islands, Hainan and Taiwan. It looks like a rooster without legs.

At the very least, include Hainan, over which China's sovereign rights are in
no way disputed. And for aesthetics and political honesty, show Taiwan in
grey.

~~~
pjc50
Taiwan is a separate country and has been for many years. Both the assertions
of the PRC over Taiwan and ROC over the mainland are ridiculous.

------
jmnicolas
For a long time I wondered why China was using censorship against outside
information. I thought it was inefficient and probably useless, what they had
to fear ?

Then I discovered that "color revolutions" were not happening by chance and
that it was a CIA "technology" to remove an unwanted leader from a target
country.

Now I understand why they use censorship. I still think they'd better educate
their people (like the Russians seem to do) though. Whatever wall you build
there will always be cracks.

~~~
Devid2014
Russian TV is a great example of propaganda. Truths viewed from special angle
plus subtle lies... The problem is that a lot of people still believe in
everything that the see in the TV :(

~~~
tormeh
Now just make the lies obvious and you have Fox News! Fascinating how a
privately owned channel can be indistinguishable from propaganda in all
respects except supporting its government. If the US annexed Crimea under a
republican president, you can bet Fox would try to whitewash it.

