
VPN crackdown ‘unthinkable’ trial by firewall for China’s research world - Sami_Lehtinen
http://www.scmp.com/news/china/policies-politics/article/2103793/vpn-crackdown-unthinkable-trial-firewall-chinas
======
yogenpro
Another bad thing about GFW is that Chinese government can export the
filtering infrastructure to other countries who also favor the idea of
"cyberspace sovereignty". They might have been doing this already.

Also, VPNs are mostly used by academic institutions and corporations. Common
netizens often use "Shadowsocks", a protocol that focuses on obfuscation
rather than encryption, to make it more difficult for the Wall to recognize
its pattern, hence more unlikely to be filtered. It has been working perfectly
for 5+ years until recently some people were saying that their Shadowsocks
traffic got recognized by the police, then ISP suspended their Internet, they
had to visit the police station to sign a commitment of "never use
unauthorized means to access Internet" to resume their Internet connection.

This could be "fake news" but still worrisome because if GFW will whitelist
only registered VPN servers, and now that Shadowsocks is down, there will be
no alternatives.

That said, this is only a concern of probably less than 1% of people. The
others either don't know the existence of the Wall, or don't care about the
world outside the Wall. In that sense, GFW is already a success.

~~~
subliminalpanda
From this link it looks like Russia is a customer already. [0]

[0] [https://www.theguardian.com/world/2016/nov/29/putin-china-
in...](https://www.theguardian.com/world/2016/nov/29/putin-china-internet-
great-firewall-russia-cybersecurity-pact)

------
orblivion
I've tended to think that determined people can get full Internet access in
China because people can get around the firewall, and the Chinese government
wouldn't want the economic hit associated with blocking the Internet
altogether.

Lately, though, it sounds like the government is making gains on the technical
workarounds. So, maybe the most effective sort of activism right now would be
to produce something that the Chinese government wants to exist, which can't
exist without VPN traffic.

~~~
itcrowd
Hypothetically, if you start a VPN business with a large pool of random ipv6
addresses and assign each customer one of those, could that be a start as a
work-around?

~~~
milankragujevic
No as they do DPI and protocol detection so they would shut down your users
pretty quickly. There was more about this on 32C3, I think this is the correct
link:
[https://media.ccc.de/v/32c3-7196-how_the_great_firewall_disc...](https://media.ccc.de/v/32c3-7196-how_the_great_firewall_discovers_hidden_circumvention_servers)

~~~
itcrowd
Sorry for not watching your video. Could you give a ELI5 explanation of why
some vpns still work now if they have this tech?

~~~
synchronise
What about data stenography? I've heard of people using DNS packets to
transmit HTTP data.

~~~
munin
Imagine tracking a "raw data sent vs raw data received" for every host your
network talks to. What _should_ DNS look like?

Now imagine tunneling all your network traffic over that DNS server,
independent of how you encode it, you still need to send the bits to and fro.

How does that change the sent/received profile?

------
pmontra
While I was reading the article I thought that this kind of issues don't apply
only to China. If people focus on workarounds instead of addressing problems
they get burned when the workarounds don't work anymore.

~~~
seanmcdirmid
Yes. It's a kind of technical debt. If you are offered a job in china, you
can't just assume that you'll be able to work around all the gfw problems;
even your work might be forced to give up their unfiltered connection
eventually.

Any other place that has similar restrictions must be treated the same.

~~~
MachinShinn-
I live part of the year in a country that regularly filters the internet. I've
had no issue so far using VPNs, but I prefer to tunnel directly through the
PCs I have running 24/7 in my US office. Would tunneling work in China or does
the Great Firewall prevent that too? I'm curious because there may come a day
when I need better workarounds myself.

~~~
comex
It’s pretty sophisticated at detecting tunnels, but presumably still possible
to evade. This post was on HN recently:

[http://blog.zorinaq.com/my-experience-with-the-great-
firewal...](http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-
china/)

------
camdenlock
> "Universities – which fall under the control of Communist Party committees –
> have repeatedly been told to maintain purity in their socialist ideology,
> including steering clear of teaching topics such as press freedom and civil
> rights."

This isn't new or anything, but every time I read about it, I find myself
really angry. The behavior of the Chinese communist party is shockingly,
disgustingly immoral.

Blocking information because it might undermine the grip your ideological
brainwashing has on a population. It really is a sort of fundamental evil, a
primary stain on the history of the human species.

I have some anecdotal stories from friends in China. It's actually quite a bit
worse for the average academic than we think. The pressure to include
communist party propaganda in one's research is incredibly strong – and in
some cases mandatory (e.g. if you want funding).

~~~
PeterisP
That reminds me of academia in USSR, where all students, no matter what they
were studying, had mandatory subjects like scientific communism and marxism-
leninism; and your thesis, no matter if it's about literature, agronomy,
astronomy or math had better describe its relevance for the proletariat and
communism if it's to be defended.

Some of these preambles (can't link because that all is pre-internet) are
quite funny from the modern context (especially those linking abstract
sciences e.g. math to the party propaganda), but were treated as quite serious
back then.

~~~
yorwba
Marxism is still a mandatory subject in China. In one instance the exam date
for a course I was taking as an exchange student had to be changed because
some of the PhD students might have missed their examination on Marxism
otherwise.

~~~
zhemao
I really wonder how contemporary Chinese students square the information from
their Marxism class with what Chinese society is like today. Does the Marxism
class teach real Marxism or "Marxism with Chinese characteristics"? Granted,
it's doubtful most students pay much attention to it anyway, since they just
need to memorize the info and regurgitate it on the exam.

------
cpncrunch
In some ways it might be good if they do manage to block VPNs. At least then
people won't have any option other than to put real pressure on the government
to give up their ridiculous censorship.

~~~
zzzcpan
It's the other way around, censorship makes it harder to pressure governments.

~~~
cpncrunch
That's not what I'm saying...

The censorship is already there, and the government is hard to pressure. What
I'm saying is that blocking VPNs will make more people put pressure on the
government. Right now there is very little pressure, so they can get away with
it. Can they get away with it if a large percentage of highly educated and
well connected people are very strongly opposed to it and can't do their jobs
properly?

~~~
OnlineCourage
> Can they get away with it if a large percentage of highly educated and well
> connected people are very strongly opposed to it and can't do their jobs
> properly?

Well, Mao certainly could during the cultural revolution.

~~~
mikeash
Not repeating the cultural revolution is one of the top priorities of the
Chinese government now.

------
AlexCoventry
It's very likely this will all lighten up after the National Congress in the
Fall.

[https://en.wikipedia.org/wiki/19th_National_Congress_of_the_...](https://en.wikipedia.org/wiki/19th_National_Congress_of_the_Communist_Party_of_China)

~~~
PhasmaFelis
How so? I don't know the people or forces involved.

~~~
Hasknewbie
Authoritarian-in-chief Xi Jinping will be reelected for a second term during
the Congress. Since various factions within the CCP are at war (with Xi having
initiated very public takedowns that crossed a few lines), they don't want the
slightest chance of a hint of uncontrolled rumors, and all media will be under
increased lockdown.

Unlike GP I'm not sure the situation will improve all that much post-Congress,
though.

~~~
PhasmaFelis
Yeah, that doesn't sound promising at all. The guy who instituted this
bullshit to cement his power will remain in power, but maybe he'll loosen up?
That doesn't sound like any authoritarian ever.

~~~
vidarh
The point is that any kind of attempt at weakening his grip on power is more
likely to come before the congress. Assuming he comes out of the congress with
his people in all key positions, he has very little to fear afterwards.

It's very possible he won't lighten up on the control, but it's also very
possible that the political cost of people being annoyed at the increased
blocks makes it expedient to ease up on it once there's no compelling
political reason to keep it this tight.

It may not sound like any authoritarian ever, but adapting the level of
oppression to what is politically expedient has been common practice for
Chinese authorities for decades.

------
em3rgent0rdr
I was curious how SCMP is able to publish an article critical of government
policy. Does anyone know the specifics of what is publishable and what isn't?
I thought maybe the SCMP might have been out of Beijing's jurisdiction, but it
is owned by Alibaba, so I would think it would be under the same scrutiny as
any other Chinese news publication.

~~~
arjo1
I lived in China for many years. Honestly, the government is very clever about
how they censor. They don't do things so obviously and they allow a little bit
of criticism. there is no hard and fast law as to how they censor. While I
lived their they were constantly hopping between VPNs. Some of their
censorship is political, some is a also protectionist. Had China not blocked
google, Baidu would probably have been dead by now.

To start with this article is published in English. They know that 99% of
their population will not be able to read it so its no big deal. I have seen
articles in Shanghai daily which give minor criticism to the government. But
overall they always try to project a good sentiment about the country.
Furthermore often what is published in English print written by Chinese is not
the same as what is written in Chinese print. Language is ultimately their
greatest tool for censorship.

Also, 90% of the population remains unaffected by their blockages since they
can't understand what the rest of the internet is saying. If you were to try
to access youku (Chinese website akin to youtube) within china you would find
that the streaming speeds put youtube to shame. So for the average person why
would they be interested in youtube?

As long as the government provides people with basic infrastructure and safety
people are willing to put up with some amount of censorship.

~~~
em3rgent0rdr
That is interesting. Yeah it can be a wise move to allow limited criticism,
since (1) I think they realize some criticism can be beneficial to fix faults
of the government, and (2) it helps provide the appearance that the people are
in control of the government. There is also strategic ambiguity in not having
to obey a "hard and fast law as to how they censor", since the government can
censor in what it deems the most pragmatic manner.

"They know that 99% of their population will not be able to read it". But in
my experience in China at summer programs in universities, I found that almost
all university students (at least in Beijing & Shanghai) can read English. I
suppose they will of course prefer to read Hànzì.

~~~
arjo1
But the common person cannot. Also you are looking at the best universities of
the country in Beijing and Shanghai. And as you stated, they still will prefer
to communicate in their own tongue.

~~~
em3rgent0rdr
Of course. And I'm aware that the best universities are in Beijing and
Shanghai. But still that is a sizable population of intelligent English-
reading Chinese. I'm sure the government would be concerned about them being
exposed to ideological influences in english media.

~~~
czep
The government doesn't fear intelligent people, who are by definition smart
enough not to risk their career or physical safety to openly criticize. This
"sizable population of intelligent English-reading Chinese" are primarily
focused on exploiting Party connections to help them build wealth, and then
expatriate the money beyond the government's reach.

Nobody is talking about a revolution, that would be suicide. The
intelligentsia are far more concerned with using government to their
advantage, which naturally responds very well to money exchanged for favors
(like how baidu got rid of Google).

It's poor people that government worries about. Because when poor people rise
up, that's bad news for anyone in power who hasn't yet fled the country. And
if most poor people don't read English, well then there is not much harm in
allowing some printed criticism of the Party, as long as it's in English.

------
kccqzy
An easy and legal way to circumvent the firewall is to buy a SIM card from a
foreign country and use roaming.

~~~
aembleton
Why would that work? My internet traffic would be routed through the local
cell tower and have to traverse the Great Firewall.

~~~
tristanj
It works because cellular roaming traffic travels over a tunnel to your
carrier's source country. This greatly simplifies data billing calculations,
since they only have to keep track of the usage of one connection.

The traffic is already tunneled when it passes through the GFW.

~~~
schuke
So I guess the reverse is true also, which explains why my mainland SIM card
wouldn't have unfiltered access roaming in HK.

~~~
tristanj
I believe so. When I was in China, my mainland SIM didn't work at all in HK. I
assume many people get prepaid SIMs when traveling out of China so they
wouldn't be subject to filtering anyway.

------
nayuki
Why is China still doing this? What do they have to fear about the outside
world and the open Internet?

~~~
laretluval
As an example, think of all the nastiness on social networks and the role they
played in the most recent US election. Why would you want to invite that into
your country?

~~~
tlrobinson
Was this sarcasm or are you suggesting censorship is an acceptable solution to
fake news, internet trolls, etc?

~~~
laretluval
Maybe not acceptable, but it seems plausible that it could be effective.

~~~
Asooka
And killing people is a great way to reduce the unemployment rate.

------
logicchains
I live in China and use a Chinese-language product that combines SOCKS
proxying with packet obfuscation, and it works flawlessly, unlike anything
else I've tried. I can't find an English reference, but Obfsproxy for TOR is
similar. So if anyone wonders how they could contribute to bypassing the GFW,
working on that kind of packet obfuscation software might be a good way.

~~~
saurik
I am very curious about this tool you are super happy with and would be
totally fine with a reference about this entirely in Chinese ;P.

~~~
logicchains
If you email me (an email is in my profile), or give me some way to message
you, I'll send you a link. I'd rather not post in public.

------
xwvvvvwx
_He now bypasses the firewall with his university’s VPN system. Since
researchers could still access legal VPNs through work, he did not think the
restrictions were harmful to China’s academia – “at least for now”._

Maybe I'm reading it wrong, but it sounds like this won't affect academics.

What seems more interesting is that China is apparently creating a two tier
system for access to information.

~~~
greglindahl
People have been commenting for years that westerner-oriented hotels appear to
have less filtering than other places in China.

~~~
seanmcdirmid
That seems to only be true in southern Chinese cities. You ain't gonna get
around the gfw even in a five star western branded Beijing hotel.

------
JadeNB
The deleted word 'an' from the title (currently "VPN crackdown 'unthinkable'
trial by firewall for China's research world"; in the article, "VPN crackdown
an 'unthinkable' trial by firewall for China's research world") made it a real
garden-path sentence for me—I initially read it as "VPN crackdown
'unthinkable'", and struggled to parse the rest separately. Is it really
necessary to chop off the indefinite article?

------
CamperBob2
From the standpoint of international competition, the Great Firewall isn't
such a bad thing. Wasn't it Sun Tzu himself who said, "When your enemy is
making a mistake, don't interfere?"

But research (ideally) benefits us all, so we'd be making a mistake of our own
to adopt such a provincial attitude. The Chinese scientific community is not
our "enemy." It's a shame the Great Firewall can't be worked around as easily
as sci-hub worked around Elsevier and other artificial roadblocks to
scientific communication.

~~~
gbog
It's very annoying to see such a comment assuming that HN readership is all
and only US citizen. Very exclusive of the other people.

~~~
CamperBob2
_It 's very annoying to see such a comment assuming that HN readership is all
and only US citizen._

Sorry, that wasn't my intention at all. But:

 _Very exclusive of the other people._

It's not the US who's running the Great Firewall, remember.

I'd _like_ to think we wouldn't tolerate such a thing here. I've been wrong a
lot lately, though.

------
m3nu
The last time China isolated itself from the world they fell back so far that
a few gun ships brought down their dynasty. Are they looking to repeat this
mistake?

~~~
zhemao
Uh. Are you thinking of Japan? The Qing dynasty was brought down by more than
just a few gunships.

Though the larger point about isolationism is still valid.

~~~
em3rgent0rdr
I wouldn't consider China to be isolationist, because China's history is full
of foreign interaction.

The reason China fell back and lost the Opium Wars was not due to
isolationism, but rather because for some other reason(s), they missed out on
the industrial revolution. But the exact reasons(s) they missed out on the
industrial revolution is a great debate, and is the quadrillion dollar
question...

------
smegel
> will be permitted only to connect to a company’s headquarters abroad

And HQs gateway to the wide world web?

------
blacktulip
I think a more efficient way for China to 'block the internet' is to stop
teaching English altogether in schools. And I won't be surprised if that
actually happens.

~~~
OnlineCourage
I would be absolutely shocked if this happens. Less than 1% of China's
population speaks English beyond learning for business purposes. Making
learning English illegal would be impossible to enforce, you would have to
build additional infrastructure on the internet just to specifically block
english courses. What you are suggesting is actually more complex.

~~~
heroprotagonist
To be fair, there is a world of difference between 'stop teaching English in
schools' and 'making learning English illegal'.

------
curiousgal
r/titlegore

------
KaoruAoiShiho
What's the point of this article... the VPN block was fake news anyway.

~~~
mtgx
Or maybe the OneParty was trying to see just how far they push their
censorship, after it already passed a draconian "cybersecurity" law recently.

