
Browser Plug-In Punches a Hole in China’s Great Firewall - yarapavan
http://www.technologyreview.com/news/543711/browser-plug-in-punches-an-unfixable-hole-in-chinas-great-firewall/
======
mintplant
Prediction: if this does take off and become a serious problem for the Chinese
government, they will approach the CDNs and force them to implement blocking
or get filtered. A few may take an ideological stand, but most CDNs will
comply, as if they don't, their customers who need to reach China will simply
switch to those that do. If they don't care about the Chinese market and
refuse, they'll simply get blocked.

Of course the more likely scenario is that this simply doesn't catch on in the
first place, or not to a significant enough degree that it requires a
response.

------
netheril96
> Censors tend to leave content delivery networks alone because their servers
> host many different sites, most of which they don’t want to block, says
> Houmansadr.

That has changed since last year. Many CDNs are now indeed blocked, or at
least interfered with by the GFW within China.

------
yyhhsj0521
No, this would only make things worse. A lot of major websites used Google's
services, but Google was nevertheless blocked.

------
voaie
Aside from CDNs being blocked, some regions' network conections to foreign
servers (like VPS for proxies) are slowed down a lot recently.

------
conradev
I'm surprised the article doesn't mention `meek`, which is a pluggable
transport for Tor which also takes advantage of the way CDNs work in order to
circumvent censorship.

Clients take advantage of domain fronting, where they send a request to
"google.com" with a Host header pointing to a Google App Engine instance which
is a Tor bridge: [http://www.icir.org/vern/papers/meek-
PETS-2015.pdf](http://www.icir.org/vern/papers/meek-PETS-2015.pdf)

~~~
rahimnathwani
Section 7.1.1 in the CacheBrowser paper references the paper you linked.

------
stcredzero
Are there any steganographic content sites running now? One could probably run
HTML/images only sites purely through steganographically disguised data on
imgur, tumblr, Facebook, and others. (Images would be lowered resolution, and
involve the combination of 2 or 3 images.) A secret browser extension would be
needed for recombination. This browser extension could come in multiple
variants, in such a way that it would be hard for one agency to know all of
the content channels.

------
SimeVidas
> The core idea of CacheBrowser is to grab censored content cached by Content
> Delivery Networks such as Akamai and CloudFlare directly from their CDN edge
> servers…

Isn't this what websites do in the first place? They put their assets on CDNs,
so that it can be delivered faster.

What about dynamic pages? CDNs cover static assets, but the dynamic pages have
to be generated on the origin servers.

------
rahimnathwani
Link to original paper:
[https://people.cs.umass.edu/~amir/papers/CacheBrowser.pdf](https://people.cs.umass.edu/~amir/papers/CacheBrowser.pdf)

------
chii
i fail to see how that's useful except for sites that _have_ a CDN cache. And
also, couldn't the firewall block those paths to the CDN cache directly
(seeing as they do deep packet inspection) just as easily?

~~~
rahimnathwani
"i fail to see how that's useful except for sites that _have_ a CDN cache."

It doesn't.

"And also, couldn't the firewall block those paths to the CDN cache directly
(seeing as they do deep packet inspection) just as easily"

The paper addresses this: make an HTTPS connection to the CDN's edge server,
and make a request. The GFW doesn't know the URI, so doesn't know whether you
are accessing forbidden or legit content.

------
MVf4l
Oh I get it, "If you try to kill me, you'll have to kill your friends first,
or just let me in, your choice."

------
freewizard
The GFW started to take off when I was in college somewhere in Beijing, China.
In almost two decades, not a single tech trick can survive and grow to a
meaningful scale. One technology might work for either limited case or very
limited audience, or just get blocked completely.

Technology can't fix politics.

------
vishnumethas
Maybe so but I would argue that censored google is not the same google we
know.

[http://www.traininginsholinganallur.in/oracle-training-in-
ch...](http://www.traininginsholinganallur.in/oracle-training-in-chennai.html)

------
selimthegrim
I remember Houmansadr for his papers on steganography over Tor. Glad to see
he's scratching his itch.

------
gruez
See: collateral freedom

