
“Two days ago the police came to me and wanted me to stop working on this” - realfuncode
https://github.com/shadowsocks/shadowsocks-iOS/issues/124#issuecomment-133630294
======
mrb
I was visiting China recently (my first time there). I thought bypassing The
Great Firewall was going to be as simple as an "ssh -D" SOCKS setup, or a "ssh
-w" tunnel. Oh boy, I was wrong. If you try this, or even a basic OpenVPN
setup, you will quickly find out your VPN works fine for about 5 minutes, but
then latency increases to 5sec, 10sec, 30sec(!), and then everything times
out. After some research I read online the government does deep packet
analysis and uses machine learning to find heuristics to guess which TCP
connection or UDP stream is likely being used as a VPN. When they think there
is a high probability a VPN is detected, they simply start dropping all the
packets.

Encryption is not enough. You need to disguise your VPN traffic to make it
look like standard HTTPS sessions (since they don't block HTTPS). For example
in a traditional HTTPS session, if the client browser downloads, say, a 500kB
image over HTTPS, it will send periodical empty TCP ACK packets as it receives
the data. But when using a VPN that encrypts data at the IP layer, these empty
ACK packets will be encrypted, so The Great Firewall will see the client
sending small ~80-120 bytes encrypted packets, and will count this as one more
sign that this might be a VPN.

That's why people in China have to use VPN tools that most westerners have
never heard of: obfsproxy, ShadowVPN, SoftEther, gohop, etc. All these tools
try to obfuscate and hide VPNs. I have a lot of respect for all these Chinese
hackers like clowwindy who try to escape censorship, as it takes more
technical prowess than you think to design a VPN that works in China.

~~~
usaar333
How do multinational companies' china offices get through the firewall? For
example if my company uses Google apps, how do I ensure that my china office
has access?

~~~
mcbridematt
Pay one of the telcos (i.e China Unicom) for an MPLS circuit out of the
country.

Also, international performance in general can be quite bad at peak times (i.e
30% packet loss), I suspect due to Comcast-style management of international
transit. But if you buy a transit circuit from Unicom, no problem!

Edit: to add to the grand parent, I've actually found ssh -D/-w0 (for a TUN
device) quite reliable from China. What I really want to do is run multiple
connections from different end points with a routing protocol to do fast-
failover.

~~~
badpenny
> Pay one of the telcos (i.e China Unicom) for an MPLS circuit out of the
> country.

Don't suppose you could explain to us network plebs how that would bypass the
Great Firewall?

~~~
eitally
It's a private network/route with traffic containing nothing but corporate
data. Most multinationals facing this situation route out through HK, with a
secondary failover usually in Taiwan or Singapore. Works a treat, but is
costly and latency can be subpar.

It also doesn't solve the problem of mobile access to Google Apps for Chinese
workers (Google Play Store & apps are not bundled by many (any?) Chinese OEM
handset makers or carriers. You can root & sideload, or you can purchase
phones outside the country and ship them to your employees, but even if you do
this, there is still no guarantee they'll be able to access Google's apps
while on cellular networks.

~~~
gozo
Google Apps will drain your battery when they can't access Google's servers.
Roaming with a China Unicom Hong Kong sim card, like the cross border king,
will give you gfw free access.

~~~
kuschku
> Google Apps will drain your battery

Google Apps will also drain your battery if you are in a region where Google
has no network-location data yet, because then Google will turn on your GPS,
and send to their servers the pair of GPS-coords and strength of networks.

If you live in a suburb in Germany where almost no networks are known to
Google, this means if you enable location services your GPS will try to get a
fix 24/7, eating your battery in about 2 hours.

This is probably going to be an issue in China, too, considering that Google
doesn’t have location data there.

~~~
rahimnathwani
I think you can turn this off. My phone has a setting called 'Scanning always
available', which says "Let Google's location service and other apps scan for
networks, even when Wi-Fi is off.". If I turn off this setting, and turn off
wi-fi, then the problem you point out should be avoided, right?

~~~
kuschku
Yes.

But if you turn on WiFi and Location at the same time (which is not uncommon),
then it will suck your battery dry in seconds. Turn any of those two off, and
it works.

~~~
rahimnathwani
Oh. My phone has three options for 'Location mode':

\- High accuracy (GPS, wi-fi, mobile)

\- Battery saving (Wi-fi, mobile)

\- Device only (GPS)

From what you say, it sounds like 'Device only' would save more battery than
'Battery saving'?

------
hipaulshi
For people who are not aware of this: Shadowsocks is a popular and very simple
tool to circumvent Great Fire Wall in China. It is written to reduce
characteristics in network traffic so that GFW cannot easily block it by deep
traffic analysis. clowwindy is the original author.

~~~
verroq
Who is the target audience of this software and how does it work? Do non
technical users set this up on a VPS provider and then connect to it? I'd
imagine most developers in China would just SSH tunnel their way out.

~~~
hipaulshi
SSH dynamic port forwarding is no longer working for years. It is so easily
picked up by GFW and minutes later it is gone together with the whole SSH
connection. So does PPTP and L2TP VPN. GFW has been upgraded so many times for
the past few years. The target audience is developers. The install is super
simple via one line of `pip install`, the start code for daemon is also one
line with the configuration inline or through <10 lines of json. On the client
side the author and other contributors developed native clients that allow
connection by supplying just 1 password and 1 server address. Super simple and
highly reliable to this day.

~~~
hurin
Why not just wrap all your SSH packets as HTTPS?

~~~
PeterisP
I believe that the traffic patterns (up/down request amount and timing) will
still look sufficiently different from a 'normal' https connection to be
detected and cut off within an hour.

------
blackgear
This is the end of a century. People in China had used 4 kinds of tools to
skip the GFW: freegate, openvpn, goagnet, shadowsocks.

freegate is a traditional http proxy or socks proxy built by Falun Gong
([https://en.wikipedia.org/wiki/Falun_Gong](https://en.wikipedia.org/wiki/Falun_Gong)).
They built lots of software with the same technology: freegate gpass freeu
dynapass... People share this kind of banned software sending to each others
just like teenagers share adult videos. After update of GFW, it become un-
available and un-usable.

openvpn turns break GFW as a business, people sells openvpn account at $1.66 a
month regularly. They sell this kind of services package including pptp l2tp
ssh openvpn to those who need a free network.

goagent is a free software written by Phus Lu. It use Google's application
engine as server so you can use it without paying money.So it replaced openvpn
since it cost $0. After China banned Google, this way become more and more
hard.

shadowsock is a protocol designed by clowwindy. It become a environment.
People use python, C, nodejs, golang, rust, obj-c, java to write their own
client and server. Some organization share their server for free, some people
sell account and provide high speed. shadowvpn works as a VPN while
shadowsocks works as a socks5 proxy, but share the same technology.

This is the end of shadowsocks. I means recently more and more evidence shows
that GFW has finally find a way to recognize shadowsocks's packets. Then they
stopped the development of shadowsocks.

That's all. The winter of China's network comes.

~~~
woodchuck64
> I means recently more and more evidence shows that GFW has finally find a
> way to recognize shadowsocks's packets.

Hmm... okay, so they defeat shadowsocks by recognizing the packets.

> Then they stopped the development of shadowsocks.

But if they already had shadowsocks beat, why do they make a public show of
shutting it down?

Sounds more like they recognize that they _don 't_ have the GFW technology to
defeat shadowsocks on-going development over time. Which suggests all you need
is a new developer.

~~~
fluidcruft
I don't know if this is the case, but I think it's entirely possible to know
that shadowsocks is being used widely without being able to do anything about
it at the network level. I think that's plausibly how shadowsocks is designed
to avoid the GFW in the first place.

For example, if their capabilities to identify shadowsocks traffic is not
particularly specific, filtering would result in undesirable impact on other
traffic. They can also have other out-of-band estimates for the extent of
shadowsocks use (presence of the software on seized or searched equiment,
observed chatter, informants, etc).

------
Rangi42
This wasn't a thorough deletion. The shadowsocks-iOS project has been switched
to the 'rm' branch, but the 'master' branch still contains all the source
code: [https://github.com/shadowsocks/shadowsocks-
iOS/tree/master](https://github.com/shadowsocks/shadowsocks-iOS/tree/master)
There's also a downloadable 2.6.3 release with a built .dmg and source code:
[https://github.com/shadowsocks/shadowsocks-
iOS/releases](https://github.com/shadowsocks/shadowsocks-iOS/releases)

Even if it does get completely removed, a duplicate exists on GitLab:
[https://gitlab.com/mba811/shadowsocks-
iOS](https://gitlab.com/mba811/shadowsocks-iOS) (No guarantee that it has all
the commits prior to deletion, or that it hasn't been modified from the
original in some way.)

I can only hope the police in clowwindy's country don't know how to switch
GitHub branches.

~~~
4684499
Years ago, news said China "banned" bitcoin, years later miners in China live
just fine. I guess this is not going to be so different.

~~~
noselasd
The only thing that's "banned" regarding bitcoins in china is that financial
institutions arn't allowed to trade them. You can mine them, you can set up
companies that mine them, you can trade them if you're not a financial
institution.

~~~
njloof
And as an aside they're the easiest way to exchange money when overseas. It's
like a bank where the bank meets you at your hotel and gives you cash, and you
never have to worry that your PIN won't work or your home bank will decide not
to honor your transaction for fraud protection.

------
babuskov
I find this comment amazing:

[https://github.com/shadowsocks/shadowsocks-
iOS/issues/124#is...](https://github.com/shadowsocks/shadowsocks-
iOS/issues/124#issuecomment-119921778)

Even with root account, you are not in full control of your Mac - you are
sandboxed by Apple.

~~~
conradev
This is the result of a recent change in OS X 10.11, called System Integrity
Protection.

It's a big step in the wrong direction [opinion], especially because it does
nothing to verify "integrity". It prevents changes to the System directory by
conventional means (and injection into system processes).

If malware were to figure out a way to disable SIP from userland, it could
install itself in such a way that nothing short of disabling SIP could
uninstall it.

~~~
userbinator
Does booting an alternate OS still work to get around it, or have Apple
thought of that route and somehow blocked it too?

(I have limited experience with OS X - only briefly played around with driver
development and bootloaders in the 10.4 era with osx86 - and I did have to
boot from the DVD a few times when I made the system unbootable.)

This raises the question, what good is root if it's not really root anymore?

~~~
__david__
> Does booting an alternate OS still work to get around it, or have Apple
> thought of that route and somehow blocked it too?

It's easier than that. It's just a kernel argument to disable it. Simply add
"rootless=0" to your boot-args and you have control of your machine back.

I'm running the 10.11 beta and I've already had to disable rootless because I
like to have /usr/local as a symlink to somewhere else and by default the
rootless configuration prevents writes to /usr. :-/

~~~
bdash
Apple has stated that the "rootless=0" boot argument to disable System
Integrity Protection is temporary and will be gone in the GM version of El
Capitan. Allowing this route to disable the feature would defeat the entire
purpose of it.

~~~
mrpippy
Source? They said in the WWDC session
([http://asciiwwdc.com/2015/sessions/706](http://asciiwwdc.com/2015/sessions/706))
that the process to disable rootless may change during the beta, but didn't
say that it won't be possible in the GM.

They know that rootless will break some applications/drivers, plus some types
of development may need it disabled.

~~~
bdash
The supported mechanism for disabling System Integrity Protection is via the
recovery partition.

------
djyde
As a Chinese developer, I got more and more disappointed to my country.

I'd read a book written by LinYutang, called My Country and My People. All my
understandings of my country after reading this book are not same as nowaday
China.

What's wrong? I don't know. I just wanna have freedom for Googleing. I just
wanna the people in this country be happy not only because they get enough to
eat.

~~~
aikah
Don't worry, western leaders have figured out one doesn't need democracy or
free speech for capitalism to function, China set an example. So with all the
spying , ban of encryption , limits on freedom of the press with laws such as
"the right to be forgotten" or making illegal to criticize cops or politicians
in Spain , we have already entered in a post democratic era . And people in
Europe take their freedom for granted forgetting they had to fight to death to
win their freedom at first place.

~~~
rndn
The right to be forgotten is actually a powerful mechanism to protect
individuals. Though, the law should possibly revised such that it only applies
to individuals that are not a public figure, who can prove to have little or
no range of responsibilities.

~~~
task_queue
The right to be forgotten flies in the face of capitalism. You cannot assume
you act in perfect self-interest without total and perfect information. The
first can be easy to acquire, the second harder.

The right to be forgotten impedes on total information awareness and the
desire to make the perfect rational decision with your money.

This is a good thing. Total information is not perfect information because of
bias and context. Someone seeking such information will process it through a
biased lens and never attain perfection. In that case, the individual under
the lens will lose out.

------
realfuncode
“Two days ago the police came to me and wanted me to stop working on this.
Today they asked me to delete all the code from GitHub. I have no choice but
to obey.

I hope one day I'll live in a country where I have freedom to write any code I
like without fearing.

I believe you guys will make great stuff with Network Extensions.

Cheers!”

~~~
teej
Not being facetious here - what country do you live in that you think the
government can't/won't interfere with your code?

~~~
escape_goat
Perhaps I am misunderstanding your use of English, because it is difficult to
see how this is not a facetious question.

There are relatively few countries in which the government both could and
would interfere with someone's publication of code, and I think only in China
is there both widespread computer use and internet access, on the one hand,
and state security actors (the civil police, actually) who have the
sophistication and funding to intervene with specific projects such as this
one.

Did you mean to ask what country he was in?

~~~
dalke
The US does "interfere" with the publication of some code. I'm thinking of
cryptography code. Quoting from
[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)
.

> Since World War II, many governments, including the U.S. and its NATO
> allies, have regulated the export of cryptography for national security
> considerations, and, as late as 1992, cryptography was on the U.S. Munitions
> List as an Auxiliary Military Equipment. ...

> As of 2009, non-military cryptography exports from the U.S. are controlled
> by the Department of Commerce's Bureau of Industry and Security. Some
> restrictions still exist, even for mass market products, particularly with
> regard to export to "rogue states" and terrorist organizations. Militarized
> encryption equipment, TEMPEST-approved electronics, custom cryptographic
> software, and even cryptographic consulting services still require an export
> license

> ... Other countries, notably those participating in the Wassenaar
> Arrangement, have similar restrictions.

~~~
floatboth
But in the US, you can sue the government:
[https://en.wikipedia.org/wiki/Bernstein_v._United_States](https://en.wikipedia.org/wiki/Bernstein_v._United_States)

~~~
dalke
I think you mean "at least", rather than "but"? You'll notice the WP quote I
gave includes restrictions post-Bernstein (and links to that case). Even these
restrictions count as 'interfer[ing] with someone's publication of code', no?

------
catinred
I've been using this anti-censorship software for about 2 or 3 years. It's the
most stable one of all anti-censorship softwares I've ever used. For those
who's not in China mainland, you can not imagine how many breaking-wall
softwares we've ever used.From ssh -D,pptp,L2tp/ipsec,to OpenVpn. In order to
access twitter,someone even create twitter api proxy such as Twip,btw,the
creator was ever forced to "drink tea" with the police ,too. The Chinese gov
just blocks any sites they want and frighten anyone who is "troublemaker".
Best wishes for the gov,and for the heroes who is creative and brave to
develop all these anti-censorship softwares.

------
mobutu
On this note, we've been trying to upload gigabytes of data via rsync from
Europe to China (we are software company who are trying to deliver tools to
our Chinese customers..). Connection used to be fast when it was night time in
China, but lately the connection has been really slow or unusable. Is there
any alternative way to get lots of packages from Western countries to China?

~~~
gnur
Ship it on an usb drive. (use encryption)

~~~
JonnyGreenwood
And get confiscated by China customs..

------
UserRights
What an awful government, simply horrible!

Now imagine, one manager coming to you with an idea:

"Hey, here is a great way to make big money: we fire all our expensive US
workers and move the whole production chain to China, people are much cheaper
there and governement will keep it that way!"

Would you adore such a greedy $$$hole and make him manager of the century?

Just another crazy idea: Imagine we would produce all our hardware for all our
communication devices in a country with such an authoritarian neandertal-
government! Oh, wait...

------
ambrop7
As the author of tun2socks (which is currently used under the hood in
shadowsocks-android and Psiphon3 for system-wide proxying), I wasn't even
aware this effort was in progress. Very sad to see it stop.

------
medecau
[https://github.com/Long-live-
shadowsocks/shadowsocks](https://github.com/Long-live-shadowsocks/shadowsocks)

The original repositories have been/are being reset. (Some branches were not
removed.)

Non-obvious ways to search for forks as the network graph is unavailable for
larger projects.

[https://github.com/search?utf8=&q=shadowsocks+language%3APyt...](https://github.com/search?utf8=&q=shadowsocks+language%3APython+fork%3Atrue&type=Repositories)

~~~
empyrical
You may not be able to see a list of the forks via the web interface, but you
can (albeit less conveniently) see them with the JSON API:

[https://api.github.com/repos/shadowsocks/shadowsocks-
iOS/for...](https://api.github.com/repos/shadowsocks/shadowsocks-iOS/forks)

And you can paginate like this:

[https://api.github.com/repos/shadowsocks/shadowsocks-
iOS/for...](https://api.github.com/repos/shadowsocks/shadowsocks-
iOS/forks?page=2)

------
brobinson
Main site for the software: [https://shadowvpn.org](https://shadowvpn.org)

Were the repos mirrored anywhere, or would that present a risk to the original
author?

~~~
escape_goat
It's hard to see how that would present a risk to the original author, given
the current circumstances as we know them.

What is described was a visit from the police in which they asked him to take
down his own Github distribution. He clearly hasn't been arrested, and
although he may be being fined, he doesn't mention it. You will notice that
his message encourages others to continue work and is generally unhappy and
defiant.

If this was a matter of any seriousness with regards to state security, it
seems more likely to me that the repositories would be simply shut down
without explanation.

My expectation based on my own few encounters with the regular civil police[1]
is that those who specialize in computer matters are unlikely to be idiots; I
assume they will know how version control systems work. It would probably be
overly cheeky of him to actually contribute to someone's fork, or work on
similar software, but there shouldn't be any negative consequences based on
what we've heard.

My experience in China is limited, and someone else might offer contradictory
insights, but that's what my expectation would be based on that experience so
far.

[1] an edit to clarify: "In China."

------
adamfisk
At Lantern ([https://www.getlantern.org](https://www.getlantern.org)) we make
censorship circumvention software that shares some similarities with
Shadowsocks but that also uses p2p. Since the @clowwindy announcement we're
the #3 trending repository on GitHub basically because a ton of Chinese coders
have been starring it -
[https://github.com/trending](https://github.com/trending)

------
vladmiller
And there are more than 500 forks. I'd say good luck deleting that :D

~~~
Rangi42
I downloaded the source code on principle. It's good to know there are plenty
of online copies.

~~~
vladmiller
same did I. Seems like it's pretty good written piece of software, so might be
good exercise to hack it a little bit and maybe learn something

------
fexy
I am living in Iran and shadowsocks was by far the best tunneling software I
have ever used, and believe me I've used almost ANYTHING!

I appreciate the efforts of clowwindy and it's talented developers and hope
the development keep going.

That might be nice if some independent organization take ownership of the
project so other individuals feel safer contributing to it.

~~~
WalterSear
It's not like the source code isn't still there, in the initial 'deleted'
repo, not to mention several hundred forks.

------
auganov
Anyone able to verify clowwindy is okay and the encounter with police ended at
that? Their twitter seems to be accept-only now.

~~~
mclee
clowwindy showed up on twitter saying he's ok but has to drop maintenance. I
guess he's physically alright.

------
daurnimator
Holy shit, clowindy was asking me questions related to this issue just last
week.

This is a scary wake up.

------
smaili
While I understand what the gov is trying to do, who's to say somebody else
that doesn't live in China maintains the project and puts it on GitHub for all
the world to see?

~~~
xiaq
Maybe they are going to block or attack GitHub again until GitHub takes down
all clones of it.

~~~
wogong
They will, one day. anyway Gmail was gone, which I think is the most
impossible site to be blocked.

PS: nice to see you here. :)

~~~
rsy96
I was shocked to see Gmail blocked, given how many business users were
dependent on it. Previously they didn't censor websites critical to business
and economy, but now they seem to be prioritizing control of speech over
economic development.

------
jdenning
I know there are plenty of copies out there, but in case anyone needs a link,
here's my (unmodified, except for the rm branch/removal message) fork:

[https://github.com/jasondenning/shadowsocks-
iOS](https://github.com/jasondenning/shadowsocks-iOS)

------
sidcool
I seldom wonder; what is that the Chinese government aims to gain from all
this oppression? What any government hopes to gain? North Korea, Cuba,
Venezuela, China, Russia (?) etc....What exactly do they want?

~~~
Intermernet
Like most governments around the world, they tend to think that "change =
defeat". The US, UK, Canadian, and Australian governments are not really any
better in this respect. They don't really understand the internet, and are
therefore (sometimes justifiably) frightened by it.

Governments, by definition, are meant to "Govern". Most see that the the rules
of governance that they, as experts, have defined, should be "The Only Rules".
They have a vested (if only intellectual, but rarely is this the case)
interest in seeing people follow these rules. Any discussion, or debate,
regarding alternative rules, is obviously being pushed by people who don't
know what they're talking about.

It's oppression based on consensus and bureaucracy. Sometimes it's nefariously
directed, but often it's just pigheadedness and arrogance that lead to
decisions like this being made.

Although, sometimes it's just downright manipulative pricks holding the
reigns. Hopefully this is less frequent than it actually appears to be. I'm
giving these governments the benefit of the doubt, though they haven't done
much in recent years to deserve it.

~~~
sidcool
Spot on! Governments are shit scared of the internet, probably even more than
terrorists, probably because internet is a tool for the mind. A free mind has
boundless optimism and spirit, and an oppressor cannot reign over such a mind.

------
grondilu
> I have no choice but to obey.

Did he ask a lawyer? Because it looks to me there are two possibilities. One,
he was not doing anything illegal in which case the police had no authority to
stop his activities. Two, he was indeed doing something illegal in which case
he can be glad he got out of it with what appears to be only a warning.

~~~
0xFFC
I didn't get where he/she is from.If I were him and I was in US I would fight
back with legal system, but if I were in china and Iran I would run away
(sadly because there is no reliable legal system in these countries)

------
kodisha
Right about now in China, GFW HQ:

\- Hey guys, we are on front page of HN again!

\- Yaay, lets upvote!!!

------
baozi1989
In China, People give their country another name --- West Korea.

------
sneakOwl
A lot of people set up shadowsocks on their VPS and then spread it to their
circles. It's the growing community and that more people are communicating
with each other via means the party can not control that upsets the party.
This will not stop, it's our fight for freedom.

------
skynetv2
I am confused .. did the Chinese police come and ask him to stop working on
it? Which country is he in?

~~~
syntheticcdo
China

------
sidcool
Knowing as much as I know about China, I somehow feel it was considerate of
them not to arrest the person or hack into his computer. They sent some guys
to make him stop. May be I have a very bad impression of the Chinese
government.

------
smilekzs
From Wikipedia:

> The Streisand effect is the phenomenon whereby an attempt to hide, remove,
> or censor a piece of information has the unintended consequence of
> publicizing the information more widely, usually facilitated by the
> Internet.

~~~
xiaq
If you control virtually every aspect of media in a country, I don't see how
Streisand effect works...

~~~
orph4nus
Because hackers will always find a way.

~~~
veracruz
Tell that to the RIAA and MPAA, and every politician wanting more surveillance
and censorship. The reality is that law, and money, and force currently, and
always will, trump a geek at a keyboard.

Further, please consider that you don't have to kill a thing to control it.
Even when something is technically possible, and arguably inevitable, it can
still be neutered and effectively subdued. It's all fine and well to say
things that suggest the human spirit will always triumph - that's optimism -
but the human body can still be held in chains. A technical solution that is
only accessible to a tiny set of people, under the right theoretical
conditions, does not make freedom a solved problem.

------
hachiya
So how did the Chinese police find clowwindy?

His contact information doesn't look readily available online.

Did Chinese authorities contact Github, which readily complied with
information that led to him being located?

~~~
sandyvid
It's really not that hard for the cops to track down someone in China.
Besides, clowwindy didn't take any precautions before. I believe clowwindy
once revealed the company he worked for.

~~~
hachiya
Do you have a reference for clowwindy revealing his employer? I didn't see
anything about that.

Cops can do a lot of things, but they don't pull information from thin air.
Github would be one source of information.

It's odd that this entire, and very popular, discussion on HN doesn't delve
into how this individual was found.

It's also interesting that your reply is from a new account with only this
comment.

~~~
fridsun
All ISPs in China are government-owned. It is believed that the government can
locate any IP. Then it's only a problem of finding his IP by monitoring.

~~~
hachiya
That may be possible, but no source had made that claim as far as I know, in
this case or any other. Also, Github uses SSL. It would be interesting how
they distinguish one user's Github connection from all the others originating
in China.

Again, how the Github user was actually located by Chinese police was not
disclosed or even discussed here. It's interesting that mentioning this has
resulted in two comments by new accounts, solely to blame Chinese authorities
as discovering the user on their own, with no evidence for it.

------
nadams
This feels rather suspicious to me. Either the police are complete idiots
(because people have forked his code and you can still get it from the forks)
or there is more to the story.

It would make more sense to just send a DMCA takedown for that plus all forks
to ensure that the streisand effect doesn't come into play. Because now I
gotta grab a fork and squirrel it away - even though I'm in the US I feel like
this is important stuff to keep.

~~~
Intermernet
If you were a US developer hit by something similar, you may have been sent an
NSL, and would therefore be unable to discuss it at all. The DMCA would only
apply if you had been accused of copying, or creating a derivative work.

I find it interesting that the Chinese police have told him to shut it down,
but have not put any restrictions on telling people he's been told to shut it
down.

Who has the greater freedom in this respect?

~~~
nadams
> The DMCA would only apply if you had been accused of copying, or creating a
> derivative work.

See my reply here [1].

> I find it interesting that the Chinese police have told him to shut it down,
> but have not put any restrictions on telling people he's been told to shut
> it down.

Don't you think that signals there is more to the story? I doubt some friendly
people knocked on his door and asked him nicely to remove the code. Then after
he did it - they told him to have a nice day and left him with some tea and
biscuits.

My gut feeling is there is more to the story than what is in the one line
comment in the issue tracker.

[1]
[https://news.ycombinator.com/item?id=10102631](https://news.ycombinator.com/item?id=10102631)

------
FooBarWidget
Any knows a good shadowsocks tutorial for OS X? I'm going to China next week
but I need to keep working while I'm there. I need to access Gmail, Github,
AWS, etc. I can't get it to work with the few tutorials I found: the
connection appears to freeze, and only certain browsers respect the OS X socks
settings (no command line tools).

~~~
__kaichen
Hey, you could use a GUI client named GoAgentX on github. You could find the
download link at this address.

[http://shadowsocks.org/en/download/clients.html](http://shadowsocks.org/en/download/clients.html)

------
wolfgke
Quote: "Two days ago the police came to me and wanted me to stop working on
this. Today they asked me to delete all the code from GitHub. I have no choice
but to obey.

I hope one day I'll live in a country where I have freedom to write any code I
like without fearing."

I claim that the west is hardly better: Just say "copyright law".

------
seanhandley
687 forks. Good luck to the authorities!

------
lifeisstillgood
Is this then a sign that the network architecture of back hauling everything
to SF in order to send it back to Beijing so one can update ones neighbours
wall, that architecture is flawed and needs to fall back to a peer to peer
approach - one that truly can route around censorship

------
aflying
oh,this seems to be a controversial question.The point is how to regard GFW in
China.To be honest,every countries has its censorship.However,the point is GFW
in china is opaque,which is not accepted.A man has rights to know what he want
to know,and for gov,managing should be public.As for the author of
shadowsocks,it is very sorrowful that she is asked to stop his work,which
helps many Chinese people.For developers，this is what their work needs;for
users,this is chances to see the real Internet.Remember everyone does not want
to oppose gov,they just want to see something useful for their jobs,which also
includes some politic news against Chinese gov.

------
bakabaka9
This saddens me personally, as I once worked with this guy; he is very
productive and talented developer. Imagine how god-awful he feels now,
threatened by police and forced to stop committing to his very own projects.

------
diegolo
I happily bypassed the great firewall using
[https://github.com/apenwarr/sshuttle](https://github.com/apenwarr/sshuttle)

------
kinosang
Long live the shadowsocks.

People who do not yield to the GFW already made backups of all the repos under
github.com/shadowsocks. And new tools to bypass the GFW is under development.

------
anabis
Tangential, but the icon is from 星空のメモリア, a Japanese game. It has not been
turned into anime, so can he read Japanese decently, or just using random
pics?

~~~
Joona
Might be translated in to Chinese.

------
geggam
Have we all forgotten corkscrew ?

[http://agroman.net/corkscrew/](http://agroman.net/corkscrew/)

------
acd
But censorship when the citizens can travel in and out of the country carrying
USB,SSD and hard drives will not work.

~~~
hmage
Do you honestly think you can carry USB and SSD to China without border
officers confiscating it?

~~~
gemexe
Maybe I'm lucky but I've done that many times and so far the customs never
bothered

------
jglauche
So, isn't the real question how to get you into a more liberal country so you
can continue your work?

~~~
halfelf
That's true. But immigration for Chinese is much more harder than you think.
Even in China, it is not completely free to move from one province to another.

~~~
jglauche
I can imagine that this is not easy. I'd like to hear some ideas to that
though, as I lack all the details on what's going on there (just been there
once on a business trip - and I know they treat foreigners with money much
different)

------
personjerry
Oh dear, I hope the clones of this repo on Github don't cause the GFW to block
Github altogether.

~~~
rxvincent
Government used to block Github in past few years. Then lots of programmer
strongly disagreed with it.

however,browse github has been harder in 2015.

I love my motherland but i really hate what the government has done.

sorry for my poor english

------
MarkPNeyer
what was this?

~~~
xiaq
Shadowsocks is the most popular solution for circumventing China's GFW these
days. It has the advantage of obfuscating the traffic, thus making it hard for
GFW to detect it, unlike say SSH or OpenVPN traffic, which are easy to detect.

------
SwimAway
Cancerous governments desperate for control. Swim away.

------
aianus
How did/does this tool compare with obfsproxy?

------
Nanshan
IPv6 is the powerful tools over the GFW

------
OJFord
I'm not American, but still catches the eye that this currently stands at "911
points"!

------
somerandomone
> I hope one day I'll live in a country where I have freedom to write any code
> I like without fearing.

Can the author reach the US by whatever mean and apply for political asylum?
That 'fear that they will suffer persecution due to: ... Political opinion'[0]
seems legit.

[0] [http://www.uscis.gov/humanitarian/refugees-
asylum/asylum](http://www.uscis.gov/humanitarian/refugees-asylum/asylum)

~~~
hkmurakami
> I hope one day I'll live in a country where I have freedom to write any code
> I like without fearing.

Frankly I don't know if we are that country. :(

~~~
brillenfux
In the context of a Chinese hacker fearing prison this is awfully cynical
hyperbole.

~~~
DanBC
It's obviously far worse in china, but still.

[https://en.wikipedia.org/wiki/Jon_Lech_Johansen](https://en.wikipedia.org/wiki/Jon_Lech_Johansen)

~~~
hkmurakami
Agreed. And even in the small world of my college, this happened for a student
writing some filesharing code.

[http://dailyprincetonian.com/news/2003/05/peng-riaa-
settle-i...](http://dailyprincetonian.com/news/2003/05/peng-riaa-settle-
infringement-case/)

------
geff82
as a sidenote I encourage all people with talent to leave countries with
suppressive regimes. I think they should be erased from their position. One
way to do that is to encourage everyone to leave their country. One can argue
that staying in a bad country may one day help to build it up again, but on
the other hand, nothing hurts bad people in power more than complete brain
drain.

~~~
kinofcain
China is ~20% of the world's population (1.36 billion of 7 billion).

If everyone in China left China, and assuming the rest of the world is living
as a family of four (play along), then every home in the world outside of
China would have to take in one Chinese refugee.

"Leave" is not a viable strategy at scale.

~~~
ctdonath
You don't need _everyone_ to leave, just a relentlessly growing percentage. At
some point the system starts to crack, and either they relent or it breaks.

In the USA, there is the fundamental notion of "consent of the governed" \- if
enough people won't submit, the government cannot function.

~~~
dreamfactory2
That's true anywhere, and it's what governments of all stripes worry about and
steer. Western ones do it with a bit more finesse, but there's little
fundamental difference. It's why Chomsky talks about 'manufacturing consent',
and why marketing is an important field for Western governments, as covered in
some detail by Adam Curtis. The UK government even have a unit dedicated to
'nudge theory'.

~~~
wyager
The US government makes it very hard to leave, no finesse involved. To
renounce your U.S. citizenship, you have to pay a fee of over $2000, pay huge
"exit taxes", and provide six years of tax compliance proof to the IRS.
[http://money.cnn.com/2014/12/10/pf/taxes/expat-passport-
citi...](http://money.cnn.com/2014/12/10/pf/taxes/expat-passport-citizenship-
renounce/)

------
cLeEOGPw
Any technology can be used for both good and bad. There's nothing inherently
wrong with technology.

~~~
chronial
No, that is not true. Look at the atomic bomb for example. The technology here
is not just nuclear fission – the bomb itself has a lot of unique technology.

There can be a lot inherently wrong with technology, and there quite often is.

~~~
hobs
What about all the Peaceful Nuclear Explosions (PNE)? The nuke is extremely
destructive and extremely dangerous, but its not inherently wrong, they have
been used to close gas wells by the Russians, and I am pretty sure the US had
the plowshares program.

There are definitely some arguments that we could have used conventional
explosives for those purposes, but my point is that a nuke is just a tool, its
the people who decide to use it admirably or despicably.

~~~
chronial
We might just fundamentally disagree an the whole tool ideology.

Imagine this device: It only has button, pressing it will torture every human
beeing in earth for 100 years and then wipe out what's left. Trying to
disassemble or analyze it will do the same.

Would this still classify as "just a tool"? (peaceful uses: explaining the
importance of restraint etc.)

This is not supposed to be an analogy, but a serious question, because I don't
believe that guns dont't kill people. And if we disagree on such a fundamental
question, I don't think an internet debate could have a sensible outcome .

~~~
pablovidal85
Guns alone don't kill people (at least if they're not programmed to do so
automatically), but as humans sometimes act irrationally, one could say if the
population had less guns then there will be less deaths by gun shot.

~~~
Datsundere
The sole purpose of a gun is the kill/destroy more efficiently because knives
and forks were not.

~~~
pablovidal85
Nothing really has just one purpose. I admit that the person who built the
weapon may have done so with the idea of killing in mind, but nobody can stop
me using the gun to crack a nut or scare animals using a blank cartridge.
Ultimately is a person (or a machine built as an extension of somebody's will)
who points to something and pulls the trigger.

------
jondubois
I don't see the Great Wall of China as inherently evil. I don't think Chinese
people would benefit if we (the west) had free reign to impose all our extreme
capitalist beliefs on them. Maybe they are not ready for it.

It's arrogant for us to believe that we are on the 'free' side of the
firewall. I don't see how one side is more free than the other - Both sides
are subjected to constant brainwashing by various media - Be it at the hands
of a suppressive government or those of greedy corporations.

~~~
alleycat
Capitalist beliefs? They're just as capitalist as us, even more so these days
(especially in Western Europe).

~~~
jondubois
I am aware of this effect (my wife is Russian) but I would still argue that
they are not capitalist in the same way that we are (though they do come
across as hyper-capitalist on a superficial level - As in; they are big
consumers and they like to show off their social status).

One thing that really surprised me about Russian and Chinese people though is
how well they take care of their friends and family (for example, they are
often very willing to share their money to help each other) and how genuine
they are compared to westerners. I know it's a big generalization but it's
something I noticed.

