This article also doesn't touch on the simple technical pains of having to work across the Great Firewall and the effects of it their ability to do business outside of China. Even when you have an excellent partner in China (or vice-versa), so much of the back and forth ends up coming down to issues going across the firewall. Your collaboration tools don't work, so you're split across Slack and WeChat. Github is a disaster in China, and of course, the Googs isn't something you can require anyone in China use. Usual day-to-day stuff is neither simple nor reliable when you have to cross that firewall.
And too boot, it's amazing that Chinese companies are still doing a really poor job of figuring out how to connect well to the outside world. They'll turn to you asking why your API/whatever isn't working for their developers, and then expect that you have some miracle solution to get rid of the 200-400ms of latency (each way!) across the firewall, as well as a cure for the hours of it just dropping all traffic. Perhaps the Party has scared them enough they're not willing to chance employees doing illegal things on the company's connection...
The firewall is a fickle, cantankerous beast that, to me, is really at heart of this matter. Because they want throats to choke for every packet on Chinese soil, they've created this huge barrier that touches everything you might want to do in China or with a Chinese company.
totally agree. i'm in china and i can barely have a skype conversation with people abroad - it will randomly cut out or the quality will degrade. i can use google most of the time via VPN, but then there'll be some big political event and even VPN will become intermittent. when my co-founder came to china he couldn't believe how much of a productivity killer the great firewall was.
actually, it is quite interesting that the great firewall can totally block most VPN's when the gov. wants it to, but most of the time they choose not to. they just make it enough of a pain for normal people to give up, yet they leave just enough access for those who really need international internet access to get by with VPN (albeit barely).
China's Internet been an Intranet means GFW don't need to be precise in recognizing traffic flows. A little false positive is fine.
Some examples:
- Dropping GRE packet so PPTP VPN is not possible
- Send TCP RST to both end when a connection to dport=22 generated too much traffic
Also from my understanding, it's not that hard to use some basic machine learning techniques to classify the traffic. That's the reason why Tor project developed obfsproxy to obfuscate the traffic flow.
obfuscation of traffic to make it not look like VPN can be helpful, but traffic flow analysis based on source/origin IPs, timing and kbps/pps can still identify what looks like a VPN.
>The firewall is a fickle, cantankerous beast that, to me, is really at heart of this matter.
The Great Firewall is only one aspect of the problem. Most companies would we willing to host their service within the firewall and deal with it that way. The problem is that running a service within the firewall requires going through the Chinese bureaucracy that is inherently hostile to foreign companies and internet companies.
I remember reading this comment awhile back when China shut the door on Uber: "They open the door, allow foreign companies to enter and train locals in the technology and then slam the door when they gain traction."
Google executives long suspected China of using local regulations and the GFW to show favoritism to local companies:
"[T]he Chinese government against Google seemed less to do with regulations and more like harassment. The sanctions appeared directly tied to how well Google was doing [...] Google executives believed that [...] when [its] market share approached 30%, suddenly bad things would happen. In China, companies need a license to run a website, and it took Google massive effort to secure one. [...] Google’s executives in China realized they were always one step away from another sanction."
I think this is exactly what the GFW is for. Train/show local talent a great concept, create/replicate homegrown version, cut off foreign version when homegrown version is ready.
At some point, China needs to be concerned if it's pissing off foreign companies. If they want American users, the door has to open both ways.
By the looks of it, it doesn't need to be open both ways at all. Like the article states, Chinese companies like Musical.ly have the chance to access and profit from the US market without US government intervention. US/foreign companies don't have that luxury in China, or they do for just long enough for a local variant to gain traction and then they're booted out.
Why the US puts up with this blatant WTO violation is baffling.
This is the last year where China will be viewed as market economy. After end of this year, they'll face tariffs and barriers to their trade due to the fact that China has not followed most of the requirements to stay in WTO. EU and US have already refused to automatically extend WTO acceptance for China. Watch for Chinese economy collapse after that.
But what is the solution? Does the US build its own GFW to "protect" its own Internet? If a Chinese company wants to build a service that Americans can use, aside from blocking credit card payments for those services, the US would have to build its own GFW.
I don't think that's the answer. Maybe sanctions or other disincentives that would encourage China to play by the rules? When China joined the WTO they made a commitment that they are blatantly disregarding. What we have now is not an even playing field, and if it continues to go unchecked the US will continue to lose this game.
You're missing the point. Even if you go through the entire process, get all the licenses, find excellent local partners, setup your infrastructure correctly, and only publish what the Party wants, you STILL have to go through the firewall. There are no exceptions, and your business suffers because you cannot do simple everyday things like having a conference call with your BJS office, or copying an image up to your CN servers.
Yes, the pain of doing business in China is great and asymmetric, but in some fashion, I'm happy that at least the firewall is a symmetric, universal problem.
doesn't touch on the simple technical pains of having to work across the Great Firewall
Lower bandwidth, higher latency, more packet loss, less reliability. But everything can be achieved. It's not a great problem once you're used to it.
Slack and WeChat
If you want global, secure, internal chat that works, use XMPP on a VPN. It's pretty trivial to set up.
Github is a disaster in China
No, it works perfectly. It's not even firewalled. I use it every day, no problems.
They'll turn to you asking why your API/whatever isn't working for their developers, and then expect that you have some miracle solution to get rid of the 200-400ms of latency (each way!) across the firewall, as well as a cure for the hours of it just dropping all traffic
That's not across the firewall, that's across the Atlantic. A good solution would be placing servers inside of China, or outside but nearby in Hong Kong, Japan or Korea instead of the US. For businesses of any size desiring access to the Chinese market, another POP is not a huge expense. Even for me in the west of China, HK is ~70ms away, Japan is ~100ms.
Others on HN have indicated that sufficiently well-connected foreign organizations get their VPNs treated nicely. I think if you are encountering these problems you're just not big enough or haven't paid the right bribes.
It's not about being well-connected. As a company you can actually apply for a state-sanctioned VPN service that would be given the green light and won't be throttled even in the worst of times. If this wasn't the case, how do you think all international companies work in China?
Even when you have control over both endpoints, months of uninterrupted service will be punctuated with weeks of playing hide and seek with the Firewall. BTDT.
The problem is when you have a global endpoint that Chinese customers want to access. What do you do then? You either have to figure out how close you can get your services to China and hope and pray they don't whack your traffic one day, or take the bigger risk of deploying your endpoint in China. Either is fraught, but if you want to service that population...
Is it illegal to use directional antennas in China? If not, do businesses just get a place with a view to Taipei and route all non-chinese IP requests that way?
Distance over the horizon can be estimated using d = 3.57 x (h)^1/2. Distance in km, height in meters.
Width of the Taiwan Strait = 180 km (coast to coast)
Height of antenna required for direct line of sight = 2,542 m or ~8,400 ft. This would be one antenna on a tower and one on the ground.
Tallest antenna in the world is on top of the Burj Khalifa skyscraper at 2,722 ft.
If you split the difference (so each antenna just sees the other at sea level), the tower would need to be 635m tall or 2,088 ft. So if you put a Burj Khalifa tower on each coast you could make it work.
That's definitely much easier. Crossing Shenzhen to Hong Kong is literally getting off the Shenzhen subway, crossing a bridge, and entering Hong Kong immigration and MTR.
that is way, way too far for any sort of reliable point to point microwave, even with a lot of elevation above MSL on both ends.
also the chinese version of the FCC will come along with their partyvan.
when you are dealing with a government where non-licensed non-compliant ISP type things will be shut down at OSI layer 1 by armed men with carbines, you have other problems.
Not sure if you were being serious, but along these lines, I stayed in a Shenzhen hotel late last year that strangely provided unfiltered internet. Of course it wasn't advertised as such, but Google worked (redirected to google.com.hk). Given the hotel was right on the border with Hong Kong, one could only speculate how this worked and which option was easier: always-on VPN or antenna :)
I've had consistent, unrestricted access to google/facebook/videos from 1989, all over China, using a tmobile sim card registered in another country.
A financial services "startup" in sz manages to run a VPN with some sort of official permission. Not sure what sort of connections made this possible...
Yes, roaming works. Preferably you use a HK sim. At least foreign companies can buy a connection to a foreign IX that doesn't go through the firewall. You can pickup HK 4G in SZ without roaming. International traffic from China sucks in general, not only because of the firewall. You can buy better international connectivity in some cases.
I was in Beijing two weeks ago, with 3 phones (AT&T, Sprint and T-Mobile). I could not get Gmail on any of them. No Facebook, Twitter, Google search, Google translate, etc. I had to fall back to Yahoo Mail (and WeChat and QQ).
In Shenzhen, there was a moment in the hotel where Google worked for about 10 minutes. I was elated but then disappointed when that brief window of openness ended.
And too boot, it's amazing that Chinese companies are still doing a really poor job of figuring out how to connect well to the outside world. They'll turn to you asking why your API/whatever isn't working for their developers, and then expect that you have some miracle solution to get rid of the 200-400ms of latency (each way!) across the firewall, as well as a cure for the hours of it just dropping all traffic. Perhaps the Party has scared them enough they're not willing to chance employees doing illegal things on the company's connection...
The firewall is a fickle, cantankerous beast that, to me, is really at heart of this matter. Because they want throats to choke for every packet on Chinese soil, they've created this huge barrier that touches everything you might want to do in China or with a Chinese company.