Another explanation is the upcoming 19th National Congress of CCP. Recently many policies have been published to restrict freedom of speech, indicating the leader now might desire another 5 year presidency.
Might? The consensus outside China seems to be that another term is a forgone conclusion
What if there was a method of changing the standard data formats to be randomized based on one time authorization codes? So your SSH/SSL/L2TP/etc was mangled around to something corresponding to a one time auth function. Basically pre-encrypting or obfuscating to avoid the deep packet inspection.
And hats off to the Tor people and all the good work they're doing there.
For example, I try to avoid the Mac App Store and buy/download direct from the vendor, where possible. I can't do that on iOS.
So what do these VPN apps actually do? Are they just a front-end for some service, but the phone still uses IPsec? If that is the case I assume you can configure IPsec manually?
Can someone explain? A link to some technical document would be amazing.
A vpn app contains such a plugin, plus the required user interface to login/configure the service. The user downloads the app, configures it providing credentials (or gets auto configured through a MDM) and then the vpn network appears in Settings, among the other VPNs created with a builtin protocol like IPSec.
The vpn plugin is obviously sandboxed with the minimum possible privileges.
This is a WWDC video explaining it: https://developer.apple.com/videos/play/wwdc2015/717/
This is a blog post with a tutorial: http://www.hideme.io/blog/en/ios-9-vpn-api-network-extension...
This is the entry point for the official documentation for all kind of network plugins, of which VPN is one: https://developer.apple.com/documentation/networkextension
Edit: actually after reading your link, it appears Network Extension is supported by macOS as well? That would be great news, if vendors would also update their apps to use it.
But macOS doesn't have a tun/tap device. It needs kernel drivers to create one.
In either case, my main gripe is with Cisco AnyConnect, not OpenVPN. Cisco AnyConnect is very popular, I haven'd had any client use OpenVPN, though many do use IPsec.
The legit apps are mostly VPN policy/configuration managers. You give them permission to hook into the built in consumer and business level VPN capabilities built into iOS without giving them ability to MITM all the traffic on the device.
Mostly the apps give you tools to select the edge / country you want to connect to, whether you want DNS ad blocking, and a way to use App Store subscriptions to pay for VPN. They can also give you easy on/off 3D Touch or widgets, or show you dashboards of usage.
You can use an app to create a VPN profile then remove the app, it’s not needed. You can also load VPN profiles other ways, without an app.
Businesses are technically allowed to have VPNs. China still relies on foreign companies and a lot of Chinese companies rely on for example adwords to promote their business outside of CN.
(this doesn't mean it's uncommon for CN to try to hack into these VPN tunnels, but the goal is not blocking access, and more about corporate espionage).
The Great Firewall also operates on a (customer) ISP level (rules and DPI varies per ISP and city) and not so much on outgoing traffic.
Most western companies rent fiber directly that is not affected by the GFW.
For example I know they could easily spot OpenVPN traffic and send RST packets to the host (also any DNS request with vpn is often send to a honeypot). IPsec had better chances of success (perhaps because that was less common?).
The VPN (and information control) targets mostly local Chinese. They don't care too much about tourists (collateral damage).
What they're presumably trying to prevent is anonymous VPNs (in that the client is unknown).
The irony of that is alarming.
Perhaps someone should show Tim Cook.
I have no knowledge on that, so if that's an absurd assertion, please feel free to let me know.
1. Google complied with the China's censorship laws for a while, but since no good deed goes unpunished - they got hacked by China. Only afterwards did they decide to leave the Chinese market altogether and no longer censor their Chinese results. They do get blocked now, from time to time (or depending on keyword, I forget).
"Despite their polished 'Designed in California' efforts to strike a tone that resonates with the affluent organic free-range eco-democratic westcoast set, when the rubber hits the road, Apple kowtows to authoritarian despots if the profits are 'iphone-scale'."
Does that also sound like flamebait to you? If so, then I suggest you introspect about where and why your fires burn.
Did Apple cooperate with the FBI when they asked to help with the Pulse Club terrorist? No.
Pretending there isn't a moral dimension to it just because "it's business" is absurd.
To a degree. Every business has to follow the law of their head office and umbrella group. When local law is inconsistent with head office law, then a grey area is entered. If this grey area is not reconcilable, then head office wins and local office capitulates or shuts down if pushed to that extent.
Lastly, we don't have the right to tell China what is right for China. We can say we don't agree but similarly do we listen to China when they tell us what they don't like?
If they have good points, yeah. Grading ideas based on the source is a good way to stay ignorant.
Don't tell us you would say "no".
They've done it with various anti-LGBT efforts that have taken place around the US, they've done it with the fight with the FBI and they're doing it right now in Australia , among others.
What they don't do is shoot themselves in the head in some misguided attempt at ideological purity.
well, according to the post, they are actually complying with the law even now.
The law might suck, but it's the law.
I would say "no". Tons of us would say "no".
There are various things on this spectrum that any business can choose to do, or not do: use child labor, use political prison labor, dump toxic waste in public streams and rivers (after funding lobbyists to make it legal), etc.
(And not just in China. For instance, Apple banned an app I used to keep rough tabs on how many civilians my democratically elected government was killing with drone strikes.)
There's a even strong chance I'd actively hamper company operations surrounding the project, and bust out psychological warfare on management until fired.
Millions lifted out of poverty. Nationalistic fervor. Chinese tourists traveling abroad (shows affluence.)
I'm no China apologist but we could do with less grandstanding overall.
The Chinese are the People, that's the point. Socialism. That's the definition of socialism.
The way you phrase 'The Chinese treat their people' is what socialism exists to fight against... or that's the ideological angle...
You cannot confuse nation, nationality, and identity for mainland China. They're rolled into one, which is perfect for the current hegemony.
Of course no one takes them seriously, because the actual reality on the field is that nothing other than profits matter.
I would love to see the party trying to come up with an excuse for their VIPs and their angry daughters for an Apple block.
If anything will add to the further downfall of Apple in China, it stripping functionality of the most popular mobile payment app in China. https://www.bloomberg.com/news/articles/2017-04-19/tencent-s...
Even more reasons to not do it. If Chinese Government decided they want you out, you will be out. Why not take some advertisement with them for the rest of the world? They surely knew how that works with the FBI problem.
Companies like Apple, Google, and Facebook can sway the world right into totalitarianism via their support of censorship and disregard for basic human rights. If these companies do side with the least common denominator, where does that leave the rest of us?
Even without VPN clients, iPhones still provide superior client-side security to a lot of other phones out there.