Encrypted-only access is not a solution, it's a patch. Here is how China could break it if they wanted to:
1. Choose domains that you want to monitor in this way. E.g. github.com.
2. Requests to any IP for that domain on port 443 will return a certificate that the Chinese government issued using CNNIC. This is trusted by at least Mozilla: http://snag.gy/E1ftE.jpg (note to self: delete that ca)
3. Requests to any IP for that domain on port 80 will be converted to ssl. So the browser is connected over http to the ISP, and the ISP's servers will connect over https/ssl to Github.
In all instances, monitoring is possible. Forcing ssl is no solution. It does make monitoring harder though, and I suppose that is a good thing already, but all the Chinese government needs to do is throw money at it and the ISPs will be able to handle this.
There was already a lot of debate about adding the CA, but the final consensus was, I believe, "as long as they don't actually abuse it, we should trust them; as soon as we have evidence of someone doing a MITM attack with that CA, we will blacklist it".
Perhaps the browser could do something subtler, but it's not straightforward. Or we could make the https cert protocol more flexible, but changing protocols is hard.
It will be interesting to see if the Chinese government makes their own alterations to the Firefox binary installers that pass through their network that add the CA back in.
Nobody checks their installers' GPG keys anyways
For as long as I can remember Sourceforge's usability has sucked. That's reason enough to avoid it (but omg! free file hosting!) but the installer thing maybe isn't quite as deceptive and malwareish as your first message let on. It's just another facet of their lameness.
Kudos to Gimp for dumping them. Why does anyone stay with them at this point?
The entire CA approach requires me to trust entities that I am not certain are truly trustworthy. After all they all fall under varied jurisdictions and at the end of they day they are owned and operated by individuals that can be bribed or coerced. Furthermore, we don't know what kind of practices each CA has in place to mitigate tampering and prevent subversion of the CA system.
With that in mind, is it possible to make a CA that is distributed (via a DHT) and publicly verifiable. The process to get a certificate from such a distributed CA could be a long, intense process, but at least it would be trustworthy to a degree no other CA could be.
Is Namecoin a viable alternative? Are there others?
Every major government has a CA cert in your browser. SSL was obviously designed to be subverted in exactly this way. You won't even get a warning. Google pins their own certs in their own browser, but Moxy's Convergene.io or something like TACK would need to be implemented by Google and Mozilla for you to have a fighting chance.
China could easily block Google outright -- while the Github reversal the author mentions is certainly surprising, Google represents only a small sliver of Chinese search engine use  and probably wouldn't result in much of a mass outcry.
GreatFire.org exists to end China's censorship - they have pondered long, researched, and have not missed your point.
China's weakness is they cannot censor where it crimps the economy too much.
Read: Collateral Freedom
China blocking all Google products would make such a backlash in China that it's not a feasible move for the China government. Just as with Github, too many people would complain about losing $$ in the economy.
Gmail, Android, Chrome, Picasa, Google Drive, Docs, Translate, Maps, Scholar, Books, Earth, AppEngine, Research, Hangouts. Too many Chinese rely on these financially, and in their jobs.
GreatFire.org is right. This is a superb defrocking of censorship that will work.
The real question is why isn't Google doing this.
Access to gmail is spotty and unreliable, like most other google services. Android phones connect to Chinese android market and most have alternative chinese only app markets. If google where to stop access to android market, people would get pissed, but switch app-provider.
For the rest, these are barely used services. I don't even think hangouts are accessible, since it's a part of Google+, which is blocked. Maps? Year, it's nice, but so is Baidu maps.
Picasa? Which economy is impacted by picasa?
> China's weakness is they cannot censor where it crimps the economy too much. It's brilliant.
While this is true, google is not one of them.
“Google! Do it! If they don't block you, freedom wins. If they do block you, there will be much more opposition to censorship inside China and the system will be forced to change, thus freedom wins too!”
It's nice that they're willing to see Google blocked, but they're not actually giving up anything if that happens. Google on the other hand is a public company and has a lot more to lose if they're blocked. What would the shareholders say to Google risking the ad revenue from Chinese Internet users? And they're already fighting for marketshare with Baidu ... they could end up losing enough ground to never recover.
The activists might find that tack is a far better way to proceed. Google could easily just say "switching to HTTPS is in accordance with our policies throughout the rest of the world and it's (one way) to protect Chinese users from spying by the NSA (and others). Actively redirecting blocked requests to cached pages would on the other hand offend the Chinese government and would signal Google's true intent.
If you're going to be activists, you need to have a much better understanding of corporate motivations as well as become much more tuned into politics.
GreatFire.org is at the cutting-edge of research (including from Harvard, Princeton, and many software engineers globally and in China) to end the censorship in China. GreatFire.org is on the front lines of solving censorship.
This idea is new research that works.
Google has a preponderant position in search in 125 nations, and is not hurting that much from retreating to HongKong. Baidu can't even get a foothold going in Japan.
On the other hand, the blunt mercantilism which keeps Google, Twitter, YouTube, Facebook out of China stands to weaken by applying this excellent idea.
Google actually may benefit by responding adroitly to the intentional evisceration of Google by the Chinese government.
The beauty of this research is that it probes a blind spot in China policy not easily remedied, while hitting the one place China cares about - money and the national economy.
All I was stating is that part one of the two-part proposal (encrypting all traffic) should be done on it's own - that providing access to blocked content took Google from a passive position to an active one. Most of the students at Tiananmen Square didn't risk getting run over by a tank, but we still talk about the fact they had the courage to rally. If GreatFire.org wants to decides to take on the tank, that's fine, but it's not fair to push Google in front of the tank ... that's their decision to make.
P.S. The article also discusses Google's "Don't be evil" model ... I agree that it would be admirable to also try to abate evil where they can.
P.P.S. After watching the Matt Damon video in another posting, I'm reconsidering blind obedience myself!
Why are you tackling censorship in China first and not any other country, like your own?
He didn't overlook it, he addressed it specifically. Read the article.
Even worse, that's by revenue, not searches:
3% of search is a blip.
[EDIT: Fixed the links mangled by cut-n-paste from other thread]
What Google's search market shares have to do with that concept is beyond me, though.
The premise relies on Google being irreplaceable to the Chinese economy.
We are gambling with Google’s stack that
they are big enough and important enough
that the Chinese authorities would not
dare block it in mainland China completely.
Market share is a good proxy to measure that population, and it's 3%.
I'm not convinced that 3% is large enough to cause the government to give up.
The last time Google did this with the Chinese government, I remember Microsoft was ecstatic at potentially replacing Google in China with Bing, by following the same requests Google wouldn't, from the government, just so they can win even an extra 1 percent market share (which they never did, anyway - Baidu filled the gap).
As long as US companies keep screwing each other over for that extra 1 percent they can gain over their competitors in China, if they do follow China's orders, while the competitors do not, this is going to be a very hard thing to "win". So shame on those who do that.
"How the United States Senate could end political gridlock in just 10 days"
As an idea, it should be so thoroughly discredited by now that merely stating it approvingly marks one as either morally deficient, an idiot, or both. Making that statement should be at the same level of social disapproval as, say, suggesting genocide as a reasonable way to deal with undesirable people groups.
As of today, though, regular run-of-the-mill people are unable to formulate why that statement is not just wrong, but ridiculously, appallingly so. I fear learning why will come at a rather significant cost to humanity in general. :(
I guess this is how civilization moves forward. It's not pretty.
Changing the public view from within China to fight against censorship is harder but I think it would be far more effective.
This Guardian article is a "shorter version" of the original article at http://en.GreatFire.org
The author of this article, "charlie", is contending that actually, Google could end it in 10 days, simply by turning on encryption for their own service and offering cached versions of any sites that are blocked.
So yes, Schmidt was talking about a global technological shift, while this author was talking about a simple pragmatic step that could be taken by one company, Google, and which they already have the infrastructure for as they already do everything needed (encrypt traffic, offer caches) for their other properties.
>>“Google! Do it! If they don't block you, freedom wins. If they do block you, there will be much more opposition to censorship inside China and the system will be forced to change, thus freedom wins too!”
I don't think the author realizes what a "win" means to corporations. Helping the cause of freedom doesn't turn losing a billion potential customers into a win, it's just the silver lining on a very dark cloud.
Comparing Google's surveillance to Chinese totalitarian state is obscene.
Request URL: http://tripstamp.com/api/authenticate
Request Method: POST