RSS
Twitter
Beat China's 'Great Firewall' By Ignoring It
from the just-like-that dept
A lot has been made about the so-called "Great Firewall of China" and how the country actually manages to restrict content on such an enormous level. Now a new paper is claiming that it's improper to think of it as a big wall surrounding the perimeter, and that the real censorship system is far less robust. Instead of actually blocking illicit packets from entering the country, China has set up devices that deliver reset requests to both ends of the connection. According the researchers, if people's computers were just told to ignore these requests, the system would be impotent to block the material. For China to set up a new system in response, based on stronger restrictions on the perimeter, might actually be a difficult technical challenge. So if this entry or the paper itself makes its way past the firewall, they'll learn, like everyone else, that online filters don't work. Update: Ed Felten is writing on this subject as well, and noting that as the system works it could violate US computer fraud law by basically launching a denial of service attack on both ends of the connection. Of course, it's not clear how that matters directly, since China breaking a US law doesn't matter much. However, it could raise additional questions about the US companies who supply the hardware and software for the firewall.
Reader Comments
(Flattened / Threaded)
Reminds me of college....
At my community college, there was 'filters' that helped block out a lot of the stuff we needed, helpfully. They also kept us from installing games, so they had to go. Turns out the password was 'bigbird.' Maybe china used the same one...?
(reply to this comment) (link to this comment)
Loser
Haha, you went to community college.
(reply to this comment) (link to this comment)
Re: Loser
LOL!
Hey don't putt down us comuneitie colledge poeple!
(reply to this comment) (link to this comment)
When I hover over "to restrict content on such an enormous level. Now a new paper is claiming that it's improper to think of it as a big wall surrounding the perimeter, and that the" it looks like a link.
(reply to this comment) (link to this comment)
Re:
Thats because Joe or someone at techdirt forgot to put the slash in the end tag for the link.
(reply to this comment) (link to this comment)
Machine that goes ping
A /. article yesterday mentioned a way to get around the Great Firewall of China. I say everyone should just ping the hell out of it with really big packets and see how long it holds up. I think something like a 5500 packet size should do.
(reply to this comment) (link to this comment)
What about the servers?
Can anyone explain how configuring USER'S computers to ignore the reset requests will maintain the connection when the remote server receives a reset request as well? Remote servers still won't send the users any data.. will they?
(reply to this comment) (link to this comment)
Remember, it's only a "denial of service attack" if you do it. If the government does it, it's just "parental controls" there "for your safety".
www.piratesandemperors.com
(mirrored at YouTube: http://www.youtube.com/v/xA0pPqXJoAI)
(reply to this comment) (link to this comment)
The Great Firewall is socially engineered
As an article linked from this blog previously pointed out, the Great Firewall of China doesn't rely primarily on technology, but on social engineering. Essentially, the Chinese government does such a successful job of intimidating both individual citizens and large corporations that it gets them to self-censor to a much greater extent than any artificial means could accomplish. To reach these ends, China doesn't need to actually block information, it merely needs to give the impression that it can track any information leak back to its source, at which point the fear of consequences will keep most people from seeking the information out or spreading it once they have it. This new "solution" to the problem won't accomplish anything unless it attacks the problem at its source, and that source is fear.
(reply to this comment) (link to this comment)
Re: The Great Firewall is socially engineered
I agree. Technology has nothing to do with it, it's the impression of control and power that the Chinese (along with every other totalitarian government) rely on. Slowly eroding that is the only thing that will bring true democracy and choice in China -- and that can only be done by the Chinese.
Everyone else should mind their business, IMO.
(reply to this comment) (link to this comment)
Re: Re: The Great Firewall is socially engineered
That might be the case, but US visitors to China are going to be disappointment if they plan to go to sites like Wikipedia, or blogs hosted at blogspot, typepad, or wordpress.com (I couldn't get to any of those). Internet access in the hotels and residences I was in sucked, barely better than dial-up modem speeds. expensive business class DSL in Shenzhen afforded me terrible upload speeds like 5kb/sec. This was my experience. Being a technologist, I don't think I'd ever live in China simply due to the current state of Internet access there. It's different of course, if you are Chinese living in China and know nothing else.
(reply to this comment) (link to this comment)
Re: Re: Re: The Great Firewall is socially enginee
Well, I am living and working here in the heart of Beijing as we speak and I have no problem getting to any of the sites mentioned, including this one!
I agree that 'The Great Firewall' is more of a bluff than an actual bet. Intimidation is largely sufficient in most cases to subjugate the confuscian mind.
If the hotel you stayed in is in any way foreign-owned (Radisson, Hilton, Sheraton, Ramada, Holliday Inn) then it is likely that the owners are doing actual domain/IP filtering out of that very fear -- similar to Google's recent announcement of willingly censoring content as ordered by the Chinese Government. And guess who then bears the cost of this filtering? Not the Chinese government... hehehe
(reply to this comment) (link to this comment)
Re: The Great Firewall is socially engineered
Next time I try to log in to BBC News from Shenzen I will imagine that the firewall doesn't exist and maybe just maybe I will be able to read the website.
Seriously though when you atry to access a site that is restricted your computer goes shows up to 18% on the access window then stops and tells you the website is unavailable. Ain't no social engineering there just plain engineering. It is fustrating at times but it does block a lot of dubious and unhealthy sites as well
(reply to this comment) (link to this comment)
You could almost think..
That China would actually want people to do this. I mean who the hell sets up a firewall this big, with so many people in their country, and so many people like poster #5 that would ping the hell out of it that it's like they are trying to coax people into doing it.
The fact still remains, putting a Firewall up anywhere is just like putting up a wall in real life, people will find their own ways around it, you will then spend millions to block that one spot, and they'll just get around another one. Just a waste of money IMO.
China can't stay communist forever, people wille ventually want to know what's going on around the world.
That's my two cents.
(reply to this comment) (link to this comment)
Now all they need to do is filter the effing spam that the chinese send.
(reply to this comment) (link to this comment)
Kill the Chinese with Love . . . and Bombs.
>> This new "solution" to the problem won't accomplish anything unless it attacks the problem at its source, and that source is fear.
But it's impossible to stop fear. Remember you need to fear fear, thus increasing fear exponentially. I say we just kill off the Chinese people and eat them. It's much simplier and it solves the world hunger problem.
(reply to this comment) (link to this comment)
And I thought that they just ran the filter with real humans, they have enough of them after tall.
(reply to this comment) (link to this comment)
a billion
(reply to this comment) (link to this comment)
so many Chinese people, so little time -- we may be better off if they stay walled in -- if a billion or so people see how good the rest of us have it they may wake up and really want it
(reply to this comment) (link to this comment)
Inoring RST
Ignoring RST would render TCP useless. If everyone did that, Routers would quickly go down.
Besides, that technology is patented in the US (at least for private networks)
(reply to this comment) (link to this comment)
it's a chinese firewall drill!
(reply to this comment) (link to this comment)
personal experiences with chinese firewall.
i used a computer in a chinese internet cafe in 1998 and got "site not found" whenever i tried to get to cnn.com, or any of the other major us media outlets.
earlier this year, i stayed with relatives there and through their DSL connection, had about 256 kbps consistently. and was able to access all the english language news sites except those in ny that were focused on chinese politics. i have no experience on the chinese language sites that may be the focus of their censorship.
i will say that i stopped using google when i was there. www.google.com was automatically re-directed to www.google.com.cn or something of that sort, where as the lesser known search engines were not redirected from what i recall.
when i really needed to access google, i connected to my home pc which i had intentionally left on, so that i could use its US IP address. unexpectedly, I found that this greatly reduced the download times for applications i needed to download from the web, my point2point connection to home was faster than to the us commercial sites.
call me an anonymous coward, but i am sure the PLA and NSA can figure out who i am from their logs. ... just kidding. :)
(reply to this comment) (link to this comment)
Re: personal experiences with chinese firewall.
PS (replying to my own message) - the real cowards were Disney. They blocked me from listening to WABC because I had a Chinese IP address.... and that was AFTER i registered with their site and gave them a lot of personal information, including my home address within their coverage area. Disney are real losers. Avoid them.
(reply to this comment) (link to this comment)
there are thousands upon thousands of proxys. and i mean thousands. a new one is added every hour. they cant stop all of them can they? foxyproxy can bypass anything with the right knowledge.
(reply to this comment) (link to this comment)
Try Freedur, you never seen anything like it
China firewall is lame – use Freedur.com to bypass it. You can bypass China Great Firewall and access youtube.com and all other sites which are blocked.
(reply to this comment) (link to this comment)
Add Your Comment