6

I know that China prevents access to many resources/content on the Internet via a "great firewall".

While there are multiple ways of getting past/through this firewall - some are more involved and less practical than others. For example - good luck trying to get reasonable response times for anything interactive via Tor.

My question is: What do Chinese computer users, who might be somewhat tech-savvy but are not programmers or ICT professionals, use in practice to get past the firewall? What methods are the popular ones?

einpoklum
  • 429
  • 3
  • 12
  • This can be approached in the same way as any situation where outbound traffic is restricted. Find out what protocols are allowed and find a way to tunnel through them. – multithr3at3d Feb 28 '18 at 18:48
  • Possible duplicate of [How can encrypted traffic bypass the Great Firewall of China when it is being blocked?](https://security.stackexchange.com/questions/25891/how-can-encrypted-traffic-bypass-the-great-firewall-of-china-when-it-is-being-bl) – Xiong Chiamiov Mar 01 '18 at 17:46
  • 1
    @XiongChiamiov: Not a dupe, I'm asking about what's _popular_, not about what's _possible_. – einpoklum Mar 01 '18 at 17:53
  • 2
    @einpoklum Determining bypass methods is on topic for this site; so is discussing their pros and cons. Trying to determine the *current* popularity of the various methods is not actually a security question, nor one well-suited for Stack Exchange (since we don't like questions that go out of date easily), and thus not on-topic at security.SE. – Xiong Chiamiov Mar 01 '18 at 23:50
  • @XiongChiamiov: I asked this question on politics.SE, and they thought it belonged here. – einpoklum Mar 02 '18 at 01:12
  • @FyodorGlebov: 1. What censorship program? Does Germany have a similar "great firewall"? 2. How do you know the same methods are the popular ones? – einpoklum Mar 04 '18 at 18:13
  • 1
    @FyodorGlebov: 1. that's incredible; I didn't know it was this bad. Is there an English translation of the text of the law? Having said that - it's a different mechanism. The Chinese prevent your access to content, the Germans have social media delete content. Or am I wrong? – einpoklum Mar 04 '18 at 19:23

2 Answers2

8

Domain fronting using the Tor Browser is the easiest and hardest for them to block. It's quite popular because of it's effectiveness and ease of setup. Basically, it uses a legit domain like Amazon's CloudFront or Microsoft's Azure as a proxy to Tor. It's like a proxy to a proxy. Because they can't block those legitimate domains, they cannot block this method. This also reduces the risk of detection because alternatives like VPNs can eventually be found and blocked, and the users persecuted.

https://trac.torproject.org/projects/tor/wiki/doc/meek

Daniel Grover
  • 872
  • 5
  • 10
  • Can you explain briefly or link to an explanation to what domain fronting means? – einpoklum Feb 28 '18 at 23:19
  • 2
    @einpoklum Domain fronting is explained in https://www.bamsoftware.com/papers/fronting/, which was a link in the Tor Project page that the answer provided. – forest Mar 01 '18 at 03:40
4

In china, people use all sorts of ways to try to break the great firewall. To name a few ways, VPN, shadowsocks, XX-Net, freegate, psiphon,Tor.

According to my experience, people who are not highly educated tend to be content with what they use inside the wall. Because there are plenty of Chinese counterpart of famous services. To name a few:

  • Baidu: The No.1 search engine in China for now (but I think it is really terrible in various ways, both technically and morally).
  • Weibo: China's twitter (quite good, but also delete your posts or suspend your account if you post some sensitive content)
  • Youku and Iqiyi: these two are the largest video site in China.
  • Wechat: China's No.1 social media APP, where people can communicate and share their daily life in the so-called Friend Circle.
  • Taobao and Jingdong: China's largest online selling platform.

Of course, there are more than that I can list. So basically, a lot of people do not have the need to cross the fire wall. They are just satisfactory with what they see and hear inside the wall and are not willing to see what it is outside.

For those who want to cross the wall, the situation is not so good. You can not easily download VPN APPs in the app store. They are banned by the governments. A lot of website where you can buy VPN services or download apps have also been banned. In fact, the famous code sharing site GitHub has been banned once. But it was unblocked shortly afterwards.

In order to cross the firewall, it is often a question of chicken and egg. For example, you can download the open source XX-net from GitHub. But in order to configure it, you need access to Google to set up a free Google App Engine account. Even though you can cross the firewall, most tools you use are not so stable and maybe ineffective or dis-connected every once in a while (which is super annoying). I myself have managed to buy a VPS outside China (cost about 150yuan a year) and set up a shadowsocks service. So I use shadowsocks to cross the firewall and it is quite stable (although there are researcher home intend to detect the traffic of shadowsocks and block it).

To make things worse, if you try to set up a proxy service and sell it to others to make a profit, you are one the brink of breaking the law. As a result, even highly educated people may not have a reliable internet connection to the outside internet.

In summary, although there are plenty of tools to cross the firewall, few people know how to cross reliably.

jdhao
  • 141
  • 3