Tunneling Under the Great Firewall? 403
An anonymous reader writes "I am traveling to China in the near future, and needless to say as a Slashdot reader I am going to require access to the Internet. The whole, unadulterated, unfiltered Internet. Also needless to say, I am very leery of the government there (my lack of a nickname on this submission being testament to that). I will only be there for a few weeks, and will not be using the computer for much of that time, so I don't want to shell out a lot of money to a VPN service. However I also don't want to be hindered by extremely slow speeds such as those provided by the Tor network. I have experience implementing Web servers and work fairly often with Linux; however, many of my friends who also face the same dilemma don't. What would be the most cost-effective (free is best) method for me to subvert the Great Firewall during my travels while maintaining sufficient anonymity and enjoying sufficient speed?"
Fear (Score:3, Insightful)
This fear of China is just WTF. "my lack of a nickname on this submission being testament to that", VPN's, Tor, all of that just to browse the regular Internet. Anyone who writes these things obviously have not been there or in the other Asian countries.
Most of the western quality hotels provide access to unfiltered Internet and you are most likely staying in one of those. Besides, the Chinese and Asian in general are quite relaxed people. Just think if American cops would be this patient and try to help the guy [liveleak.com].
Seriously, the Chinese, Asian and rest of the world hate and fear by Americans is getting beyond ridiculous.
Re:Fear (Score:5, Informative)
Besides, the Chinese and Asian in general are quite relaxed people.
It isn't the general population causing the VPN problems we have with people travelling in China, it's the government.
Re: (Score:3, Funny)
Re:Fear (Score:5, Insightful)
Slashdot rails against DMCA, censorship, walled gardens, etc, and you expect the Chinese government to get a free pass? What a joke.
You can raise frail strawmen all you want, but it's not about how "relaxed" Asians or anything else like "hate and fear" that you've just made up in your post. It's very specifically about the Chinese government. Exactly what part of "I am very leery of the government" have you completely failed to understand?
Is this REALLY a conversation you want to get into?
Re: (Score:3, Interesting)
Are you sure? What makes you think that?
LOL (Score:4, Insightful)
Re: (Score:3, Insightful)
"You have no possible reply that is not hypocritical so I won't be responding any more" screams TROLL and is a cheap cop-out screaming you are so unsure of your position you can't defend it, but I'll feed it anyways...
Exactly. How is this hypocritical, at all? You have no entitlement to healthcare, because if you were entitled to it, it must be forcefully taken from someone else. It's not t
Re: (Score:2, Interesting)
Is that 'unfiltered' access also 'unmonitored'?
Re: (Score:2)
Re: (Score:3)
Even IF you're assuming the OP doesn't care about the Chinese government's filtering and censoring from a philosophical, practical or personal viewpoint, let me wikipedia that for you: http://en.wikipedia.org/wiki/Industrial_espionage [wikipedia.org]
Re: (Score:3, Funny)
Re:Fear (Score:4, Funny)
What Firewall? (Score:4, Informative)
"seditious Chinese website" -- like wikipedia, dropbox, archive.org, google cache, blogspot, sourceforge, freebsd.org, youtube, twitter, foursquare and facebook .
My experience might be a bit outdated (October 2008 was the last time I was in China), but I didn't see much of a firewall there. The only sites that I couldn't reach (occasionally!) were zh.wikipedia.org (which I tried out of curiosity) and a sourceforge download site in Taiwan. And I tried a lot of sites, including the ones that you mention and other usual suspects.
My Chinese colleagues told me that generally only Chinese-language sites and sites located in Taiwan are blocked. They also told me that anyone with basic computing literacy can circumvent the firewall anyway without so much of an effort. I can't tell you much about the details because I didn't need to and my colleagues didn't seem to want to speak about it. My impression was that the Chinese DNS server just didn't resolve some site names.
At times I had the impression that the SSL connection to my webmail service in Germany and the VPN connection to my company's intranet was a bit slow and unreliable (which made me paranoid of a man-in-the-middle attack), but when I was in the US recently the connection was even more slow and unreliable. Draw your own conclusions.
Re:Fear (Score:5, Insightful)
Yup. I dont understand also other parts of the question...
"Shell out a lot of money for a VPN service..." $9.95US for 1 month is a Lot of money?
He also claims he knows computers yet does not think of setting up his own VPN gateway at home? It's clear he is not moving there, just going there for a few weeks. Nobody I know terminates all their leases and sells all their stuff to go out of the country even for a few months....
Pay $9.95 for VPN service each month, or set up a linux box as a VPN point. Call it done.
Re: (Score:3, Informative)
Even cheaper: $19 for three months, by the IPREDator: https://www.ipredator.se/ [ipredator.se]
Re: (Score:3, Funny)
"Shell out a lot of money for a VPN service..." $9.95US for 1 month is a Lot of money?
In China it is. Have you seen that exchange rate? Damn...
Re: (Score:3, Informative)
Or, if you have a linux web server (as he claims he can setup) setup SSL on there, and redirect all web traffic over the SSL Tunnel. Bonus points if he authenticates to his linux box using keys, instead of a password.
Re: (Score:3, Informative)
Oh goodness.. I have been dealing with SSL all morning.. Of course, I meant SSH.. grr
http://www.ubuntu-unleashed.com/2008/03/howto-create-ssh-tunnel-for-firefox-to.html [ubuntu-unleashed.com]
Add squid if you are nervous about other web based tools, besides a single browser window.
Re:Fear (Score:5, Insightful)
Good luck! (Score:5, Interesting)
At my workplace we have people who travel to China. On occasion VPN connections from China just stop for hours or days at at time. No hits at our VPN endpoint from China at all; the traffic is stopped upstream somewhere while everything else that is unencrypted works.
That's the only country we have people visit where the VPN can be problematic.
Re: (Score:2)
Use SSL proxies. There's a huge number of them, and people scan for and compile lists for new ones all the time. It's not as slow as Tor, but if you find one that doesn't use a standard port (8080, etc) it may work well for you. I use them all the time to download stuff from "geo-locked" websites like the iPlayer/BBC.
Re: (Score:3, Insightful)
Do you really trust using a random SSL proxy for getting out? That's likely to cause even more problems, because you almost certainly do not know who owns the proxy and what they're doing with your traffic. If the guy has to do anything sensitive like banking, his ability to do so safely has dropped precipitously.
Re:Good luck! (Score:5, Insightful)
Re:Good luck! (Score:5, Informative)
Yep, mod parent up.
Even better, make one yourself. Grab an old box you have lying around, whack a copy of Ubuntu on it (or other Linux distro of your choice), enable SSH server and leave it running on your net connection at home. Then using PuTTY or whatever on your laptop you're taking to China, make SOCKS proxy/SSL tunnel to your home box and you are good to go.
Free software and simple to do. Speeds are limited by the speed of your connection in China, and obviously the upstream speed of your net connection back home. But should be enough for basic browsing.
Happens exactly the same with the good ole' USA (Score:2, Interesting)
All 3 are linked together with a VPN.
And just after the planes struck the buildings on 911, the VPN with Detroit mysteriously went down. Unencrypted connections continued working as if nothing happened (so it's not a case of a router being located physically in WTC, or whatever). A couple of days later, all was back to normal. No explanation ever follow
Re: (Score:2)
and the service interruption was probably caused by the fact that a lot of network equipment driving the transatlantic link was in the WTC FFS!
Re: (Score:2)
Yes. The servers tasked with performing MITM against encrypted traffic in and out of the US, probably. I didn't say this, btw - it's just the only way in which your statement would possibly make sense. Where do you work?
Re: (Score:3, Informative)
I live in China. I access the Internet unhindered. I've never, in nine years, encountered a situation where only encrypted links are shut down (for even MINUTES at a time!) while everything else went through. I have experienced situations where specific backbones get so badly clogged up that *all* traffic (including, sadly, my link to my VPS) is screwed up, but never one where just the link to my VPS was down.
That's almost a decade, folks. I'm not quite calling "bullshit" on grub here. I'm sure he's se
Re:Good luck! (Score:4, Informative)
i run a VPN server for several friends of mine - the whole use is to get around what ever they run into - be it China (rare but they do go there) or some lame ass university's filter..
one of the more often used services for really locked down places is a good old SOCKS server running on 443..
Pick any... (Score:2)
Fast, Easy, Secure. Pick any two.
Sorry, pal - it's those pesky laws of the universe or something gettin' in the way...
Re: (Score:3, Funny)
Given that you're losing out on "secure", you might want to think twice about that. I hear the viruses you can get are quite a pain to deal with.
Make a proxy. (Score:2, Informative)
SSH (Score:5, Informative)
SSH tunneling with SSH -D is trivial to set up. Make sure you forward DNS with network.proxy.socks_remote_dns set to true if you're using Firefox.
I think I read that SSH can even create a virtual network device that forwards all traffic over a tunnel. Haven't had time to play with that though. That would be a great solution for every app, even those that don't support SOCKS proxies.
Re:SSH (Score:4, Informative)
Yup.
-Setup a ssh server outside of china, always on. for windows use some port like copsshd.
-Set ip up at an alternate port (not 22, use 443), it will obfuscate it a little bit.
In china run ssh client, putty can do this, tunnelier has some more options
https://calomel.org/firefox_ssh_proxy.html [calomel.org]
Then use proxy options of firefox to send traffic over this proxy. Be careful no to leak too much dns info.
Re:SSH (Score:5, Insightful)
I'm not sure if this is what your referring to but I use a SSH socks proxy and tsocks under linux quite a bit to allow proxy unaware apps to be use it (like RDP). The only issue I have with this setup is DNS. Since it primarily uses UDP not TCP for lookups they are all performed against the locally configured name servers not the remote. I haven't found an elegant solution for this yet but your network.proxy.socks_remote_dns config may help a lot (I've never heard of that before).
For the original submitter, I understand your reluctance to being restricted and object to the idea of the great firewall as much as the next guy, however is completely open access really worth breaking the law there and potentially being imprisoned in China. Also keep in mind that while you may object to the concept of the firewall but you are a guest in the country and breaking any countries laws while as such is really disrespectful. If you really don't like the law don't travel there, if your trying to make some sort of political statement (which I doubt) then best of luck to you... China isn't well know for being good sports about that sort of thing.
Re: (Score:2)
so keep in mind that while you may object to the concept of the firewall but you are a guest in the country and breaking any countries laws while as such is really disrespectful.
Allow me to play the world's smallest Er-Hu.
Re:SSH (Score:5, Insightful)
Re:SSH (Score:5, Insightful)
respect and saving face is a huge part of the culture
And in other places they eat live eels. There's a lot of stupid shit in the world.
While what you say may be true, to say it like that is like saying we should give them a pass for their obnoxious behavior simply because they're used to it... Shall we give racists in our home countries a free pass on their idiocy simply because it's cultural for them to be hating?
flip the tables and say some guy wanted to view CP in the US
Oh please do drag that stupid CP argument out here so we can kick it to death.
The US allows brutal degradation of actresses for porn, depictions of rape and murder, actual footage of such (usually), depictions of infants being cooked and fed to dogs, etc, etc, etc. And in the middle of that they want to draw a fence around CP.
Many token arguments are made, such as it encouraging real abuses, but they could be made for any of the rest of that cesspool. Ultimately they all fail to the brutal reality that censorship and FUD aren't security. The blind panic around CP is growing old, we can see it's not actually doing anything to protect anyone. And the censorship not only wouldn't help, and is immoral to implement, but is impossible.
I'd support someone looking up communism when it was the panic word. How could I draw the line at some other panic word? And even if I could, how could I know I wasn't just panicking? So no. For practical and ethical reasons we can't censor even if the content disgusts, scares us, or reveals our war-crimes.
circumventing the laws of a nation of which you are not a citizen is not only illegal
Tautologically, circumventing any law is legal. And just as meaninglessly, breaking a law is always illegal. But is the law right? Is the nation valid?
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Actually, this [perturb.org] is what I was thinking about. You get an actual entry in ifconfig, and with a little routing it should be entirely transparent to all applications.
Re: (Score:2)
NX is a great cross-platform remote desktop application that runs over SSH. On Ubuntu, I just installed the sshd package and the NX packages from nomachine.com and it's usable for any ssh-able user account on the machine. Just open a port on your router and maybe get a domain for it and you're ready to go.
Re: (Score:3, Informative)
1. ssh -ND 8080 anyserverwithssh
2. Direct Firefox to use localhost:8080 as a socks5 proxy
Confirmed to work in China by a friend who was recently there.
Is ssh blocked? (Score:2)
if not, do
ssh -D 9999 my.home.machine
then use localhost port 9999 as the SOCKS proxy.
Re:Is ssh blocked? (Score:5, Informative)
I have done this from Beijing and it worked the week I was there.
FoxyProxy is a nice add-on to use for this, since it allows you to either whitelist specific sites for use through the proxy, or to simply switch back and forth to the proxy as you need.
Re: (Score:2)
Even if it is blocked, you can use corkscrew to circumvent it.
Screenshare (Score:5, Interesting)
Before leaving, set up a computer with decent upstream bandwidth and VNC / screen share. Pretty simple, and only shows a connection to that one IP address. If you use OSX it's a 30 second setup in sharing preferences, and I'm sure that there are windows and Linux equivalents. You may need to tweak the ports to get under the Great Firewall.
However, one significant drawback (with the OSX solution) is that audio is not streamed. Another is lag with slow / far connections.
But it will get you the full net.
Re:Screenshare (Score:4, Insightful)
Re: (Score:3, Interesting)
A friend's friend for whom I set VNC up for it didn't work to well. The connection was heavily throttled and to slow to be useful.
Re: (Score:3, Interesting)
Yes, when I was in Japan the lag to Europe made logmein and VNC a bit of a chore to use. Some kind of tunnelling will make for a better user experience in my opinion.
Anonymous? (Score:5, Funny)
Just change your online name to "FreeTibet". They'll never notice.
Re: (Score:3, Funny)
Ummmm... (Score:5, Insightful)
I suggest that you play nice with China's laws if you are going to China. Trying to bypass their firewall as a foreigner traveling there is more likely to attract the sort of attention you don't want than anything else. As you said, you're just going to be there for a few weeks. Do you *really* need to search for the kind of stuff they filter out while you are there?
My wife travels regularly to China for work. We are very careful about our conversations on the phone when she's there, and about the emails we send when she's there. I sure as hell would never advise her to try to bypass their firewall.
If you are a Chinese freedom activist, by all means, you know what you're getting into, bypass away. I support the people of China in their efforts to access the whole internet, to speak their minds, to be as free as they care to be.
If you are a Westerner visiting, I'd suggest you just hold your horses there bucko and deal with the internet you can get from your hotel room and don't make yourself look more suspicious than you actually are. You really, really don't want anybody to think you are doing anything against Chinese interests while you're there. Seriously.
Re:Ummmm... (Score:4, Insightful)
Yes. Remember the US government is under no obligation to get you out of prison for trying to subvert their firewall. Most of the time if you commit an obvious crime in another country, the US is more than happy to let you serve your time.
SSH + Squid (Score:2)
Keep your home computer run at home with SSH listening to a non-standard port (80 or 443 are good choices).
If you're going to be using Windows computers in China take a USB thumbdrive with you with a copy of PuTTY installed.
Forward ports 53 and 3128 and set your web browser proxy and DNS settings appropriately.
remote desktop (Score:3, Interesting)
if on windows, set up your home computer to accept incoming rdp requests (and configure your router to pass that port to the right machine), and leave your home computer on the whole time
login remotely, and surf anywhere you want
Re: (Score:3, Informative)
Opening up RDP to the world isn't a good idea:
http://www.google.com/search?num=100&hl=en&q=%22remote+desktop%22+vulnerability+site%3Amicrosoft.com&btnG=Search [google.com]
http://louwrentius.blogspot.com/2008/11/did-you-know-that-rdp-is-s-secure-as.html [blogspot.com]
http://secunia.com/advisories/15605/ [secunia.com]
ok (Score:2)
then install windows xp on an old junk machine just for browsing remotely
pay zero attention to security
then wipe the thing when you get home
Re: (Score:2)
Private Proxy? (Score:2)
The best solution may be to set up a private proxy such as CGIProxy on your own web server behind HTTP auth. Then access it via HTTPS only (on slashdot I think I read a story where someone's site was blocked for such a proxy... using HTTPS greatly reduces the chance of that). I think there was speculation on slashdot a while ago that the Chinese government could probably issue signed SSL certs if they wanted to and thus easily perform man-in-the-middle attacks. You should probably check to be sure the ce
SSH as a solution (Score:2, Informative)
This is a really simple problem to solve.
Keep a box at home, run Linux/*BSD/whatever on it. Have SSH on it. Run SSH on a "common" port that's not 22. 21, 23, 56, 69, 80, and 443 are good candidates. For good measure, keep a small web-based admin util on some other common port (with SSL!) in case you guessed the SSH port wrong.
Use SSH as a proxy. I forgot exactly how to acomplish this on *nix but on Windows... Use PuTTY. Connection -> SSH -> Tunnels. Set a random source port (which is what port you con
SSH -- avoid known & transparent proxied ports (Score:2)
This is all good advice.
As for your port advice, I agree to avoid port 22 -- I have this totally disabled on my FreeBSD system.
443 is a good alternative since it is the normal HTTPS port, but in my work as a consultant I've run into client networks where HTTPS works fine but SSH through port 443 doesn't work at all. I seldom get to the bottom of it, but usually its a filtering/transparent proxy device that works with normal HTTPS traffic.
My work around (that hasn't failed yet) has been to run my SSH server
China asks Slashdot how to catch hungry minds (Score:4, Funny)
So when China asks slashdot how best to catch people circumventing their firewall, how would they do it? They might pretend to be a western touron visiting their fair nation and asking some innocent questions about firewall circumvention. If any of these methods are effective, they are likely to cease being effective now that they are widely published. Either way, the anonymity of the poster prevents direct help and indicates perhaps a clever approach to hardening the firewall.
Re:China asks Slashdot how to catch hungry minds (Score:5, Insightful)
Hey, if all information wants to be free, it will be free for everyone, including the "bad guys".
Re: (Score:2)
Yes, because the IT experts in China are all complete retards and they have never heard of SSH/Tor/whatever... no only us smart people from the west know and understand about these tools...
Have you considered that China probably knows about every method mentioned in the responses and probably some more? It's likely that they've decided that things like ssh filtering are too hard, or that they're not really worth the hassle, or that the prototype of their new ssh-block-o-tronic (made from the souls of dead p
Re: (Score:2)
SSH tunneling (Score:2)
Meh, I'd just simply chalk it up to part of the cultural immersion, to experience the internet the same way the locals do. Ask the Chinese at internet cafes, they'll probably be more than happy to point you to the workarounds they use.
For my part, I'd simply run ssh back to my box and run "links" to do searches from home.
With a little more effort, you could do SSH+TightVNC or TigerVNC to extend your home desktop... performance is actually pretty decent even with modem-like uplinks.
With a bit more effort, y
How much is it worth to you? (Score:2)
After all if the firewall is the law, subverting the firewall may be illegal; which could lead to your stay being longer than expected
Ask Slashdot: How to Break the Law (Score:2, Insightful)
Sorry, but that's what this is. The internet is regulated by the Chinese government, it's kind of asinine to ask users how to circumvent and break Chinese laws.
When you're in another country or in someone else's home, you follow and abide by their rules. It's not just being respectful, its good manners.
The Great Firewall sucks, but that's how they roll. Just suck it up and deal with it.
Re:Ask Slashdot: Civil Disobedience (Score:4, Insightful)
That said, I'm not sure if I'd really do it in China as a tourist, not that they'd probably do much (China gets western businessmen all the time) but I just wouldn't want to take the risk unless.
But really, if a law is unjust and violates natural rights, you have every right to break it, some may say you even have a responsibility to break it because by not breaking it you in essence prop the law up.
Re: (Score:2)
You be sure and tell them that at the Peking police station.
I have never seen more drivel in my life. If you don't want to follow the laws of the country, then *don't go*. Same with any country including the good old USA. Do otherwise and you a
Re: (Score:2)
Forget About Speed (Score:4, Informative)
Unless they've opened a few new trans-pacific pipe connections since I was last there, forget about speed. Maybe it was just my ISP (Great Wall, ha) but within China you can get nice (e.g. 750kb/s) speed but the moment you cross the pacific your latency is killer and you're crawling at 5-10kb/s. This is using corporate VPN or without. I suspect the actual throughput is a result of active throttling by the State. In terms of restricting general information, making something extremely painful is nearly the same as blocking it.
Dear Slashdot " how do i commit a crime" (Score:5, Insightful)
What you are asking is illegal there. If you get caught bad things will happen to you. Is it really worth the risk for a couple of weeks? Are you THAT addicted?
Obligatory MLK quote (Score:2, Insightful)
"There are just laws and there are unjust laws. I would agree with St. Augustine that an unjust law is no law at all... One who breaks an unjust law must do it openly, lovingly...I submit that an individual who breaks a law that conscience tells him is unjust, and willingly accepts the penalty by staying in jail to arouse the conscience of the community over its injustice, is in reality expressing the very highest respect for law."
- Martin Luther King, "Letter from the Birmingham Jail," April 16, 1963.
What about your laptop ? (Score:2)
I know of large US companies that do not allow executives to take their laptops into China, as they assume that its contents will be read (at the border or elsewhere). So, they get a sanitized laptop for the trip. Sounds extreme, but there have been cases of industrial espionage in the past.
Lay all the secrets out here... (Score:2)
...so the Chinese government can make their Great Firewall better!
Seriously, does this person believe that /. readers are so gullible that they will lay out their best-kept secrets here? Or how do we know that you aren't a Chinese operative trying to mine the collective wisdom of /.?
In fact, if you need to ask, you probably don't need the "unadulterated, unfiltered" Internet as much as you think you do. Go, enjoy your trip. The Internet will be there when you return.
Don't bring a good computer (Score:2, Insightful)
I advise you to also bring a 'throw-away' computer, unless you keep your current computer with you at all times. Depending on your business, if you leave your computer behind somewhere (hotel room, security) you may return to find it perfectly fine, maybe even with a bit extra hardware or software if you get my meaning.
At the very least, be prepared to wipe it clean when you get back home.
Roll your own (Score:2)
Make sure you understand the cost. (Score:3, Insightful)
If the requirements and restrictions on the Internet in China are enshrined in Law in China, you may be putting your visa at risk.
It's like a Australian 18 year old coming to the US and drinking alcohol and getting caught. In Australia, there no restriction above 18, in the US, it's 21. You get caught, you may not be able to enter the country again.
A local law is a local law, no matter what your views are. What you can do freely in your country may be illegal and carry harsh punishments in others.
OpenVPN + your computer back home (or a vps) (Score:3)
I travel quite frequently and often need to subvert the various restrictions of local ISPs (DNS redirection, throttling, censorship etc.). The method that works for me is:
1). Rent a cheap 512MB VPS (I use Linode and highly rate them but there are many other providers)
2). Grab a copy of OpenVPN and set it up in server mode on your VPS (make sure you push "redirect-gateway" to clients so that they send all their internet traffic through the VPN)
3). Install a copy of OpenVPN on the computer you'll be travelling with (set it up in client mode and configure it to point to your VPS).
That's it. All your traffic will now flow encrypted to your VPS where it will then break-out on to the open, unfiltered internet.
Additional tips:
- If you are using Windows on the computer you're travelling with, you need to make sure your DNS queries are going through the VPN (see: http://openvpn.net/archive/openvpn-users/2006-09/msg00020.html [openvpn.net] for what steps you need to take)
- To help obscure the fact you are using a VPN, set the server to use TCP rather than UDP (note: this will increase latency a bit) and set it to listen on a port normally associated with something else (e.g. TCP 993 which is normally used for secure imap or TCP 443 which is normally used for https traffic).
If you haven't got the cash for a VPS (frankly though you should, they are really cheap!), you could always setup the OpenVPN server on your home machine and point your travelling computer to that.....
Good luck!
My suggestion for a VPN: (Score:2)
Choose any two.
I would suggest Tor [torproject.org]. (Good and Cheap.)
--Pathway
openvpn over port 53 (Score:2)
set up openvpn on a machine at home. use xinit.d to enable two listen ports one on port 53 and another on port 443. be sure to reroute all of your traffic over the tunnel. you will need a dns server internal to your network at home.
this is an example of an xinit.d/ovpn-file to listen on port 53
service anon-reader53
{
type = UNLISTED
port = 53
Do not worry.. (Score:2)
It is not THAT bad. The whole nation is NAT'ed. You will not have a proper IP address. almost certainly 10.x.x.x. I use the web a lot, and the vast majority of sites work. Groklaw did not work for me, or BBC. But Tor gets around all of that. BitTorrent is slow due to no inbound connections.
To me the bigger problem is dumbass companies trying to 'help' me by detecting my location and localizing.. Just because I am in Whereveristan does not mean I can read the language. My http headers specify us-en.
Don't go (Score:3, Insightful)
My daughter is living in Beijing for a year so before she left I got her a notebook and set it up with everything she'd need. For a brief moment I considered installing an SSH tunnel or VPN access back here to home, but then I thought about what my ex-wife's voice would sound like when she said, "they are detaining our daughter because they found military grade encryption software on her computer. How did that get there?" and decided against it.
Seriously, if you disagree with their policy don't go. In your own country you have the right to civil disobedience against unjust laws. In another country you are a guest and should act appropriately.
I'm an Aussie, our countries fought together in many wars (some still ongoing) and about as peaceful a partner as the US can get. Despite having travelled to the US about a dozen times and even lived over there for a couple of years, I have refused to return because you want to fingerprint me on entry now.
If you disagree with a requirement of entry. Don't go. It is astonishing that you would premeditate to break China's laws because of your political views when your own country has a bunch that you have not fought against.
Sheesh.
--M
Extreme Cynicism alert (Score:3, Interesting)
I wonder if the AC who posted the question might be a lazy network tech in China trying to close holes?
Re:Really? (Score:5, Informative)
Re: (Score:2)
China randomly blocks and unblocks pages for no real reason, one day something may be totally unblocked and the next day its blocked.
Re: (Score:3, Funny)
My political opinions are state secrets that I communicate over twitter, you insensitive clod!
Re:Really? Yes Really. (Score:2)
it really shouldn't be a problem. They filter state secrets and political opinions
Have you ever been there?
I've spent a total of 3 months in the last several years. In actual practice they block tons of things you want. (e.g. Wikipedia, last time I was there in 2007).
Re: (Score:2)
So.... not a search engine like http://www.google.com/ [google.com] then?
Re: (Score:2)
Unless you need to look up "Tiananmen Square" every 10 minutes, it really shouldn't be a problem.
And even then, it wouldn't be a problem. As a simple anti-spam deterrent, we've got "Remember Tienanmen" in the greeting string of our sendmail. But we still get loads of Chinese spam.
A couple of years back, there were loads of lists of open proxies circulating around. Many were located in China. Out of curiosity, I connected through one of these, and started googling for Tienanmen, Tibet, and other assorted keywords. All sites were accessible... So, if there is a Great Wall of Fire, it must be very leaky.
Re:Really? (Score:5, Insightful)
While not necessarily the best tone in the world, I actually agree with DJ Jones here.
Here's your decision tree:
1) Is the website you want to see worth defying the laws of your hosting nation?
2) Is absolutely no way you can do without it until you come home?
3) Do you have some kind of diplomatic immunity, wealthy connections, etc that can extract you from a sticky situation?
You get the picture.
Imagine this post on the Arabian Slashdot:
I am getting ready to travel to the United States and don't want it to interrupt my terrorist training. Can you guys recommend a way around the DHS's websniffing protocols, eavesdropping, cellular tracking, etc?
And what would your advice be??
Opportunistically, if you gave advice about methods, would you feel bad if he landed in Gitmo?
Think about the implications. After all, it is only the internet and you don't live there. Think deeply.
Re: (Score:2)
At the least, do your research:
http://en.wikipedia.org/wiki/Internet_censorship_in_the_People's_Republic_of_China#Enforcement [wikipedia.org]
Sounds like the parent is on to something here...
Re: (Score:3, Insightful)
You are aware that even mail.google.com gets blocked once in a while?
Risk/reward would still apply. All you're doing with this use-case is increasing the value of the website. The calculation still needs to happen in your head.
Re: (Score:3, Insightful)
My buddy lived in China (Beijing) for two years. At least as of 2008, accessing the english internet was either a) slow as hell or b) largely firewalled off. Major news sites, useful tools (particularly to a power-user) and a whole host of things we take for granted either had limited availability or simply couldn't connect to the US server. As I understand it, it's gotten worse, not better since then.
Case in point: Appreciate what you have here in the US of A. You have it really, really good here.
Re: (Score:3, Informative)
How about just suck it up and deal with it. Unless you need to look up "Tiananmen Square" every 10 minutes, it really shouldn't be a problem. They filter state secrets and political opinions, not your twitter traffic.
Actually, when I was there Facebook and Youtube were the big site being blocked. Twitter has been blocked, off and on, for the last 8 months or so.
Re:Tor, maybe? (Score:5, Funny)
As long as we are going with "things the original author specifically discounted in his post", I think he should purchase VPN service...
Re: (Score:3, Funny)
Or more specifically, he should shell out a lot of money for one.
Re:Are you out of your fucking mind? (Score:4, Informative)
I agree with you about 99%.
Setting up your own VPN is probably fine. If their are problems just claim that you need it to access work or school. What I wouldn't do is "help" people in China do the same.
1. If you are asking on slashdot you probably lack the skills to do it well.
2. If you get caught as a US citizen they will probably just take your computer and kick you out. You are not worth the bad press they will get.
3. If you help Chinese citizens do the same you can become worth the trouble. Which is a very bad thing.
4. You may hurt those that you are trying to help. Trust me their a lot of bright folks in China that have the skills to get around the great firewall. They also probably know better who to trust.
You are a foreigner trust me odds are they may already be watching you a bit. If you are not a business person I expect they are watching for you to try and do this very thing. As much as people like to make fun of security people they are not dumb. Figure that they have a lot more skill at catching you than you have at evading them If you or your friends don't get caught it will be just because of luck.
Re: (Score:2)
I'm surprised the question made it to the front page.
Consider the /. editor that posted it, then re-evaluate your initial sense of surprise.