Beat China's 'Great Firewall' By Ignoring It

from the just-like-that dept

A lot has been made about the so-called "Great Firewall of China" and how the country actually manages to restrict content on such an enormous level. Now a new paper is claiming that it's improper to think of it as a big wall surrounding the perimeter, and that the real censorship system is far less robust. Instead of actually blocking illicit packets from entering the country, China has set up devices that deliver reset requests to both ends of the connection. According the researchers, if people's computers were just told to ignore these requests, the system would be impotent to block the material. For China to set up a new system in response, based on stronger restrictions on the perimeter, might actually be a difficult technical challenge. So if this entry or the paper itself makes its way past the firewall, they'll learn, like everyone else, that online filters don't work. Update: Ed Felten is writing on this subject as well, and noting that as the system works it could violate US computer fraud law by basically launching a denial of service attack on both ends of the connection. Of course, it's not clear how that matters directly, since China breaking a US law doesn't matter much. However, it could raise additional questions about the US companies who supply the hardware and software for the firewall.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Floyd, 28 Jun 2006 @ 8:36am

    Reminds me of college....

    At my community college, there was 'filters' that helped block out a lot of the stuff we needed, helpfully. They also kept us from installing games, so they had to go. Turns out the password was 'bigbird.' Maybe china used the same one...?

    link to this | view in chronology ]

  • identicon
    High School dropout, 28 Jun 2006 @ 8:54am

    Loser

    Haha, you went to community college.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jun 2006 @ 9:01am

    When I hover over "to restrict content on such an enormous level. Now a new paper is claiming that it's improper to think of it as a big wall surrounding the perimeter, and that the" it looks like a link.

    link to this | view in chronology ]

  • identicon
    LordVader, 28 Jun 2006 @ 9:24am

    Machine that goes ping

    A /. article yesterday mentioned a way to get around the Great Firewall of China. I say everyone should just ping the hell out of it with really big packets and see how long it holds up. I think something like a 5500 packet size should do.

    link to this | view in chronology ]

  • identicon
    antiver, 28 Jun 2006 @ 9:29am

    What about the servers?

    Can anyone explain how configuring USER'S computers to ignore the reset requests will maintain the connection when the remote server receives a reset request as well? Remote servers still won't send the users any data.. will they?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jun 2006 @ 9:33am

    Remember, it's only a "denial of service attack" if you do it. If the government does it, it's just "parental controls" there "for your safety".

    www.piratesandemperors.com
    (mirrored at YouTube: http://www.youtube.com/v/xA0pPqXJoAI)

    link to this | view in chronology ]

  • identicon
    Mark, 28 Jun 2006 @ 9:34am

    The Great Firewall is socially engineered

    As an article linked from this blog previously pointed out, the Great Firewall of China doesn't rely primarily on technology, but on social engineering. Essentially, the Chinese government does such a successful job of intimidating both individual citizens and large corporations that it gets them to self-censor to a much greater extent than any artificial means could accomplish. To reach these ends, China doesn't need to actually block information, it merely needs to give the impression that it can track any information leak back to its source, at which point the fear of consequences will keep most people from seeking the information out or spreading it once they have it. This new "solution" to the problem won't accomplish anything unless it attacks the problem at its source, and that source is fear.

    link to this | view in chronology ]

    • identicon
      Dan, 28 Jun 2006 @ 10:24am

      Re: The Great Firewall is socially engineered

      I agree. Technology has nothing to do with it, it's the impression of control and power that the Chinese (along with every other totalitarian government) rely on. Slowly eroding that is the only thing that will bring true democracy and choice in China -- and that can only be done by the Chinese.

      Everyone else should mind their business, IMO.

      link to this | view in chronology ]

      • identicon
        Andy, 28 Jun 2006 @ 11:37am

        Re: Re: The Great Firewall is socially engineered

        That might be the case, but US visitors to China are going to be disappointment if they plan to go to sites like Wikipedia, or blogs hosted at blogspot, typepad, or wordpress.com (I couldn't get to any of those). Internet access in the hotels and residences I was in sucked, barely better than dial-up modem speeds. expensive business class DSL in Shenzhen afforded me terrible upload speeds like 5kb/sec. This was my experience. Being a technologist, I don't think I'd ever live in China simply due to the current state of Internet access there. It's different of course, if you are Chinese living in China and know nothing else.

        link to this | view in chronology ]

        • identicon
          Sam, 28 Jun 2006 @ 1:53pm

          Re: Re: Re: The Great Firewall is socially enginee

          Well, I am living and working here in the heart of Beijing as we speak and I have no problem getting to any of the sites mentioned, including this one!

          I agree that 'The Great Firewall' is more of a bluff than an actual bet. Intimidation is largely sufficient in most cases to subjugate the confuscian mind.

          If the hotel you stayed in is in any way foreign-owned (Radisson, Hilton, Sheraton, Ramada, Holliday Inn) then it is likely that the owners are doing actual domain/IP filtering out of that very fear -- similar to Google's recent announcement of willingly censoring content as ordered by the Chinese Government. And guess who then bears the cost of this filtering? Not the Chinese government... hehehe

          link to this | view in chronology ]

    • identicon
      Monty, 29 Jun 2006 @ 12:21am

      Re: The Great Firewall is socially engineered

      Next time I try to log in to BBC News from Shenzen I will imagine that the firewall doesn't exist and maybe just maybe I will be able to read the website.
      Seriously though when you atry to access a site that is restricted your computer goes shows up to 18% on the access window then stops and tells you the website is unavailable. Ain't no social engineering there just plain engineering. It is fustrating at times but it does block a lot of dubious and unhealthy sites as well

      link to this | view in chronology ]

  • identicon
    Sean, 28 Jun 2006 @ 9:44am

    You could almost think..

    That China would actually want people to do this. I mean who the hell sets up a firewall this big, with so many people in their country, and so many people like poster #5 that would ping the hell out of it that it's like they are trying to coax people into doing it.

    The fact still remains, putting a Firewall up anywhere is just like putting up a wall in real life, people will find their own ways around it, you will then spend millions to block that one spot, and they'll just get around another one. Just a waste of money IMO.

    China can't stay communist forever, people wille ventually want to know what's going on around the world.

    That's my two cents.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jun 2006 @ 10:29am

    Now all they need to do is filter the effing spam that the chinese send.

    link to this | view in chronology ]

  • identicon
    Jesus Christ, 28 Jun 2006 @ 10:50am

    Kill the Chinese with Love . . . and Bombs.

    >> This new "solution" to the problem won't accomplish anything unless it attacks the problem at its source, and that source is fear.

    But it's impossible to stop fear. Remember you need to fear fear, thus increasing fear exponentially. I say we just kill off the Chinese people and eat them. It's much simplier and it solves the world hunger problem.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jun 2006 @ 11:10am

    And I thought that they just ran the filter with real humans, they have enough of them after tall.

    link to this | view in chronology ]

  • identicon
    Whatever he said, 28 Jun 2006 @ 12:12pm

    a billion

    link to this | view in chronology ]

  • identicon
    Whatever he said, 28 Jun 2006 @ 12:17pm

    so many Chinese people, so little time -- we may be better off if they stay walled in -- if a billion or so people see how good the rest of us have it they may wake up and really want it

    link to this | view in chronology ]

  • identicon
    Colonel Panic, 28 Jun 2006 @ 3:20pm

    Inoring RST

    Ignoring RST would render TCP useless. If everyone did that, Routers would quickly go down.

    Besides, that technology is patented in the US (at least for private networks)

    link to this | view in chronology ]

  • identicon
    anonymous coward, 28 Jun 2006 @ 4:03pm

    it's a chinese firewall drill!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jun 2006 @ 9:30pm

    personal experiences with chinese firewall.

    i used a computer in a chinese internet cafe in 1998 and got "site not found" whenever i tried to get to cnn.com, or any of the other major us media outlets.

    earlier this year, i stayed with relatives there and through their DSL connection, had about 256 kbps consistently. and was able to access all the english language news sites except those in ny that were focused on chinese politics. i have no experience on the chinese language sites that may be the focus of their censorship.

    i will say that i stopped using google when i was there. www.google.com was automatically re-directed to www.google.com.cn or something of that sort, where as the lesser known search engines were not redirected from what i recall.

    when i really needed to access google, i connected to my home pc which i had intentionally left on, so that i could use its US IP address. unexpectedly, I found that this greatly reduced the download times for applications i needed to download from the web, my point2point connection to home was faster than to the us commercial sites.

    call me an anonymous coward, but i am sure the PLA and NSA can figure out who i am from their logs. ... just kidding. :)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jun 2006 @ 9:34pm

      Re: personal experiences with chinese firewall.

      PS (replying to my own message) - the real cowards were Disney. They blocked me from listening to WABC because I had a Chinese IP address.... and that was AFTER i registered with their site and gave them a lot of personal information, including my home address within their coverage area. Disney are real losers. Avoid them.

      link to this | view in chronology ]

  • identicon
    another brick in the firewall, 29 Mar 2007 @ 7:52pm

    there are thousands upon thousands of proxys. and i mean thousands. a new one is added every hour. they cant stop all of them can they? foxyproxy can bypass anything with the right knowledge.

    link to this | view in chronology ]

  • identicon
    Jeff, 25 May 2009 @ 7:14pm

    Try Freedur, you never seen anything like it

    China firewall is lame – use Freedur.com to bypass it. You can bypass China Great Firewall and access youtube.com and all other sites which are blocked.

    link to this | view in chronology ]

  • identicon
    MATE, 10 Apr 2010 @ 11:34pm

    @Jeff

    how do I know if free dur is really working? they not even let me test it before buying and 200 Dollar a year is a lot for Chinese People.



    Any other solutions here? Hotspotshield is down and free gate as well. Plus Chinas Censorship is more serious than ever since google US is gone.

    link to this | view in chronology ]

  • identicon
    Joe, 12 Sep 2010 @ 8:49pm

    China

    OK thats great. Now tell me how to get around it so I can check my business facebook.

    500 articles on how weasy it is to do and not one tell you how to do it.

    Joe

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.