China Tries To Block Encrypted Traffic
from the collapsing-the-tunnels dept
During the SOPA fight, at one point, we brought up the fact that increases in encryption were going to make most of the bill meaningless and ineffective in the long run, someone closely involved in trying to make SOPA a reality said that this wasn't a problem because the next bill he was working on is one that would ban encryption. This, of course, was pure bluster and hyperbole from someone who was apparently both unfamiliar with the history of fights over encryption in the US, the value and importance of encryption for all sorts of important internet activities (hello online banking!), as well as the simple fact that "banning" encryption isn't quite as easy as you might think. Still, for a guide on one attempt, that individual might want to take a look over at China, where VPN usage has become quite common to get around the Great Firewall. In response, it appears that some ISPs are now looking to block traffic that they believe is going through encrypted means.A number of companies providing "virtual private network" (VPN) services to users in China say the new system is able to "learn, discover and block" the encrypted communications methods used by a number of different VPN systems.Of course, there are countless ways to encrypt traffic, so all this really does is spur a cat and mouse game -- and the best that can be done is having the system block any traffic that it can't understand. Of course, once you go that far, you're in for a lot of trouble, because there's just a ton of legitimate content you're going to block, pissing off a lot of people. Also, as this game goes on, it'll just spur people to encrypt traffic in a matter that looks identifiable, but which really is not identifiable. Fighting against encryption is a game that can't be won in the long term.
China Unicom, one of the biggest telecoms providers in the country, is now killing connections where a VPN is detected, according to one company with a number of users in China.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, encryption, free speech, vpns
Reader Comments
Subscribe: RSS
View by: Time | Thread
Business users
[ link to this | view in chronology ]
Re: Business users
[ link to this | view in chronology ]
Re: Business users
Just that the "a number of departments" list is long and the application procedure is complicated.
[ link to this | view in chronology ]
Is this a typo? Do you really mean now?
Ultimately, this isn't surprising about China. Soon the copyright industries will try to follow suit.
[ link to this | view in chronology ]
Re:
Oops. Yes. Fixed. Thanks.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
For some strange reason they never seem to want to actually name the countries they are talking about when using them as an example of why stuff like this should be implemented. Can't imagine why...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The chinese now are easy prey for 4chan.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What potential customer will do business with a company who cannot secure their payment data?
China are digging their own grave here. In their efforts to control what their citizens do online, they are making the country look like a terrible place to do business.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
confusing typo
> In response, it appears that some ISPs are not looking to block traffic that they believe is going through encrypted means.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I believe it was not banning, but regulating encryption. Sort of like concealed carry. You have to demonstrate a need. Nation security, terrorism, ya know.
[ link to this | view in chronology ]
Re:
According to the US gov intellegence, "communication" itself is a "national security, terrorism, ya know" issue, so for once, the government's interpretation of law may work in our favor.
Maybe we can make them look as foolish as the MPAA in a can't have it both ways trap?
[ link to this | view in chronology ]
Re:
How about, don't snoop on my network communications?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Chinese Encryption
[ link to this | view in chronology ]
I don't see how it could work...
Even trying is highly likely to remove every business relying on VPN's, cloud services and proxies from the market IMO. Https has to go as well so say fare-thee-well to any service using encrypted login. Banks, amazon, online franchises, personal cloud storage and so on.
[ link to this | view in chronology ]
LOLCATS
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: possible to hide a VPN or bittorrent
[ link to this | view in chronology ]
Perhaps it had to come to this...
I'm old enough to remember. As soon as computers became affordable to individuals in the late 1970s there was talk about "licensing" computer users. Talking Heads even wrote a song about it (Life During Wartime).
The good guys won, the bad guys lost.
Then, even before the Web, we had the Clipper chip. The EFF was created in response. And again the good guys won.
Then we had the CDA, and then CDA2. And again, the bad guys lost and the lovers of liberty won.
In the West, the war is mostly over (yet eternal vigilance remains the price of liberty).
Not so in the rest of the world, as last week's ITU conference in Dubai demonstrated.
I say - let them try it. Let them lock down all the VPNs, shut off all the traffic they can't parse. Let's have the knock-down, drag-out fight between the hackers and the suits.
Stuart Brand was right. Information wants to be free. I know math. I know about stenography. I know about economics.
I know who will win.
[ link to this | view in chronology ]
Google reptilians have been resisted, but for how long?
for shame mike google for shame.
[ link to this | view in chronology ]
Re: Google reptilians have been resisted, but for how long?
[ link to this | view in chronology ]
Re: Re: Google reptilians have been resisted, but for how long?
[ link to this | view in chronology ]
Re: Google reptilians have been resisted, but for how long?
[ link to this | view in chronology ]
Simple solution
You can do this with openVPN by running over port 443 - http://en.wikipedia.org/wiki/OpenVPN
Setup your VPN service on AWS and you run it for peanuts (e.g. $20/month or less) and get an IP that's not likely to be blocked.
Beyond that, there are new peer to peer VPN systems. N2N is one of them - http://en.wikipedia.org/wiki/N2n
[ link to this | view in chronology ]
Re: Simple solution
This plus the rule that there can be only 1 ISP exist per building in China makes trouble for most VPN users. (My ex-boss have to rent a flat on an adjacent building that use a different ISP just to workaround that. A wireless router bridging two networks + router that able to form VPN by multiple IP endpoint makes the network mostly work...)
[ link to this | view in chronology ]
Re: Re: Simple solution
[ link to this | view in chronology ]
They're trying to make ISPs legally responsible, they're trying to make search engines legally responsible, they'll try to make VPNs legally responsible. Third party, fourth party, fifth party, doesn't matter to idiots: the more people they can sue, the better!
[ link to this | view in chronology ]
Although I'd certainly like this to be true, I'm not convinced it really is. Certainly the cat-and-mouse game seems likely to continue indefinitely, but it seems to me that simple nature will always favor the people trying to discover and decrypt information, and not the people trying to keep information hidden and secret.
[ link to this | view in chronology ]
Re:
On a one-to-one basis, the anti-privacy people do tend to severely outgun the pro-privacy people, true, but when you consider the pro group tends to outnumber the anti group by 1000-1, 10,000-1, 100,000-1... then the odds start swinging the other way.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Steganography
[ link to this | view in chronology ]
Re: Steganography
[ link to this | view in chronology ]
Re: Re: Steganography
[ link to this | view in chronology ]
Re: Re: Steganography
If it ever becomes an issue where it is needed to "hide" encrypted data in a manner like this, the nature of the internet makes this certain:
Within months at the outside there will be 4 dozen apps, 2 dozen of which will be freeware, that present a handy, idiot-proof GUI to do exactly this.
There's already many to "hide" encrypted data in other encrypted data if you want to and you can even do it for free using nice user-friendly step-by-step instructions if you want. What makes you think it would be any harder to do for Steganography? Right now no-one cares to write a mainstream one, change the law on encryption and that will change.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
the same thing has always been said about 'file sharing' but the entertainment industries have ignored it and are still trying to stop. add to that that a proxie was stopped from giving access to TPB in The Netherlands and a similar court case is on the cards between the BPI and The Pirate Party in the UK, the USA bitch country. i have said for a long time that eventually the can of worms opened by the US entertainment industries over their stupidity and selfishness would have farther reaching effects than they realised. the dangers of stopping encryption traffic are huge, but as long as those industries can stop their music and movies being shared is the main thing. the fact that, for example, banking could easily be drastically affected is irrelevant to them
[ link to this | view in chronology ]
Allowing only traffic you understand
> block any traffic that it can't understand.
Ah, but maybe I can construct traffic that you think you understand, yet it conceals a deeper meaning.
I send you pages full of Html and statistically valid text, even made up of real dictionary words.
You send me more Http requests with get/post parameters or path name elements.
This is just one example. We might conceal a two-way conversation as your connection to my SMTP server sending a single email.
The only real trick is the balance of how well concealed the real content is versus how efficient it is.
Then this technology could be used to avoid repressive regimes such as the RIAA / MPAA.
[ link to this | view in chronology ]
Re: Allowing only traffic you understand
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]