I was wondering about simply using VPNs, which is not mentioned in the article at all, but checking GFW on Wikipedia, it tells:
> The use of VPNs in China can provide individuals access to the international internet, but in China, it can be a potential legal risk. In 2017, the Chinese government declared all unauthorized VPN services to be illegal.[94] An example of the use of this punishment is Vera Zhou, a student at the University of Washington, who, when visiting her Hui parents in Xinjiang, China, used a VPN to access her school homework. She was arrested and sent to a Xinjiang internment camp from October 2017 until March 2018, followed by house arrest after her release. She was not able to return to the US until September 2019.[95][96]
It looks like 周月明 (Vera Yueming Zhou) was sent to a Chinese concentration camp mostly because she was part of a religious minority and not necessarily for using a VPN to access the University of Washington’s website.
> Vera was living in her hometown of Kuytun (Kuitun) in Ili Prefecture, an area directly north of the Tian Shan mountains that borders Kazakhstan. She had been trapped there since 2017, when—in the middle of her junior year at the University of Washington, where I was an instructor—she had taken a spur-of-the-moment trip back home to see her boyfriend, a former elementary school classmate. Using digital surveillance tools, the Kuytun police had noticed that Vera had used a Virtual Private Network in order to access websites such as her university Gmail account. Given her status as a member of a Muslim minority group, this could be deemed a “sign of religious extremism.”
That's the thing about "illegal but everyone does it"...it's nothing to worry about until the government decides it's convenient to enforce (against an individual or group), and then it's definitely something to worry about and it becomes a low barrier pretext for all sorts of oppression.
She did commit a crime by travelling to Russia with an illegal substance, for which she got roughly the same sentence as a typical Russian would get if caught with a similar amount of drugs. This case doesn't seem to be out of the ordinary, except for the "criminal" being a famous foreigner.
“Young tourist is now facing death by firing squad in Bali after cocaine was found in her luggage: Here are the Indonesian rules everyone needs to know”
This is a headline from this year.
It turns out that when you break the law in other countries, you might get punished for it.
Anyone who believes themselves exempt from the laws of a country they travel to because of a little booklet they carry isn't just unaware, they are foolish, and dangerously so because they not only endanger themselves, but everyone else they convince to adopt this attitude. Better they receive the scorn they deserve now than for them or anybody else to face the same consequences Griner or Warmbier faced.
Thanks for this elaboration. Upon reading original comment, it felt very strange that she was "encamped" for using VPN to access her school homework. Immediately I knew there was more than it meets the eye.
The best bit is that we're enacting very similar laws in the West [0]. As much as China is often deplorable I do wonder how much of a blind spot we have here to our own sins.
Exactly. This is the period when Muslim ethnic groups like the Uigurs were being rounded up on any pretense to be reeducated into not wanting to be separatists anymore (often with no indication that they had anything to do with separatism other than their ethnicity.) Seeing the VPN pop up was more than enough of an excuse. Calling it a "genocide" is 99% propaganda, but it was obviously a sinofication meant to get rid of separatist identities and cultures, and a horrible injustice. In the beginning, they were inspired and immunized by the US's anti-Muslim fervor during the GWB invasions (we were not only not criticizing, but probably even sharing intelligence with China.)
> In the beginning, they were inspired and immunized by the US's anti-Muslim fervor during the GWB invasions (we were not only not criticizing, but probably even sharing intelligence with China.)
Yeah, seems to be overlooked quite a lot since it's convenient for the US narrative lately.
> Starting in 2002, the American government detained 22 Uyghurs in the Guantanamo Bay detainment camp. The last 3 Uyghur detainees, Yusef Abbas, Hajiakbar Abdulghupur and Saidullah Khalik, were released from Guantanamo on December 29, 2013, and later transferred to Slovakia.
> None of the Uyghurs wanted to be returned to China. The United States declined to grant the Uyghurs political asylum, or to allow them parole, or even freedom on the Naval Base.
> A May 2008 report by the Inspector General of the United States Department of Justice claimed that American military interrogators appeared to have collaborated with visiting Chinese officials at Guantánamo Bay to enact sleep deprivation of the Uyghur detainees.
"sinofication" sounds a lot like "eliminating the existing culture" which sounds a lot like genocide. Genocide is more than just murdering everyone like in some of the most well known cases like the Holocaust -- it includes elimination of an ethnic group by any means possible, including "nativification"
Not the person you're responding to, but it is an accurate description of genocide under its current meaning as defined by the UN (probably the most authoritative body on this kind of matter).
What the Chinese are doing there is covered under Article II, c.
If you are being pedantic by holding fast to the literal Greek translation of "geno" and "cide" then, well, this is simply not the complete modern meaning of the term.
There is no authoritative body on the definitions of words. More generally, if genocide can mean "not killling, but very bad" then it is not much use except as an epithet - a negatively-loaded bomb to be lobbed in partisan debates at people who you think are doing something very bad. Virtually every controversial policy could be described as, "Causing serious bodily or mental harm to" some group.
> There is no authoritative body on the definitions of words.
false: there are a few. They aren't always correct, but they're more correct than you personally
> More generally, if genocide can mean...
there is no question what it means, you simply personally disagree with it
and since you definitely aren't an authoritative body on the definition of words, your personal pedantic insistence that the word mean only what the strict etymological roots imply, rather than how people actually use it, is irrelevant
> a negatively-loaded bomb to be lobbed in partisan debates
it's quite telling that you seem to view usage of the term "cultural genocide" to refer to cultural genocide as a bigger issue than actual cultural genocide
don't like people using the correct term to refer to the action? maybe get those perpetrating the action to stop, instead of telling everyone we're using the wrong words to describe it.
The definition, US propaganda under Pompeo as head of State tried (and failed to meet), was UN's convention on genocide, which would trigger legal responses on member states. The TLDR is Pompeo laundered very tortured legal analysis through Zenz and some Gulanist Saudi think tank (IIRC) to try insinuate PRC met the definition when most credible international lawyers saw through the bullshit, but noted PRC actions closer to cultural genocide, which does NOT have definition at UN, and hence not prosecutable. The result is PRC actions merely labelled as potential human rights abuses at UN, aka business as usual, and a bunch of useful idiots who ate Pompeo's bait thinking PRC actually met the definition of genocide when it manifestly did not. And buy business as usual, of human rights abuses / cultural genocide, it puts PRC XJ actions in league with behaviours of the west. Hence you don't hear much about the XJ campaign anymore from western propaganda, because the propaganda was mostly useful if the genocide label stuck at UN, and made PRC actions more nefarious not equal to west. Now it's mostly used by US to justify XJ sanctions and trying to partners onboard to cripple XJ industry like solar, cotton, agriculture.
It's absolutely not. There's a reason US propaganda under Pompeo had to manufacture and launder reports with tortured legal interpretation to try to get the genocide label to stick but couldn't because there's no intent to destroy, hence useful idiots trying to be pedantic and argue how enforcing family planning reflect intention even though that applied to Han majority, or mass (temporary) internment / inflicting "pain" somehow equivalent to physical destruction while population continues to grow.
Modern definition of genocide at UN explicitly wouldn't categorize what PRC is doing in XJ - cultural genocide - because members, especially west went out of their way to ensure cultural genocide would have little legal ramifications, otherwise Canada would have been sanctioned to death for self professed cultural genocide a few years ago. Incidentally the entire reason Pompeo tried to propagandize genocide label was because it would trigger diplomatic ramifications at UN. What the PRC is doing in XJ is cultural genocide, and bluntly that’s permissible thanks to lobbying from the west.
The entire manufactured genocide narrative is so retarded because if PRC wanted to, they could just... commit genocide. At PRC scale they can wipe out the 12M Uyghurs in a few weekends on the cheap instead of wasting trillions of RMB trying to sinicize them.
Would you say the common, accurate usage of the term "cultural genocide" to refer to what the term refers to, is a bigger or smaller problem than the actual cultural genocide itself?
It comes from the Latin word "caedo," which means "to kill." The phrase "cultural genocide" is not the same as "genocide," and indeed the legal definition of "genocide" expliticly says that destruction of a culture is not genocide.
Using the word "genocide" to refer to something other than mass murder - and then falling back to the claim that "genocide" doesn't mean mass murder - is just playing rhetorical games.
Travel according to the most common version comes from tripalium, a torture device.
If you assume that genocide must be about killing because it comes from a Latin word for killing, then being nice should be about being ignorant because it comes from a Latin word for ignorant.
Didn’t know that about that messy complexity surrounding the word nice but I’ll just say that feels like a false equivalence in terms of recency of the words. Apparently that word is much older and went through the sloppy unfortunate conversion it has. Good to know about these etymological minefields though, you can’t just blindly consult etymology especially on old words where language has shifted. https://english.stackexchange.com/questions/31368/what-are-t...
Those examples I’m guessing have no record of those who coined them, genocide however appears to have such a record.
Interesting, so I think you're trying to draw attention to Article II yes?
"""
Article II
In the present Convention, genocide means any of the following acts committed with intent to destroy, in whole or in part, a national, ethnical, racial or religious group, as
such:
(a) Killing members of the group;
(b) Causing serious bodily or mental harm to members of the group;
(c) Deliberately inflicting on the group conditions of life calculated to bring about its physical destruction in whole or in part;
(d) Imposing measures intended to prevent births within the group;
(e) Forcibly transferring children of the group to another group.
"""
I wouldn't recognize this as a dictionary definition but rather a legal document outlaying its premises and defining its terms. All but item b I'd argue are a form of killing, the ending of the demographic line either immediately or incrementally. You have to look at all these definitions in terms of the ultimate end being sought after by the perpetrators and these five categories are all means of doing so. The only stretch definition is b which I imagine is a much slower form of destruction. It's still a necessary clause though because imagine a dictator amputating the hands of all members of some group and claiming they didn't kill them therefore they didn't commit genocide. That would be a fraudulent claim because they effectively severely debilitated their ability to provide for themselves and function, they severely wounded that group so that one wouldn't be surprised if they did wind up dying and not thriving some time later on account of that action through indirect causes directly tied to that original offense.
It's not an ancient word however, apparently it's a 20th century construction coined by Raphael Lemkin.
"""
He decided to create a name for the crime without a name. He came up with genocide, which he defined as the destruction of a nation or an ethnic group. He said he created the word by combining the ancient Greek word genos (race, tribe) and the Latin cide (killing).
"""
https://www.facinghistory.org/ideas-week/where-did-word-geno....
The book he coined the word was authored in 1944, the UN convention was signed in 1948 https://www.un.org/en/genocideprevention/genocide-convention..., very close in time and I'd say complimentary but still a legal document meant to get in writing specific means of destruction for that genos. So it's a emphasis on the means, not the end, and I'd say an equivalent definition is intentionally causing the end of a collective bloodline however that end may be accomplished.
you seem interested in the history of the term, it seems like it would behoove you to continue researching such history until you get to the point where said history explains how the term is currently, commonly used, e.g. to refer to cultural genocide, for example the cultural genocide china is perpetrating on Uighur Muslims in Xinjiang
Just a small personal anecdote from another country with tight restrictions:
When I rented a furnished apartment in Saigon back in 2008, there was an ethernet cable on the table and a piece of paper in English that said "Do not visit websites of anti-government propaganda, or pornography, or news such as the New York Times."
Naturally, as the police held my passport for the entire year I was in Vietnam, I was cautious. But after a few days, I just went ahead and openly browsed the NYT for a few minutes. My internet was shut off for about 3 hours. The next time I did it, it was shut off for 24 hours, and then I knew it wasn't a glitch. It wasn't exactly immediate, either; it took a few minutes. I was pretty sure there was a semi-dedicated person assigned to watch my traffic.
That wasn't over a VPN. I wanted them to see my traffic. But I knew running over a VPN would just raise suspicion. When I opened up VPNs to check email after that, I did it from cafes, and I did it in short spurts.
In fact, the US Department of State recommends that all US citizens have a photocopy of their passport with them, when traveling abroad.
Supposedly you get in shorter lines at the consulate if you have at least a photocopy of your passport available. You should be able to petition the consulate of your home country to issue you a new passport.
I think it may be illegal, but I've heard from people who travel to places where it's sketchy for Americans to travel, that they report their passport as destroyed, get a second copy issued, then keep the first one.
The reasoning is that certain immigration departments see red flags if they see visa stamps from certain other countries, and you may get grief for having visited them. Cuba and the US used to be one, but cross-border rivalries are another. Knowing who hates who and presenting the right passport to receive the stamp would save you grief. Also if you encounter corruption/extortion you can schedule the next flight out and run.
With the electronic ones now I don't know how many places that still works.
USA will issue “anyone” 2-3 valid passports at the same time. This is designed for two reasons:
1) you travel a lot and sometimes may need to mail your passport off to get a pre-travel visa from some consulate, while you are still outside the USA. This way you can send off one passport to get the visa for your next country, while keeping a valid passport with you while you’re abroad.
2) You need to travel between Israel and countries which have laws against visiting Israel (Historically, GCC countries). This way you can always present whichever passport doesn’t have Israel’s entry and exit stamps on it.
I’ve had two valid US passports at the same time, and I’m just a random nobody American.
But your passport is still tainted if you use any Israeli land crossing--they see the stamp from the other country and infer you were in Israel. Unlike what we saw in the 80s in Africa--so long as "South Africa" didn't appear you were ok. The border stamps into/out of South Africa didn't cause problems. The possession of a fair quantity of supplies with packaging in English/Afrikaans didn't matter--but the first day across the border the organizer had us stop and very carefully go over everything with a sharpie looking for labels that said "product of South Africa"--those had to be totally blotted out.
And to show how stupid things were--he also had a stamp he had made up to make forged entries on our yellow books. At that time your average joe certainly did not have an up-to-date smallpox shot--but at multiple border crossings they would hit you up for a bribe if you didn't have an up-to-date smallpox shot. Hence fake them. (Even around 2000 which was the last time I had occasion to have anything added to my yellow book there still was no anti-counterfeit protection.)
"Tainted" is an odd word. Any country that would reject a Jew from entering for having an Israeli stamp in their passport is a country I would never want to step foot in, whatever my views on Israeli politics.
> I visited Israel circa 2012 and this was true even then.
It used to depend on where you were coming from. When travelling to Israel for work a few years back, my passport (irish citizen) was not stamped, but my colleague's (at the time, a Turkish citizen) was.
No idea, Israeli border security are weird. Like, for the first few times I went there, they treated my like a terrorist (i am concerned that someone may have placed bombs in your bag etc). The last two times, OTOH, it's just been like a normal airport.
sad to hear this, but not suprised as much. according to wikipedia, turkey is one of the few countries/regions where israel requires a visa from; along with india, pakistan and arab countries.
Anyone that says you should keep your passport on you when you're in a foreign country has never traveled. I never keep my passport on my person when I'm walking around outside the US. I lock it away as securely as I can wherever I'm staying, and carry a color copy of it in my pocket.
Part of this is simply because American passports are extremely valuable. Another part is that anyone who wants to fuck with you in some semi-official capacity now has to choose whether to go back to your hotel or arrest you on the spot, which puts them in a better mind to give up or take a bribe.
Another part is that anyone who wants to fuck with you in some semi-official capacity now has to choose whether to go back to your hotel or arrest you on the spot, which puts them in a better mind to give up or take a bribe.
Happened to me at an airport in Thailand. Some airside police officer demanded to inspect my passport, then wouldn't give it back to me until I walked him to an ATM so I could pay him a "tax" in cash.
Had this in Hungary about 2004. Had no money at all at the time. They handed me a notice in 15 languages which said I was now permanently excluded from ever entering Hungary again ^_^
The most secure place to keep it is on your person *under* your clothing. Waterproof protection would be a good idea if you're in a warm climate.
It most certainly can be done--I wore mine basically 24/7 for a year. The only time it wasn't under my clothing was for border crossing or bathing--and in the latter case it almost always was under a traveling companion's clothing. No close calls--but someone else in the group wasn't so cautious and hers was snatched. Fortunately, the thief wasn't sophisticated, kept the cash and dumped everything else quickly.
Reporting the passport lost or stolen is generally not a good idea. Legality issues aside, when a passport is reported lost or stolen then it is marked in the system as invalid. Depending on the country it will be reported to Interpol's STLD database [1] which can be checked by immigration authorities in other countries.
In the end you'll have two passports but one of them is now useless and it will be flagged the moment you actually use it for traveling. It may not be pleasant when you're abroad and the authorities catch you using an invalid travel document.
I guess it makes more sense if you never intend to use the old passport again for crossing borders?
Some countries will issue second passports legally exactly for the reasons you list, but you typically need to apply for permission. Replacing your passport early without needing to pretend it's lost because it has stamps from a "problematic" country tends to be easier most places, but of course a hassle if you travel to these countries more than once.
If you're an American and you rent an apartment, the local police keep your passport until you leave. You keep a xerox. That's how it was at the time. I don't know if that's still the case.
I didn't feel good about it when I found out (actually, the moment I signed the lease), but there was nothing I could do about it.
My exit from Vietnam was almost humorous. I had about 50 DVDs in my suitcase, mostly encrypted backups and burned movies, and every single one was inspected by sight, holding it up to the light (to see how far the burn went?), then left on the floor of the airport for me to pick up. Upon re-entering the US, the customs officers did almost the same thing, and then just confiscated all my discs.
The pretext was piracy, since some of them were labeled with the names of movies. I protested they should just keep those ones, but they took them all and said I was lucky they weren't going to prosecute me. I didn't even try to get them back.
Don't flatter yourself. Nothing happened in 2020 that hasn't happened a lot worse, a lot more times before in America. If anything, the police were surprisingly ineffectual at protecting the owners' interests. I'll step out and burn a flag all day long in the street. They ain't gonna arrest me.
I've seen the police publicly flog random people on the street in Vietnam just for being in their way. What a wonderfully just, equitable socialist paradise.
Go check out and live in a country where the police actually control people and get back to me.
A lot of people actually use VPNs in China (since 2010 even), and some of them call it "加速器" which basically means "booster" (for your internet). Some use it for lower latencies when playing foreign games. The issue is that VPN connections get easily blocked. We aren't really worried about legal issues.
Except for that one time when police (of a certain district, not everywhere in China) knocked on people's doors to inspect their phones for VPNs during the "white paper protest" I believe.
Probably, but there's a real history of many terrorist attacks in China being planned online. It's why Facebook is blocked. Look at what the US did to Muslims after 9/11
This. I don't worry about generating illicit traffic in China--but there's no way I'm going to Xinjiang. If I had to go there I would stay off the internet entirely.
When I was in China in 2019, the VPN built into google fi actually got me around the GFW with zero effort. I didn’t even realize it until I caught myself checking American social media unhindered.
My experience is most younger and tech savvy people have a VPN. It’s common / casual, like speeding your car by 10mph on the highway.
Most people are not persecuted for using a VPN, I assume that’s reserved for people who the government already wanted to persecute and just need to give an excuse for why they detained their target.
Assuming what you mean is over mobile data (and not over wifi), mobile data works differently than typical internet. You can think of it like when you connect to a mobile network what you're actually doing is making an IPsec connection to your carrier, with all data flowing over that IPsec connection. As such any carrier with a roaming agreement in China will bypass the GFW entirely -- and this is by design, Chinese carriers have to whitelist the APNs of western companies they do business with.
I keep contact with a girl in China and from her reports using VPNs is kinda common for young people with college education. She would do it sometimes to access YouTube, and would laugh it off when I would say she should be careful doing such things.
I suppose for the government, as long as it isn’t the majority of people doing something that would cause trouble, it isn’t worth tracking down all things, as expected.
She was a spy--look at how intense their reaction was.
Unfortunately, they tend to grab innocents to exchange for captured spies. However, they're going to go for big fish, not little ones. As an average joe I'm not concerned about being held for a spy swap, but if I were a highly placed executive there's no way I would set foot in China.
Meng was PRC royalty - the daughter of Huawei's president, imagine a literal billionaire being a spy. She was taken hostage under Pence's China Initative for Iranian sanctions shenanigans that historically was dealt via fines. The initiative explicitly called for targetting PRC nationals.
Hence intense reaction. The 2 Canadian Michaels on the other hand, were text book spys with NGO covers. Western propaganda likes insinuate PRC would capture innocent westerners when state security have massive state survillance capability that completely dismantled CIA networks a few years prior. Like literally friend of Michael hinted he was in "intelligence" and CSIS (Canadian CIA) publically celebrated on twitter upon their return. The Michaels weren't executives. The TLDR, while in PRC, don't traffic drugs, don't be a spy/do anti state activities, don't get involved in expensive legal proceedings - the latter is what actually get (white) westerners in trouble via exit bans.
It's time for the West to stop playing around and allowing this sort of hostage taking. If China and Russia want to play dirty, play dirty back. They take a hostage, start taking their nationals hostage and plant large quantities of fentanyl on them.
Do you have any proof she was a spy? She absolutely was not. An extremely high ranking executive of one of the largest technology companies on earth would be literally the worst possible choice for a spy.
That's because the GFW allowed it, GFW has no problems to block any VPN at will.
GFW is sophisticated beyond imagination, one way to detect VPN traffic(or SSL, or SSH) is to observe its patterns and where the traffic is going. It's not too hard to have a blacklist of all VPN vendors too.
shadowsocks was designed to bypass it(to make traffic looking random), I recall its developers were visited by cops and warned to stop doing that.
It's said China built the largest LAN on earth, the government is just too scared by its people to get educated, it's a true parallel universe.
The reverse is true as well. I traveled in India with a friend from China who used their Chinese sim card in India, and their data was censored through the firewall. Really annoying to be outside China and not able to use Google maps.
This is the same in Qatar, and probably in other Middle-East countries. Most of the residents use a VPN to get around the firewall, but I don't think anyone would be prosecuted for it unless the police wanted a nice easy reason to get you into custody.
> The use of VPNs in China can provide individuals access to the international internet, but in China, it can be a potential legal risk. In 2017, the Chinese government declared all unauthorized VPN services to be illegal. An example of the use of this punishment is Vera Zhou, a student at the University of Washington, who, when visiting her Hui parents in Xinjiang, China, used a VPN to access her school homework. She was arrested and sent to a Xinjiang internment camp from October 2017 until March 2018, followed by house arrest after her release. She was not able to return to the US until September 2019.
Use of VPNs is... universal... among middle-to-upper-class Chinese. This is obviously not an example of legal risk associated with using a VPN. Rather, it's an example of a punishment coming down on someone who was targeted for other reasons.
An immediate implication is that, if you repealed all the laws against VPNs, nothing about anything would change.
And for those who don’t feel in legal jeopardy many VPNs are still being blocked and reconfigured in an endless arms race between the provider and the GFW
I’ve done so much experimentation with GFW pre pandemic while staying in China for extended period of times. I was always amazed at how quickly they would catch up on my shadowsocks, random ssh tunnels…etc. 48 hours top before I had to rotate IPs. This report seems to indicate this is now instant?
Fwiw My most reliable trick ended up piggie-backing off of a physical line going into Hong Kong from Shenzhen, and when roaming around China, using a vpn to get to that shenzhen gateway. As far as I can recall, that always worked. This led me to believe that most of the vpn traffic analysis (and blocking)was done at the edge of the GFW and not inside of it. Again, this could be outdated by now.
I tried to setup a shadowsocks server to bypass the GFW about 2 weeks ago. Server was hosted on my local network in Australia (with public IP), client was connecting from China (using the server IP).
It was blocked immediately and the client could not connect. I had several unknown IPs try to connect prior to the attempted connection.
I was stunned at how water tight the GFW is, it's really unfortunate as I would love to work/travel through China but cannot due to needing an active internet connection.
Yeah pdf of report says that blocking is instant as of 2021. Also completely agree with the need for an active connection to do work. A lot of the software/hacker devs I knew have left China all together in the last 3-4 years. Inability to look up stuff reliably (even on working VPN providers) was one of the reasons cited by a few.
A fellow Aussie currently in China, a Trojan [0] server has been working fine for the last week I've been here. I've got it hosted through a VPS (smaller provider) in LA. While it's a bit of a pain to setup, reliability has been pretty decent (with occasional? short breaks) and definitely useable - my laptop is connected 24/7 and I can access the unfiltered web, including video, just fine. V2ray also supposedly works quite well, but I haven't looked into it.
Last time I went to China (2018) you could simply get a China Unicom Hong Kong SIM card and then use that to roam in mainland China. With that you'd get the Hong Kong censorship level, which is much much less restrictive. No VPN or anything needed apart from the SIM card itself.
I'm in China right know with a Mainland/Macao/HK eSIM. My Chinese friend has to use a VPN to access Instagram as did I when I was connected via WiFi in mainland China. Using the eSIM connection I could access Instagram and Youtube without any issues, likewise here in Hongkong (with WiFi).
I didn't investigate how large the difference is, but Hongkong traffic is still treated more liberal.
There's a more straightforward way: roam with a foreign sim card. Roaming traffic is tunneled to your home telco and for whatever reason the tunnel isn't inspected at all. With the advent of esims you can buy a roaming sim and use it on your phone within minutes.
Can you activate it while abroad though? After I moved away from the UK I still had to have a UK mobile phone for various things. My UK sim would stop working after about a year away. When buying a new one I had to get someone in UK to put it in their phone to let it at least once connect to the home network. Without it the card would be useless. Is using foreign sim cards now easier?
eSIMs just need a data connection back to the SM-DP server and that can be done over Wi-Fi. I don't think that protocol is blocked that they talk to it, and the SM-DP vendors on the market are typically "global" providers that work with multiple operators.
EDIT: I checked myself to be sure. It's "RAM over HTTP(s)" -- "Remote Application Management" of the eSIM. GFW doesn't block HTTPS, so you should be able to get provisioned to any carrier worldwide while inside the firewall.
There are esims explicitly targeted to travelers. Those are the ones you want. In my experience they don't have any activation restrictions like the ones you describe
Many years back I was running a socks proxy for access while in China and I found that it worked great in Shanghai but was rapidly blocked (or degraded in some fashion) in Hangzhou. That seemed internal and not edge but I do no really know how they were interfering with it. Given Hangzhou's tech expertise it just may be the ISP there was more capable and up to date?
Was there an international event in Shanghai at that time? If they expected a large number of foreigners in a particular region they would relax the censorship in that particular region. They could even do it per hotel room where hotel rooms booked by foreigners automatically have lesser interference between GFW.
That might be it. I was there every year for about a 15 year period but this may have been around the time of the 2010 Expo. Though I was not in hotels, I was in apartments (ones owned and lived in by Chinese, not foreigners).
Yes but they are unfortunately targeted more than other censorship circumvention tools. Since everyone knows Tor/Obfs4/Snowflake it's easier to get your research published if you work on detecting that.
They certainly could, but I assume there’s an understanding among officials that to do so would cripple certain sectors of the economy. Certain kinds of work would grind to a halt. I’d wager that a majority of non-Chinese residents would leave the country.
I remember having to deal with the early GFW about 20 years ago when I was working for a company that had some employees on a site in Shanghai.
Every morning, our colleagues in China would open their mail client and it would connect to our server abroad.
The first person would usually be OK, but for everyone else, the connection would fail.
At the time, almost nothing was known of the GFW and it wasn't as clever as it is now. I found out that the POP connection was quickly blocked after a few minutes, probably triggering some slow firewall rules along the way (it seemed a bit random, so I assumed the firewall setup wasn't unified).
Moving to POPS/SMTPS seemed to improve things for a while, but the connection would still be randomly blocked.
What worked in the end was to use a bunch of random ports instead of the well known ones to accept POP/SMTP connections on the server, and we never had any issues after that, at least until we changed system a couple of years later.
We have a satellite office in Dubai. I know their static IP. When they connect to our imap/smtp server they are coming in from another IP. I never looked into it deeply but assumed their connection is being diverted for inspection. (If true, they would probably not be below performing industrial espionage with the data they are accessing)
I've debugged connection issues with someone in China. The same person, using the same browser and at the same time, showed up in the logs of two cloud apps with different IP addresses. The applications were adjacent in the cloud, same network config and everything. We figured there was always redirection, and we were never seeing their "true" IP address.
A simpler test is to search "what is my IP" and compare the values returned by different services.
The IP space in China is wild, multiple ISPs use the same IP ranges and some even use foreign IP space but they don't route them outside of China. I wouldn't be at all surprised seeing proxy setups at ISPs trying to "fix" some of this.
Even when we had physical machines in Chinese data centers it didn't mean that our service was reachable from all ISPs. In 2010 we gave up on that and just started using Akamai China CDN with our servers in Europe.
At that level, there is no reason to proxy it through a different IP address. If you control the network, you can just make the packets come from the original, real address.
Interesting that it's cracking down on Shadowsocks with obfuscation plugins. SS w/ v2ray was more or less the gold standard when I was going there from 2017 to 2019.
Back then, certain times (early June, big government meetings) would see a crackdown on VPNs where, so far as I could tell, they just threw down crude blanket blocks on anything they sorta-kinda knew was a VPN but couldn't procedurally target-block. It would (usually) still connect but be rate-limited to essentially nothingness.
I always got the vibe that they sort of informally tolerated VPNs above a certain threshold of sophistication, figuring that they were more interested in blocking the low-hanging fruit that the unwashed masses could easily use, rather than something more sophisticated that only a few techno-nerds could utilise. As other posters have said, they'd know who was doing it and preferred to come knocking with a rubber hose if those people caused too much in the way of issues.
China doesn't realize how much they are being held back by meaningless investments of time and expertise on this. They spend almost the same %GDP as the US does on the US military as on their internal suppression forces.
Maybe it's good for the world that they burn so much talent and wealth on adding inefficiency to their internal information exchange.
I would disagree. The leading organization is much more aligned with the needs of the nation than the likes of Iran or Russia, which probably wouldn't mind bombing the shit out of their own city if it was necessary to stay in power.
For example they actually bow to American pressure and try to avoid sanctions or other trade problems. As of today their navy could be completely destroyed with like 30% of the US Navy, so any naval blockade is probably unbreakable for them. Iran's hunta would (and did) just say "whatever" and continued tanking the GDP.
Another example - the Chinese intelligence helps domestic industries, even those that are far from the defense business.
Everyone knows when people disappear or get "nicely escorted" from party meetings. /s
I am guessing the comment above somehow meant that more infighting within a gang of literal criminals who put themselves in power and clearly struggle to maintain it means the gang is somehow better than a democratic government? But I cannot see the logic
PRC centralized narrative setting apparatus is more efficient than constant misinformation shitshow on western platforms. Not to mention the entire reason why PRC has domestic info ecosystem is because they were prescient in filtering external content. The system already paid for itself many times over.
>They spend almost the same %GDP as the US does on the US military as on their internal suppression forces.
It's almost as if PRC doesn't spend that much %GDP on military. The waste is PRC spending as much as US on domestic policing, which is not great considering how militarized US policing is. Meanwhile PRC simply doesn't spend that much on defense <2% vs US ~3.5%, if you include guestimates of shadow budgets, 3% vs 6%.
I wouldn’t say that. But Western countries would absolutely replicate the surveillance and censorship if they could. And they do in some ways, but there are many structural things stopping them.
I wouldn't be so sure that it's a bad idea. Look how social media has damaged democracy around the world. US democracy is stuck in a bit of a death spiral - https://www.theatlantic.com/ideas/archive/2021/04/how-stop-m.... I hate repression, but they've been at it for thousands of years and I'm no longer super confident we have something better (see citizens united, roe v wade, affirmative action). China's life expectancy just beat the US.
The US doesn't have a minority rule death spiral because of social media, it has a minority rule cycle because the constitution literally entrenches minority rule via mechanisms like senatorial malapportionment, supermajorities, the electoral college and judicial review of policy (see citizens united, roe v wade, affirmative action) rather than merely procedure. It has experienced this before, sometimes devolving into outright civil war, without actually reaching death.
The technologies for resolving America's problems are well understood - majority decision making, parliamentarism, representation and participation of electoral minorities rather than inhibiting the work of the majority, a narrower scope of judicial review and/or a more flexible constitution. But as long as people say, as you do, "it isn't the thing that caused the problem that is the problem, it is some fancy gadget that is the problem", then you will be unable to solve the problems
> It has experienced this before, sometimes devolving into outright civil war, without actually reaching death.
That's not really enough to establish a pattern, though. People in China have furniture older than the United States.
> But as long as people say, as you do, "it isn't the thing that caused the problem that is the problem, it is some fancy gadget that is the problem", then you will be unable to solve the problems
This is victim blaming. US citizens get no say in governance:
"Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens"
I'd say the issue is "factionalism" as the US founding fathers identified it. Some group (elites, landlords, corporations, white people, etc) is looking out only for themselves at the expense of society in general. East Asian countries love enforcing their conformity and harmony.
The comments from people obviously never having been into a restricted country are hilarious. There are a few, most likely shadow approved, VPN providers that work. I refuse to believe they are just smarter than the GFW. I am convinced they are sanctioned and monitored. Which is fine if you never have any beef with the government. Which you never know you do until you do.
Stuff like socks5/shadowsocks and wireguard have long been useless. Imagine being in your house, and you want to go out, without anyone seeing you. No matter how well you try, just the attempt itself reveals you are trying - thus you are caught. Same for escaping GFW. A sanctioned VPN or RDP that stays alive without metering, is your best option.
Your comment is equally hilarious from the point of view of a native who lives in China now.
idk if i'm smarter than the GFW but every time I rolled my own censorship-circumvention tool it worked well, even the most lazy way worked. I've never used any VPN provider. And FYI even unchanged WireGuard still works, though there seems to be some offline traffic analysis looking for that, so once a week you'd wake up to your VPN connection broken and had to change ListenPort on the server.
The only annoying thing for me is: f- you AWS, egress too damn expensive!
Can't you use a "sanctioned" VPN to tunnel your connection to a "real" VPN or any wireguard endpoint? They could still be able to find out you're using a VPN, but not monitor your traffic.
This paper is nice, but it goes over some finer technical things.
So, not about the great wall, but there's projects out there, like this one https://github.com/salesforce/ja3 , which talk about how you can fingerprint fully encrypted traffic(TLS/HTPS). There's a great section in the Readme "How it works" that goes over it. Would be surprising if the great wall doesn't do this, when some open source firewall will.
Chrome randomizes the ClientHello these days[1], so JA3 is obsolete in that sense. You could still build a fingerprint off of the common advertised TLS parameters, disregarding their order. The linked paper references an incident where the list of ciphersuites were used to detect Tor-obfs connections[2][3].
It's extremely intuitive. You're trying to filter unusual, encrypted traffic.
First rule exploits the IND-CPA property of most encryption. You want to kill traffic that has about 4 bits set to 1 per byte, i.e. traffic that "looks random".
The following rules are exemptions for permissible encrypted or compressed traffic (note that compression, while not IND-CPA, results in high entropy and thus will trigger the first rule).
This could work very well, which is confirmed by the researchers in this paper.
Do you mean "found" by the CCP, or "found" by the researchers? In the case of the CCP it was likely generated through basic statistical analysis, and tuned to minimize side effects and collateral damage below some threshold of acceptability (~0.6% of global traffic unintentionally blocked). In the case of the researchers, the paper details the basic statistical analysis used to discover these rules.
Ex1 is just excepting low-entropy packets (distribution of 1s and 0s tends toward the mean for high-entropy data). Encrypted data presents as high-entropy. This is a crude method (errs on the side of not excepting) but is very efficient for embedded hardware to compute.
Ex2-4 are just excepting ASCII text, which is used by many unencrypted protocols (e.g. IMAP), but which are high enough entropy that they statistically will fail the first test often.
Ex5 is necessary because TLS is high-entropy (by nature of being encrypted). HTTP is also excepted presumably so e.g. compressed uploads (e.g. images/video) aren't flagged.
That "low entropy" is the key to bypassing the GFW isn't surprising at all -- high entropy is all but a necessary feature of most cryptography schemes. (I say "all but" because -- encryption isn't adding information, so unless you compress before you encrypt, it's possible for a (hypothetical) encryption scheme to preserve entropy, according to several objective metrics. I don't know of any that do this, beside the meta scheme of compression before encrypting, followed by steganographically padding the encrypted data afterward. This of course leaks some information through the encryption -- equal to the negentropy of the message -- but it would typically be information that can't be gleaned from context, e.g. that the message is HTML+text.)
You misunderstood your parent comment. What he/she meant is that the "algorithm" is only a guess from reverse engineering. The actual algorithm deployed at GFW can look significantly different.
My university vpn only worked for a few days while studying in China.
But there is this tiny little vpn software being spread around. Not sure if it's true but I remember it's falun gong teaming up with the CIA. Which at the time was able to go undetected, I think they keep rotating the IPS or something.
Was interesting how fast that tool spread "offline" between international students. Also Chinese have it but its less known among them.
The exact reverse engineered algorithm of the GFW is on page 4. It looks very reasonable (given what they are trying to achieve with it).
The easiest bypass I can think of would be to tunnel your connections via TLS. For example socks server tunneled via SSH which in turn is tuneled via TLS to your gateway.
Or perhaps you can somehow get your SSH client to transmit "GET " at the beginning of the connection, have the server ignore those 4 bytes, then proceed as usual.
Can China pressure every domestic company to use their certificate authority allowing them to decrypt all TLS traffic, or be blocked? And block all sites outside China?
If it’s over https, an outside observer has no way of knowing your stream started with a GET. Unless they’ve tapped ssl certificates, but that would be major news
I am a total obfuscation noob. How far does their DPI go? I am guessing Tor and stuff have tried hiding it inside lots of different protocols and file types (I think I read something about that at some point). Is it to the point of hiding it as part of a html doc (like under a specific tag or something). At what point do we move towards having executable Javascript generate the encrypted text which then is decrypted?
i recall a chinese guy telling me he got around it on his PC by setting up a streaming webtop on a VPS on a foreign network that he didn't have issues accessing https://docs.linuxserver.io/images/docker-webtop
Nope. Starlink shuts down over china on the satellite side. Tesla has a huge presence there and they also threatened to shoot the satellites down (which they've done before) if starlink provided internet access there
Maybe you can, but the Chinese "VPN law" used some wording like "unauthorized communication channels" without further definition. They can just call Starlinks "unauthorized" and start confiscating them, just like what they did to the satellite dishes for receiving foreign TV signals.
Went to china some years ago and my pptp vpn blocked after a day. Switched to ssh and after a day it was rate limited to basically nothing, but I could avoid that by switching port every morning.
Trying to get off the hook on a technicality isn't going to work. Lots of people use VPNs completely in the open without getting jailed, because they're not otherwise of interest, but if you are being targeted, nobody is going to care about your "sshing to aws" excuse. And ssh tunneling web traffic looks quite different from normal ssh usage anyways.
I assume the timing patterns and amounts of data would likely be distinct between SSH and web. "Normal" SSH usage would mostly consist of much lighter packets, such as user keystrokes and terminal screenfuls of text. Typing tiny commands and getting a few kilobytes of output. SSH file transfers happen occasionally, sometimes with a large bulk of data.
Active web browsing requires downloading a crapton of files with wildly different sizes and sporadic timings between them.
Add normal user interaction, API requests, ad cycles, long video streams that won't max out all bandwidth, all happening at once across multiple tabs. The client also sends much more data with each TLS handshake and all those HTTP headers.
This could probably be masked by deliberately filling idle periods with garbage data just to appear as a stable data stream both ways.
Forget using a real web browser over an SSH proxy. What using elinks on a remote host with ssh? I bet somebody using elinks across ssh is virtually indistinguishable from somebody using a text editor.
SSH encryption only hides the content, not how much is being sent and when. When your browser fires off a bunch of requests to load a webpage, the timing is different from running typical commands on a server and receiving the output.
> At least legally I can claim that I'm just sshing to my aws server and not be jailed for using vpn.
Your mistake is assuming that China has rule of law. If you're in China and you upset Xi enough, you get jailed/disappeared even if you technically didn't break any laws on the books.
Could be a use case for X-Windows with ssh -X [0]? (so your web browser is actually running outside the GFW, it's just the window updates that are coming over the SSH tunnel).
any ssh traffic that does not look like ssh traffic (few bytes send to server, some more bytes returned) gets either terminated or slowed down to a crawl
Does this mean that in addition of the classic fail2ban, geoip firewall, or forever super slow login banners, we could also have a honey pot sending a lot of data with a traffic pattern similar than web browsing ?
I was told that SOCKS proxies (which let you tunnel over SSH) are popular in China. It's super easy to setup and you don't need to install anything. You just need to SSH into any Linux EC2 instance outside of your network with ssh -D $port_number $username@$hostname and change a simple setting in your browser to proxy through that node using SOCKS5. It's nice because you still control the remote host (no need to trust some third party VPN) and the traffic is encrypted between your remote host and your local host (where it counts)... Anyone snooping would just think that you're SSHing into your EC2 instance for work purposes and not realize you're using it to browse the net.
You were told wrong. If you uses SSH as a proxy, the connection will be slowed down to a crawl very soon. GFW distinguishes this from SSH command typing by looking at the traffic. This has been in place for at least a decade.
that's mentioned at the end of Page 17. The author tells it's a short term solution: "This is merely a stopgap measure, as the censor can enable their censorship for UDP."
It doesn't seem that there are any (long term) solution to bypass the rules ...
It does seem like this GFW scheme can be tuned to severely degrade the reliability of any unapproved high entropy traffic. However, this single scheme doesn't cover many other types of circumvention traffic, several of which are noted in the beginning of the paper. This scheme primarily applies to "fully encrypted" traffic - not SSL/TLS, etc.
So for now, circumvention can live on, but this explains to everyone using fully encrypted protocols exactly why their connections would have been degraded over the past couple years. In the long term, steganography will probably work well as long as users are able to endure much higher costs for traffic (low ratio of true data to apparent data) and as long as the steganographic systems are effective at hiding any statistical fingerprints (very difficult). Protocol mimicry is another strategy, but a paper cited in this work details why successful protocol mimicry is very difficult.[0]
Attempts to disguise circumvention traffic as typical traffic is very difficult, because a lot of fingerprinting information can be gleaned from handshakes and headers. The draw of fully encrypted traffic is that it provides very little variation which can be used to fingerprint and classify different types of usages. However, it's also easy to detect and block en masse -- that much is obvious, but this paper does a great job of showing how China does it and inferences can be made from that to provide a view into China's priorities (how much cost they're willing to incur, rates of false positives they feel is acceptable). Overall, China's blocking current appears to be fairly conservative here, with relatively low rates of false positives.
In wider context, China is constantly updating their detection schemes, they're quite competent at it, and anything which doesn't match typical traffic is at risk.
Hiding the encrypted messages so that it looks like other normal traffic. Like encoding your encrypted message (subtly) in the pixels of an image (like noise).
I mentioned this a few years ago (maybe 7-8 years ago) on HN when I was told everyone just uses a VPN. Even back then, the cat and mouse game was annoying. You would purchase a VPN (plenty offered), pay a year subscription, and then it would go dark a couple of weeks later (sort of like a membership at a gym that closes down a week after you renew a year subscription). I gave up quickly on outside access, though we had a line out at work so it wasn’t that bad.
But does the paper imply that something like chunked encoding smuggled HTTP requests with an encrypted payload after the second chunk would work?
That is, assuming entry nodes are available as e.g. nginx proxies inside the Chinese ASNs and are allowed to operate serving websites to ASNs from foreign countries.
I'm mentioning nginx because there were some related bypass vulnerabilities in the past, and one could argue that they just missed updating them.
I always wondered where the talent and technical expertise inside China for manning and refining the GFW comes from and how many people it feeds - it seems at this point like family planning, an agency so big it exists simply to perpetuate and provide livelihood to a host of people. Also how much truth is there to the statement that Cisco helped setup the GFW for China in the 90's?
That would require mimicking an existing protocol, and as per the paper that's non-trivial
>Houmansadr et al. [39] conclude that mimicking a protocol is fundamentally flawed and suggest that tunneling through allowed protocols be a more censorship-resistant approach. Frolov and Wustrow [35] demonstrate that even when a tunneling approach is used, it still requires effort to perfectly align protocol fingerprints with popular implementations, in order to avoid blocking by protocol fingerprints. For instance, in 2012, China and Ethiopia deployed deep packet inspection to detect Tor traffic by its uncommon ciphersuits [44, 55, 67]. Censorship middlebox vendors have previously identified and blocked meek [29] traffic based on its TLS fingerprint and SNI value [28].
Indeed a whole class of GFW bypassing tools are now based on masquerading as HTTPS. Trojan (TCP only), Vision (TCP only), Hysteria (UDP), just for some examples.
Companies get around ssl issues by minting their own root CAs and configuring their workstations to trust them. China has no (technical) way of forcing you to trust their root CA
Because "Everybody does it and gets away with it", as seen in this very comment section, so it doesn't actually put much pressure on the public as far as they are concerned.
Also, "it's done for social harmony"; Very few places are as dogmatically hostile towards social good as the US, and are willing to make individual liberty sacrifices so that everyone may be better off. Arguably this is the same rhetoric or philosophy as the "Thin blue line" American cops love.
Also, your average chinese person just doesn't care to see english language media that much. They have diverse (to them) opinions and culture on their homegrown social media systems, and don't feel a need to leave the walled garden of Chinese internet much in the same way most westerners do not feel the need to join Russia's social media apps.
Also, the CCP "brought millions out of poverty" within living memory. Many people there feel that justifies a hell of a lot of vaguely "bad" actions, or makes it way easier to rationalize things.
GFW always been a big issue, first with github, you only can clone repo at ~20kb/s, then apt yum homebrew, some is ultra slow,some just blocked
Nowadays, I already put a lot of effort on how to bypass it
I am Chinese and lived in China until this year if you want to know. For github, the situation is a little complicated, you can read this: https://www.reddit.com/r/China/comments/v8fv0p/why_is_github.... For Amazon, I mean amazon.com, not amazon.cn. Also amazon.cn's services are declining, almost nothing there.
Reddit's owned by the Chinese? I thought they were owned by a US-based conglomerate called Advance Publications, which is the same group that owns Conde Nast.
On the other hand, this shows GFW authors are more, and more considerate of the collateral damage, which is a surprise. It seems GFW has indeed became good enough to frustrate casual users to trigger uproar when windows update, or AWS ip ranges go belly up, or something.
VPN authors should chose the maximum collateral damage strategy to frustrate GFW authors, make China as close as possible to completely cutting off outside internet. No need to completely evade fingerprinting, instead, do the complete opposite, and try to mimic common protocols, and critical applications as much as possible.
> The use of VPNs in China can provide individuals access to the international internet, but in China, it can be a potential legal risk. In 2017, the Chinese government declared all unauthorized VPN services to be illegal.[94] An example of the use of this punishment is Vera Zhou, a student at the University of Washington, who, when visiting her Hui parents in Xinjiang, China, used a VPN to access her school homework. She was arrested and sent to a Xinjiang internment camp from October 2017 until March 2018, followed by house arrest after her release. She was not able to return to the US until September 2019.[95][96]