back to article China 'upgrades' Great Firewall. Oh SNAP! There goes VPN access

China's notorious "Great Firewall" is being blamed for widespread reports of virtual private network (VPN) outages in that country. China's Global Times – an English-language subsidiary of the state-run People's Daily – reports that customers of several prominent VPN services based outside the Middle Kingdom have complained …

  1. John Tserkezis

    Can't risk the citizens finding out about the horrors of Tiananmen Square in 1989, you know, where nothing happened.

    1. Anonymous Coward
      Big Brother

      China is a hangover from the old totalitarian days, but to be honest, all governments hate the interwebs. The ultimate in mass media, where proles can consume information from all over the world, and publish stuff almost as easily. A living nightmare for all government, as instinct number one is 'control everything'. They are now faced with something that's beyond their understanding, and control. Hence each act of terrorism or 'nonce-ism' is the fault of the internet. They hope it'll give them excuses they need to 'tackle internet crime'. Which of course means trying to control what we see and do. Freedom dies, to the thunderous applause of Daily Mail readers.

    2. Yet Another Anonymous coward Silver badge

      But it is necessary to protect the freedom of expression of chinese satirical newspapers - David Cameron said so.

    3. yossarianuk

      Like the Uk soon then?

      Seeing as Cameron want to ban encryption (or at least unbroken encryption) the UK is heading this way soon enough.

  2. silent_count

    'Cause we want to!

    I disagree with China's decision but I do like the honesty of their approach. No bleating about terrorists or paedos. Just, "Screw you guys. We'll do this because we want to."

    1. Anonymous Coward
      Anonymous Coward

      Re: 'Cause we want to!

      "I disagree with China's decision but I do like the honesty of their approach. No bleating about terrorists or paedos"

      Umm... what? In China, China denies filtering any traffic at all. In this case, they announced they were making changes to defend their sovereignty, but never explained that involved blocking VPN providers. But only some VPN providers have been blocked. It is not clear why just some. Did the ones that were not blocked, somehow provide information to the gov't? The only way to find out what is blocked at any given time, is to ask someone in China to test. But given that some blocks are on people in a given region, it is hard to know for sure. And the results change constantly. For example, China blocked all Internet access in the Xinjiang region for over 6 months, except for official gov't websites. 21 million people, no Internet access for 6 months, and barely a mention in the western news.

      And to disguise it even further, China doesn't just block sites. Sometimes they serve up a Javascript or Flash bomb. For example, something that will lock up your browser or open a 100 popups. These are less common now, as browsers are better, but going to Wikipedia in China used to require a reboot to unwedge your browser.

      So, no, no one in China knows what is going to work from day to day. And as a foreigner, you will stay in a four or five star hotel, and get a different flavor of Internet again.

  3. Mark 85

    I use to have a CIO back in the early days of the Web. He often stated that "the Internet is for business only and everything else should be banished.". I'm beginning to believe he was right and that governments would eventually, block all but the business web sites. Afterall, all the rest of us are just hooligans.... Maybe China is just being an early adopter of that philosophy?

    1. Jim Oase

      We the people are the government...

      We the People of the United States in Order to form a more perfect Union.... Unlike Chine "We the People" formed our government to protect our individual rights.

      Individuals with equal rights don't need a bunch of strangers who call themselves government to think for us. We don't need strangers/government to give some of us money with conditions when accepted. That "trade" money for behavior is another deceptive form of state run freedom.

      State compulsory education laws are an excellent example how all laws reduce freedom rather than add freedom. Laws and regulations move the United States government closer to Chinese government.

      1. Pascal Monett Silver badge

        You should move to Somalia right away. I'm sure you'll be happy with all the freedom they have over there. Last I heard, there are no laws at all.

    2. Canecutter

      That CIO was almost right. The internet is for _science_.

      But then:

      If it wasn't for porn, the Internet would not be half as popular as it is today; porn did for the Internet just what it did for the VCR: it made the use of it desirable.

      So arguably, porn was (is?) the killer-app of the Internet.

      Let's see how much profits the likes of Google, Facebook, etc., would make, if all but business usage was blocked on the Internet.

      1. Mark 85

        Well... given the lobbyists who run Congress and the way things are going.. the Internet (in the USA) will soon be cleaned of anything except business and maybe (if there's profit somewhere) the scientific community. Hmm... porn IS a profit center so it will be allowed to live. Free speech and freedom of thought, however, are doomed.

        I hope I'm wrong on this.....

  4. Anonymous Coward
    Anonymous Coward

    In the stampede .....

    While they go gungho on blocking Google, Facebook and every other social site, the Chinese seem to have relaxed SOME of their blocks - I found pron plentiful and easy to access during my recent visit, and torrents were coming in at 20 times the speed of THIS website.

  5. Anonymous Coward
    Anonymous Coward

    that is weird, China you say?

    Trusty UK VPN that has two WANs silently stopped working yesterday, came back on today. No visible traffic, no firewall DOS alerts, just didn't work like something was in front of it (but on two different ISPs?), worked for a short while after a reboot yesterday but nothing done today and half way through the day it's fine again.

    Too coincidental to me, we are being softened up for the next clamp down.

  6. Anonymous Coward
    Anonymous Coward

    Cough Cough openvpn tcp mode over port 443 (looks just like https) works every place ive been that has vpn blocking, its pretty easy to block ipsec or pptp.

    1. Ben Tasker

      It only looks like https at a casual glance, and even then that's dependant on what's traversing the tunnel (we're of course talking volume).

      It's certainly more expensive to block (as you'd need to do some analysis), but it's certainly doable.

    2. Andrew Meredith

      >>Cough Cough openvpn tcp mode over port 443 (looks just like https) works every place ive been that has vpn blocking, its pretty easy to block ipsec or pptp.<<

      Sorry .. tried that trick the last time my colleagues in China couldn't get through. That was blocked too.

      1. JR555

        CitizenVPN can connect with openvpn on port 53 to most countries so it appears as DNS traffic and gets around even blockages on port 80/443...

  7. Gary Bickford

    Time for a steganographic VPN

    A VPN could be implemented as a stream of encoded normal-text, using some long standard text. It could use any part of the text - extra spaces, or substituted words. Making it still seem like normal text to censors while having some efficiency might be difficult.

    1. Tom Samplonius

      Re: Time for a steganographic VPN

      "A VPN could be implemented as a stream of encoded normal-text, using some long standard text. It could use any part of the text - extra spaces, or substituted words. Making it still seem like normal text to censors while having some efficiency might be difficult."

      Just sign up for the VPN service, and find out what IP or hostname they use for their server, and then block it. It is apparently what they did.

      Because OpenVPN can simply use port 445 (htts), and since the packets are encrypted, you can't tell OpenVPN over port 445 from https.

  8. Kevin McMurtrie Silver badge

    Step it up

    I'd appreciate it if they'd hurry up. I'm tired of having to firewall China myself to keep out all the bandwidth-leaching attacks from state run networks that, by policy, publish fake contact information.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like