[This week journalists arriving in Beijing for the Olympic Games discovered that the IOC had cut a deal with the Chinese government so that their Internet connection was censored. Crikey commissioned this article, which was first published yesterday. I've added further linkage at the end.]
China’s “Great Firewall” (GFW), officially the Golden Shield Project (金盾工程) of the Ministry of Public Security, is both clever and stupid, subtle and blunt.
As with any Internet filtering system, there’s only two methods to block bad stuff: keep a list of “bad sites” and prevent access, or look at the content live and figure out whether it’s good or bad on the fly. GFW uses both.
Al Gore was mocked for calling the Internet the “Information Superhighway”, but the analogy works. Like the road network, a maze of suburban streets leads to relatively few freeways, all administered by a myriad of local authorities.
When your computer requests a website, imagine a truck driving out your front gate. The driver knows the site’s name but not how to get there. Normally, you’ll get directions.
“Amnesty International? Sure, that’s 78.136.0.19,” says the domain name system (DNS).
“78.136.0.19? Go via Telstra, ask again once you’re in San Jose,” says your ISP’s router. In SJ, you’re told to go to New York and so on to Amnesty’s London office.
In China, though, your driver only gets blank looks.
“Amnesty? Never heard of it.”
“78.136.0.19? No, no such place.”
With relatively few links connecting China to the world, this block is easy. Unlike Senator Conroy’s porn filters, GFW doesn’t have to worry about collateral damage. It blindly blocks entire sites, as well every site sharing the same Internet address — not only Amnesty, but everyone in that office tower.
The GFW also looks at content, and here’s the true subtlety.
Researchers at the ConceptDoppler project have found that it can disrupt Internet traffic within China that even mentions touchy subjects. Imagine your truck encountering random checkpoints. If it contains banned concepts like “news blackout” (新闻封) or “gerontocracy” (老人政治) your delivery is simply burned, never to be seen again.
ConceptDoppler says the banned words still get through 28% of the time, and the blocking can’t keep up with heavy Internet traffic. But even partial blocking encourages self-censorship through the perception that you’re being watched. Perhaps that’s even more effective because it discourages offline conversation too.
Getting around GFW is easy enough for geeks — though perhaps beyond the skills of average Internet users like sports journalists. Wikipedia lists the techniques, and Reporters Without Borders has a handbook.
Using proxies is like first sending your truck to a benign destination so it gets those helpful directions. Once there, the package is opened and the secret instructions inside forward your message to the real destination. To avoid content filtering, just speak in code. Learn to say “duck-breeding club” rather than “student dissident meeting”.
Further Reading
I gathered these links during my research for this story:
- The Connection Has Been Reset: China’s Great Firewall is crude, slapdash, and surprisingly easy to breach (Atlantic Monthly).
- China’s All-Seeing Eye, Naomi Klein (Rolling Stone).
- Empirical Analysis of Internet Filtering in China, from Harvard Law School.
- Real-time test to see if your website is currently being blocked by the Great Firewall of China.
- Behind the Great Firewall, Net Nannies work overtime for companies, suggests self-censorship more the norm.
- fuzheado’s ongoing Great Firewall coverage on Twitter.
And a Crikey commenter called Justin added these, none of which I’ve checked out personally.
- HOWTO bypass Internet Censorship, a tutorial on getting around filters and blocked ports
- Proxy.org — The Proxy Authority
- Vtunnel.com is here to help you beat internet filtering!
- Ninja Proxy | Fast, free, anonymous web browsing with NinjaProxy.com
- Your Freedom
- Free Proxies: Freeproxies.org hosts the best cgi proxy servers on the web, for free.
- Free Anonymous Surfing, Free Surfing through a Proxy (thefreecountry.com)
- Stunnel.org
5 Random Semi-Related Posts
Tags: censorship, china, great firewall, stephen conroy, tor
9 comments
Comments feed for this article
Trackback link
http://stilgherrian.com/politics/the-great-firewall-of-china-how-it-works-how-to-bypass-it/trackback/
04 August 2008 at 3:43 pm
Trackback from China Law Blog - China US Relations. Fair And Balanced....
04 August 2008 at 8:29 pm
Pingback from China US Relations. Fair And Balanced. | Business88
05 August 2008 at 7:44 pm
Pingback from the great firewall « Get Shouty
01 August 2008 at 8:38 am
Neerav
Cool you linked to that Atlantic article I sent you.
P.S. I’m surprised that Crikey lets you repost these stories. Most publishers would make freelancers give up all rights
01 August 2008 at 1:06 pm
Stilgherrian
@Neerav: It’s no secret that Crikey doesn’t exactly pay top rates, so it’s difficult for them to insist on exclusivity forever. To tell the truth, we’ve never spoken about it properly. However I always leave a day or more before re-posting, and they do get the occasional free story and other support.
01 August 2008 at 9:11 pm
yewenyi
I was at a Cisco conference recently and saw a feature being touted and thought, I’d bet they developed that in conjunction with the Chinese government for the Chinese government.
01 August 2008 at 10:43 pm
Daniel
Hi Stil!
I’m writing from Beijing, and as you may know I’ve been here for 6 months studying Mandarin Chinese, and I’ll be here for about another year.
The internet filter is a very interesting and variable thing to observe! My personal method of bypassing is to run an SSH connection to a shell server overseas, and establish a SOCKS proxy over the SSH connection. It’s very easy to do, the standard ssh client has this capability built in. I have set up keyfile authentication for my SSH session, so all I need to do is click one icon to bring up my SSH session and SOCKS tunnel. And from there all I need to do is set my application/s to use the SOCKS proxy. On my Mac it is very easy to do so, as there is a central preference setting for proxies.
I soon found this a bit too slow for all my connections, however, so I wrote a Proxy Auto-Configuration File (.PAC) file which sends connections to only certain URLs via the SOCKS tunnel, and sends the rest direct. If the SOCKS tunnel is unavailable, it attempts to go direct.
In case anyone is interested, here is my current PAC file.
I have had no problem reading your article and accessing those links, I even downloaded RSF’s little “Blogger’s Handbook” without incident.
I think some of the most interesting things that you raise are the elements of the system that encourage “self-censorship” as well as simple shifts in behaviour. For example, the seemingly random nature of some blocking does give the impression that someone is watching. I can talk for 30 minutes on MSN with a friend and mention topics like Tibet and Xinjiang / Urumqi etc, but then inexplicably, the connection might stop working… was it because I said something I shouldn’t have? And you think to yourself… well, to avoid the hassle next time, I’ll just talk about something else.
Access to most overseas sites is very very slow here. I supposedly have a 512KB cable (ethernet) connection here, but accessing anything overseas is like dial-up speed. You eventually think “why bother waiting?” and look at more local content instead. This is probably particularly so if you’re Chinese, and you find it a whole lot easier to read Chinese than English (even if you’ve studied it). A good case is Google - the overseas editions of Google are painfully slow to access (even though Google use Akamai, so they should be well optimised), so even when searching in English I’ll often prefer to use Google’s local site, which has been censored.
You do have to wonder how much the slow overseas access is due to congested links, and how much is on purpose. It certainly has an effect on behaviour.
The practice of impairing your access for a short time after you do something “naughty” also encourages self censorship. For example, occasionally the BBC Chinese website is accessible through the firewall, and I can read a couple of articles. But if I happen to click on one of the articles that has some “controvertial” content, then my whole access to the entire site (including the English language pages) is gone for a while. It seems easier to avoid the trouble and just click on some less-controvertial article.
01 August 2008 at 11:54 pm
Stilgherrian
@Daniel: You walk as a God amongst Men. The formatting of your comment goes astray thanks to WordPress’ over-smartness, will fix tomorrow. That is very valuable information, thank you.
03 August 2008 at 8:14 am
Stilgherrian
I’ve edited Daniel’s comment to link to his .PAC file as a separate download.
Also, a friend sent me another, different list of what’s blocked in China, this time from China Digital Times. Thanks, Stu.