Thank you for this information, fellows. This confirms what I always suspected, but of course, I shall behave in my usual manner all the same. I love China, and wouldn’t ever want to be a lousy guest. I don’t think the GFC is anything more than a method to keep an extra billion people from hurting their own selves. A lot of western criticism would have you believe that the majority of people here are miserable, or should be. Contrast will do that to a point of view. What I do think, though, is that the way it is set up right now looks too suspicious, even if it isn’t intended to be. It’s embarrassingly clunky, but it’s all they have to work with. The hard-headedness implies the illusion of sophistication.

I couldn’t imagine any entity being able to monitor internet activity of a community 24/7. Even if there are devices put in place and even if there is a system designed to narrow their monitoring for specific “naughty” behaviour, there are just too many people in China.
It is normally offline activity that gets someone in trouble for something they do online, unless it is something super-serious, or unless you’re completely careless.

Catching the people behind the Google phishing snafu is something everyone can say is impossible, after all. They’re either super-evasive, or they’re the killers OJ has been looking for for over fifteen years. I don’t believe this country is directly responsible for that incident, but they are accountable, and they must set things right (I think they know it’s in their best interest to).

• Proxies get zapped regularly, but they’re like buses. A new one comes along. Some suggest that the proxies themselves are gov’t-run, so they can really nail the careless folks, but I sincerely doubt it. Some suggest that you can get viruses easily through them, and that is something I am illiterate about. The one I am using gives me a mountain of pop-ups on Firefox, but Chrome stifles them (it does not “block” them in the parlance of making the non-existent).
• YouTube might be banned, but there is a simple method to watching YouTube videos made available. Type “cn” after you type “www.youtube” and before “.com”. You cannot log in, you cannot comment (obviously), and you cannot click to continue onto other videos. You can, however, use the search engine, which opens in a new tab in your browser (Firefox and Chrome, at least).

I don’t know about the legality of any of these things, mind you. Chinese law is cryptic to me, and I don’t know if any one local person can offer me sufficient second-hand information. One can stumble onto some sketchy content here, like in any country, and I wonder if it is only a matter of time if curiosity killed the cat. Considering my awareness and my self-control, I feel confident. I imagine accidental stumbling would be as likely dismissed here as it would anywhere else in the world, if it’s ever brought to light in the first place.

I hope this helps, and if I am wrong on anything, I urge you to correct me. As I said, I am not here to cause a fuss. I love this country for many reasons; one of them being the incredible harmony for such a large populace.

RC

They’re now screwing with DNS lookups for some sites, meaning that your web browser won’t be able to get correct IP addresses for the sites you want to visit, even if you are using a SOCKS proxy via SSH tunnel as Stil describes.

A work-around exists in Firefox to send your DNS lookups via your SOCKS proxy (that is set up in the way that Stil describes above). Do this:

1. In the address box, type about:config and press enter. You’ll get a warning message telling you to be careful. Click proceed (or whatever it says).
2. In the “filter” box at the top, type network.proxy.socks_remote_dns
3. Under preference name, you should then see network.proxy.socks_remote_dns. It should be set to default, boolean, false under the other headers respectively. Double-click it; it should change to user set, boolean, true. (If you have an earlier version of Firefox than I do, you might find you get a pop-up box, in this case use the pop-up box to change the value to “true”.)

After making this change and the change that Stil describes above to your Firefox config, you’ll probably need to restart Firefox for the changes to take effect.

You’ll find that if you disconnect the SSH session (or it drops by itself, which is common in China) you’ll no longer be able to browse anything. In this case either restart the SSH session; or reverse the configuration changes to Firefox (i.e. remove the SOCKS proxy settings from network settings, and re-set network.proxy.socks_remote_dns to false in about:config.

Have fun

However the technique he describes requires you having access to a Linux / Unix / OS X server outside China already set up to allow remote access to the command line via an encrypted link. That’s the “SSH” or “secure shell” he describes — the “shell” being the command line and the “secure” bit being the encryption. If you do not already have this in place, nothing else he refers to will help you.

It’s possible to purchase an appropriate account on a shared server for a few dollars a month. It’s offered by most hosting companies, and the thing to ask is whether their accounts have “shell access”.

The rest of the procedure has two parts, which are about setting up what’s called a “SOCKS proxy” to forward all your web requests to that remote server, which then passes them on to the website you’re trying to visit.

1. Open a Terminal window on your Mac. You’ll find Terminal under “Applications” then “Utilities”. Choose a random number above 1024, say 9999. You’ll also need to know the address of your remote server and your username and password. Type the command ssh -ND 9999 username@yourremoteserver.com where yourremoteserver.com is the address of the server, and log in with your password on that server. You won’t see anything, but this creates an encrypted tunnel between port 9999 on your Mac and the remote computer. It lasts until you press control-C in the Terminal window to stop it, or the tunnel breaks for some reason.
2. In your web browser’s network settings, tell it to use a SOCKS proxy using the SOCKS server localhost and port 9999. This tells the web browser to push all requests down that encrypted tunnel. Done.

As Daniel notes, this will make all your web browsing slow as every web page is being requested via your remote server outside China. He therefore has a trick with that PAC file so only certain websites go through the SOCKS proxy. I’ve no idea how that is set up, though, as that’s even more advanced systems administration.

If all of this is new language, well, this is how professional systems administrators and network engineers build things. There is a vast amount of material on these tools online if you search for their names.

There are downloadable commercial tools like HotSpotShield, but if that’s stopped working then either you may just need to download a new version — or maybe China has simply blocked access to HotSpotShield’s servers since they’re now so well known.

As a fellow Beijinger (going 18 years now) and sufferer of not being able to connect to facebook I beg you for help. I am a computer moron, I just bought my first Mac, and my HotSpotShield doesn’t work anymore. From your post I get that you dont have the same problems but the rest is rocket science to me. Please can you explain in simple english what the hell are you doing to get out from behind the wall!!!

Cheers,
Stan

However I will mention that a third-party system like this also gives that third party the potential to monitor all of your Internet traffic, so choose carefully!

Howard French of the New York Times just came out with an exceedingly thoughtful and balanced piece on the progression of rights in China, entitled, “Despite Flaws, Rights in China Have Expanded.” The content of the article tracks the title and it is…

Also, a friend sent me another, different list of what’s blocked in China, this time from China Digital Times. Thanks, Stu.

I’m writing from Beijing, and as you may know I’ve been here for 6 months studying Mandarin Chinese, and I’ll be here for about another year.

The internet filter is a very interesting and variable thing to observe! My personal method of bypassing is to run an SSH connection to a shell server overseas, and establish a SOCKS proxy over the SSH connection. It’s very easy to do, the standard ssh client has this capability built in. I have set up keyfile authentication for my SSH session, so all I need to do is click one icon to bring up my SSH session and SOCKS tunnel. And from there all I need to do is set my application/s to use the SOCKS proxy. On my Mac it is very easy to do so, as there is a central preference setting for proxies.

I soon found this a bit too slow for all my connections, however, so I wrote a Proxy Auto-Configuration File (.PAC) file which sends connections to only certain URLs via the SOCKS tunnel, and sends the rest direct. If the SOCKS tunnel is unavailable, it attempts to go direct.

In case anyone is interested, here is my current PAC file.

I have had no problem reading your article and accessing those links, I even downloaded RSF’s little “Blogger’s Handbook” without incident.

I think some of the most interesting things that you raise are the elements of the system that encourage “self-censorship” as well as simple shifts in behaviour. For example, the seemingly random nature of some blocking does give the impression that someone is watching. I can talk for 30 minutes on MSN with a friend and mention topics like Tibet and Xinjiang / Urumqi etc, but then inexplicably, the connection might stop working… was it because I said something I shouldn’t have? And you think to yourself… well, to avoid the hassle next time, I’ll just talk about something else.

Access to most overseas sites is very very slow here. I supposedly have a 512KB cable (ethernet) connection here, but accessing anything overseas is like dial-up speed. You eventually think “why bother waiting?” and look at more local content instead. This is probably particularly so if you’re Chinese, and you find it a whole lot easier to read Chinese than English (even if you’ve studied it). A good case is Google – the overseas editions of Google are painfully slow to access (even though Google use Akamai, so they should be well optimised), so even when searching in English I’ll often prefer to use Google’s local site, which has been censored.

You do have to wonder how much the slow overseas access is due to congested links, and how much is on purpose. It certainly has an effect on behaviour.

The practice of impairing your access for a short time after you do something “naughty” also encourages self censorship. For example, occasionally the BBC Chinese website is accessible through the firewall, and I can read a couple of articles. But if I happen to click on one of the articles that has some “controvertial” content, then my whole access to the entire site (including the English language pages) is gone for a while. It seems easier to avoid the trouble and just click on some less-controvertial article.