Great Firewall of China nukes VPNs on sight

A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.

Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.
Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."
But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.

China tightens 'Great Firewall' internet control with new technology [Charles Arthur/The Guardian]

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: censorship • china • crypto • steganography

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

awjt

I was in China in September and used VPN (Juniper IPSEC) with NO issues. I doubt that my organization has “registered” with China. Can’t prove that one way or another. But, in any event, I had no issues with VPN. Poor network at some hotels especially further from Beijing, yes, but no Great Firewall issues.
- Andrew Singleton
  
  Any chance things changed between then and now?
  - awjt
    
    Sure, possibly. But the article said May 2011, and I was there Sept 2012. In Beijing, I was a few doors down from all the gov’t offices, and had no disruptions.
    - riceagain
      
      These issues have arisen since September .. That said I’m still connected over IPSec reliably in Beijing..
- rdbms
  
  your company is registered
  
  you can’t get hardware through customs without disclosing the keys, and you can only choose keys on the approved key list….
  
  we shipped 40 units to china, they were all returned until such paperwork was sorted out.
http://www.disoriented.net/ angusm

Today China, tomorrow the world.
http://twitter.com/timgingrich Tim Gingrich

Lived in China 7 years. One of the redeeming qualities of the government is that it’s a incompetent and lazy as it is “evil.” Don’t forget greedy: my guess is that this has more to do with the lobbying of one of Astrill’s Chinese competitors to the VPN game or something like that, ha!

Anyway, I think we always live in fear that “the big one is coming” (i.e. when the Chinese government really does flick the switch… off). Instead we get half-ass attempts like this every year or so.
- Andrew Singleton
  
  I suppose the silver lining to this sulfuric acid cloud is the constant fear and ‘training’ means they’ll be ready. I hope.
- fuzzyfuzzyfungus
  
  While I don’t doubt that laziness and incompetence are part of the picture, and probably some additional element of “Now, make sure to partner with one of our favored domestic firms if you want your VPN to actually work reliably…”, I wouldn’t necessarily say that that is a good thing.
  
  Incompetent, inconsistent, or just plain idiosyncratic enforcement of a given restriction (while convenient for those trying to slip past) also means restriction that is…flexible… and thus much easier to tailor to the demands of the moment. Well behaved foreign firm has a VPN to HQ? Good for business, don’t bother them. Mr. Fancy Intellectual/whiny college student is doing a bit of light reading abroad? If it isn’t plaintext it isn’t going through… World generally peaceful and unthreatening? Slack off a bit and let the kiddies get to their precious porn, if they really care so much. Party Congress? Turn ALL DIALS TO 11!
  
  It’s like prohibition: If it had become genuinely impossible for people who wanted a drink to get one, we probably would have told the temperance movement just where they could shove it years before we did. Same now with drugs: a fair percentage of the people who want them can get them, much of the judicial punishment falls on undesirables(celebrities go to rehab, Herr Bloomberg’s stop-and-frisk kiddies, less so) so the official rules weigh less heavily than they otherwise would.
Zach Smith

meh. living in china right now. the ‘great firewall’ is laughably easy to get around for anyone with any sort of internet savvy. good scare piece though.
- awjt
  
  That was my experience. I was thinking, if they DO manage to detect VPN traffic and block it, all that’s needed are a synchronized port-generator for both sides (timed to a shared clock), and for the VPN to be able to tx/rx on multiple ports simultaneously. One goes down, the others take over. Then they all switch in a few seconds anyways. It would be extremely hard to listen for and block these packets all over the ever-shifting port range. Especially if the traffic was disguised as non-vpn packets, to boot.
Digilante

I provide VPN services to thousands of travellers – so far no big disaster from the Chinese side.
Jonathan Roberts

I’m using Astrill now, I had some trouble getting online a couple of weeks ago but things seem to have settled down again. You seem to get different problems each time, such as the connection being very slow or timing out, having cookies put on the computer that block sites even with a vpn (Facebook is blocked but not Youtube), Google searches automatically being converted to Baidu searches, redirection to a webpage linking to lots of Chinese websites and a Baidu search bar with “www.facebook.com” (even when you were looking for a different page – they really seem to hate Facebook for some reason) or showing you the page for a few seconds before redirecting you to a different page saying that there is a problem with the site…
Those of my friends who have been in the country for longer than me say that it’s pretty common to see crackdowns (not just online) around national days and during changes in power such as the one this year. People doing anything illegal tend to lie low for a while and then get back to business when things calm down a bit.

It’s getting more and more obvious that ideology is definitely a secondary consideration with the GFW – foreign businesses are allowed to operate in China as long as it is massively beneficial to China (50% of the staff must be Chinese, it’s almost impossible to start a business or get a loan as a foreigner and there are big limitations on taking money out of the country). Add that to the fact that many of the national companies have strong ties to the government or to government officials (and to the fact that many Chinese websites are very poor imitations of western ones), and it’s not difficult to see why they want to limit access to foreign sites.