How to Penetrate the Great Firewall of China

作者：Ronald J. Deibert 转自：Interesting Times

OpenNet Initiative (ONI) works with the Berkman Institute and with Cambridge University and the Citizen Lab, a global intelligence agency. We’re involved in the technical end of things. Methodology involves contextual research methods, test, and analyze the meanings. In some countries the research we do is considered espionage.

It’s critical and also risky. There are probably 100 researchers in total. ONI Asia is new. This is a large operation. We use a spectrum of methods using remote probes. This is where we connect to computers as proxy from Canada.

We make requests for web sites as if we were in the country. Our request in Beijing for Human Rights Watch was dropped, but we can find it in Canada.

Next, we move to portable tools. People traveling to the country, download software into their laptops, and we control through a shell account that allows us to test 24/7.

We have 2 main baskets, the global lists and the local lists. Human rights, pornography, and in the local lists are put together by local people, URLs in local languages that the local people expect will be under investigation. More than 20 languages were used in local tests. We’re running tests right now in 71 countries.

We’ve done studies in 2004-2005 and 2006-2007 in China, and now and ongoing. Filtering in China has been covered by others. We categorize China as the most pervasive of filtering in the world. No matter where you connect in China, you reach filtering at the backbone.

There are three methods they use:
1. DNS tampering, where the routers interfere with the system that cross-references with the domain names and the numerical addresses. It gets redirected to a non-existent site,
2. IP blocking where the numbers are blocked. This method is common around the world and leads to collateral blocking. Many domains share the same IPs. Keyword filtering is achieved in the URL. It gets filtered. Our testing will show it if there is a movement to scan content for keywords. There are laws that proscribe and constrain what can occur on line. The laws that punish the user and cybercafes complement the technical filtering that occur there.
3. Skype filtering goes on there as well.

Self-discipline pacts occur in business, as well. These are an extension of a climate of self-censorship.

What’s going to happen at the Olympics? Steve Wilson said it’s a contract situation, that press freedom is to exist. There have been a few sites that are being unblocked, mostly English web sites, such as the BBC. There will be a lot of English language content that will be blocked. Foreign journalists likely won’t be looking at local, Chinese sites.

After the Olympics, what will happen? My guess is that restrictions will be rolled back.

There are many ways people in China get around key word filtering or the DNS problem is by entering the numerical URL. The Web address www.BBC.cn was blocked but if they entered the numerical URL, it’d work. One method the Chinese use is to connect to proxy computers based outside the country. People have to keep looking for a new proxy and you don’t know if it’s being set up by an unreliable source.

We wanted to set up a reliable method to get around censorship. We wanted to create something not so much technical as social. With Psiphon, you set it up privately and you give it to trusted friends only. We bundle all the steps into one small application and give to someone in a censored country. It was released in December of 2006, and there’s been 150,000 downloads since it was released. It’s encrypted, so it looks like an electronic transaction.

We’re working on a web-based Psiphon. The service will operate thousands of nodes that are assigned to groups and organizations. We’ve been working with a number of human rights organizations in Tibet and Burma. It extends even further ease of use. This will be the next generation of Psiphon. In a censored country, a person could give connectivity to friends and family members.

We’ve produced a guide to by-pass Internet censorship for citizens worldwide. It’s been translated into a variety of languages.

We learned that the American government was running proxy services and broadcasting to Iranian service. The service was entirely plain text (not encrypted) and so the Iranian government had access to it. There were crude porn filters that were filtering themselves.

Professor Ronald J. Deibert is Director of the Citizen Lab, Munk Centre for International Studies at the University of Toronto, and is Co-Founder of the OpenNet Initiative.