This sucks for travelers and ex-pats, but for China's future this is a very, very, very big deal.<p>I lived in Shanghai last year, and Chinese Internet surveillance is unreal. I could use gmail chat to talk about tiananman square, but as soon as I did all of my Google apps would suddenly be unavailable. I can only assume that when i used certain keywords my every chat was being monitored. A VPN was the only way I could access YouTube, Twitter, Facebook, and even some Google searches.<p>But reality is 90% of the young population of Shanghai didn't really care what the "great firewall" did, because EVERYONE used a VPN. I saw more people watching YouTube in China than I do in the states, even though Chinese versions of these platforms exist. Some platforms, like RenRen (Facebook-like but more similar to Russia's VKontakte) were popular, but most just used the US-built versions. Now most of them won't be able to.<p>This absolutely terrifies me. I was literally minutes away from being on a bullet train from Shanghai to Beijing that killed "x" people. Chinese authorities cite incredibly low numbers for a train traveling at 300 km/h. Most non-state observers cited hundreds of deaths. China slowly grew its number from 20-40.<p>It's illegal for foreigners to talk about the "Three Ts" with Chinese nationals - Tibet, Taiwan, and Tiananman Square. But previously the youth learned through their VPNs letting them access the outside world. With that shut down, the government might as well be burning books.
I used to run a relatively successful internet-oriented startup in mainland China. Having spent most of a decade there since 2001, in fact the majority of my adult life, I considered it home. Unfortunately, the government - who initially woeed me to return to China with a reasonably lucrative scholarship - keeps making shitty decisions that just make it less and less attractive to live in. Increasing levels of internet censorship is one of them, making visas ridiculously hard to acquire (the Chinese consulate in a neighbouring country actually just flat out refused to even discuss issuing a tourist visa, earlier this year) is another.<p>I really hope the next generation of the communist party sort their shit out. Otherwise, China's basically going to continue breeding vast generations of uneducated, inward looking nationalists and stifling anything remotely like innovation that somehow manages to occur between the cracks. Foreign business professionals and overseas Chinese will continue to view time in China as a non-negotiable sentence of rice wine banquets, pollution, a complete vacuum in the upper-eschelons of conversationalism, a constant redoubling of cigarette smoke, spit, and bad Chinglish.
Before travel to China, create a throwaway email account on a service, possibly Yahoo. Don't touch your real email accounts while you're there, if possible. The only time I've ever had an email account hacked is following use in China.
This is nothing new. They have added more IPs to the VPN blocklist. I have no idea why this is news. This happens several times per year. This cat and mouse game has been going on for years.<p>Every time this happens it is just a pain in the ass to find a new VPN that isn't blocked.<p>If you are technical, it is best to just setup your own VPN on linode or amazon. That way you have less problems with blocked IPs.
Time to create Bitcoin-enabled p2p VPN market?<p>I have thought about the idea for some time. The marketplace operator could take something like 30% cut. Any private invidual could sell their internet connection to the chinese and earn some bitcoins in the process.<p>There could be some rules which could stop the chinese goverment from knowing which IP's operate in the market. For example, someone could buy certain VPN/IP address recurringly, and others couldn't purchase that specific IP - that way the goverment would have no way to know how that specific connection is used.<p>And of course, bitcoin isn't very easy or well established payment method - bring in the resellers/market makers from china. These could (with some easy to use software/API) resell these VPN's to the chinese inviduals.
I'm wondering how this effects corporate outsourcing. The company I work has a Chinese development and as center. This has to be behind the corporate firewall so I'm thinking we will just close that down and move to a country that wants to be part of the future.
VPN and SSH[1] have been means of evasion. But there have been anecdotal evidence of "unstable" VPN[2] and SSH connections before.<p>[1] <a href="http://en.wikipedia.org/wiki/Great_Firewall_of_China" rel="nofollow">http://en.wikipedia.org/wiki/Great_Firewall_of_China</a>
[2] <a href="http://www.guardian.co.uk/technology/2011/may/13/china-cracks-down-on-vpn-use" rel="nofollow">http://www.guardian.co.uk/technology/2011/may/13/china-crack...</a>
I'm in Shanghai where I've lived off and on for 8 years. I've been using an ec2 image with Poptop installed. The problem is the IP addresses of the major vpns become known and blocked.<p>Any suggestions of software that would deploy images to various cloud services on behalf of users? I don't think China would be able to block all of ec2 and Rackspace, though they do sometimes seem to throttle ec2.
The thing about the great firewall... It only affects expats or visitors to China.<p>Any Chinese person who wants to read the NYTimes can get access to it. Anyone who wants to read about the "Three T's" can find away (good luck finding anyone). Chinese people who want to spend all day on the Facebook or the Twitter, will.<p>But the rest of the Chinese internet, the 99% of them, being disconnected from the rest of the world's internet, doesn't matter that much. They have neither the desire nor the interest to look at blocked pages. They're happy with the Chinese-language internet they have.<p>Personally, I'm starting to believe the Great Firewall is mostly there to annoy expats like me.
Our startup uses a pair of Sonicwall TZ215s to establish a site-to-site tunnel between our China branch office and our U.S. HQ.<p>It has been quite difficult to get the tunnel stable enough to survive for more than a few hours. We had to use lower security settings and more uncommon modes to fix our constant disconnections. SSL-VPN has always worked well, but that is only an option for our remote workers; site-to-site does not offer that option. Dell support engineers have generally been clueless on the matter.
Does anyone know of any work related to automatically making arbitrary "look" like, say, an HTTP session? I'm thinking of something that would automatically encode a VPN session as a valid, renderable HTML document (and not via the trivial way of just gzipping it and making it look like an HTTP compressed document, as I'm sure that would still be easy to block.) It seems like this should be possible, albeit with tons of performance decrease, but I can't find anything.
How is Cisco IPSec affected by this blockage? Any business or foreign mission conducting transactions in China should be very wary if they start targeting IPSec in any way.