This is the reason I no longer work from Shanghai. Attempting to do anything in the tech spave while constantly playing cat and mouse got to be such a productivity killer that it was becoming impossible to work. You'd rarely know if failures were because of some Firewall nonsense or something else.<p>It's a tragedy really. I am one guy, but I've since hired several developers and my little company is gaining traction -- we would have been happy to expand our footprint into China in terms of hiring a Shanghai Dev team; yet with the variable and unknown stability of our connections, it was too big of a risk, considering we can operate in Europe and the U.S. with minimal interference.
Now is another good time to remind people of projects like Streisand[0], who make setting up censorship avoiding tools simpler that they otherwise would be.<p>Streisand in particular provides various tools for masking VPN traffic as HTTPS (Stunnel/SSLH et al) that may prove useful during crackdowns like this. As well as setting up things like a tor bridge.<p>One note, there is currently an issue with the Digital Ocean provisioning, which prevents it from completing initial setup, but I have easily and successfully setup instance on Rackspace and AWS recently.<p>[0]: <a href="https://github.com/jlund/streisand" rel="nofollow">https://github.com/jlund/streisand</a>
The whole Chinese way of doing things makes me think that most people live in enormous Skinner boxes. It makes me reflect on my own media consumption. What messages am I receiving? How are processing those messages affecting my view of the world? What experiences or opportunities am I missing out on because of the messages I am receiving and processing and how they are affecting my internal model of the world?<p>Look at people who get addicted to MMOs like World of Warcraft for example. They voluntarily limit themselves to the messages they receive from the game and this influences their behavior significantly.<p>The proof that control of these messages and what message are received by people is an extremely valuable commodity is that advertising is a multi-trillion dollar industry.<p>Even if everything was perfectly truthful, there is only a small amount of time for people to digest and absorb the world with their limited perception. Thus, the control of which limited set of messages that people receive is also a huge source of power and why a commercial in the super bowl is worth more than a random banner ad on some no-name website.<p>Reddit, Twitter and most social media are attempts to optimize this messaging problem.
I'm living in Shanghai. Still connected fine over a IPSec tunnel. I run my own VPN server on Rackspace/AWS (only 2 public IPs), the connection is and has been relatively stable (about a year). 12MBit/s from Shanghai to the IPSec server in Hong Kong, 38ms consistent ping (100MBit/s connection). Using a Cisco SMB router, so the connection is pure IPSec and standard ports.
What stops meaningful visits from visitors within China to sites hosted outside of China today is, thanks to the prevalence of CDNs, the CDN.<p>Need a font? Google fonts? Blocked.<p>Need a picture? Instagram? Blocked.<p>Need a video? Youtube? Blocked.<p>Need a CSS sheet? Use a CDN? Blocked or really slow.<p>Visiting a text-based website hosted outside of China [from within China] is usually pretty good. No VPN necessary.<p>CDNs are a Firewall quick-kill, a lazy-kill. If you host a site outside China, that you'd like to be visible within China, self-host anything you'd otherwise think about off-loading to a CDN. That makes the need for a VPN for your audience redundant.
This blocking shit is so annoying. The Chinese shoot themself in the right knee, then in the left knee and say, look, we have the biggest balls! Yes, you may have the biggest balls, but you can't walk anymore dumbo!<p>I experienced that feeding someone his own poison is often the best medicine. Providers world wide should block email access to all China based email for a month or two. Would be a picture for the gods having the Chinese executives and CEOs abroad cut off from their email and crying "foul!" "foul!".<p>This being said, the Chinese are pretty good in what they are doing. What will it buy them in the long run? Even big Chinese companies in China use VPN to access the internet. The final result will be that China won't have internet but something like an intranet. Good luck with that!
How would (will?) China react if Musk gets his low-earth orbit satilites providing Internet globally? I assume China could block the domestic sale of the receivers. But in the long run, a globally accessible Internet would raise interesting issues, and perhaps be seen as an act of aggression by regimes in North Korea, China, etc.
Meanwhile China's new upgraded Great Firewall is DDoSing many websites in the west because of the randomness of their DNS Cache Poisoning. For example see our post about it on <a href="http://dvps.me/ddos-attack-by-torrent" rel="nofollow">http://dvps.me/ddos-attack-by-torrent</a> and many more posts like <a href="http://www.webhostingtalk.com/showthread.php?p=9351951" rel="nofollow">http://www.webhostingtalk.com/showthread.php?p=9351951</a>, <a href="http://furbo.org/2015/01/22/fear-china/" rel="nofollow">http://furbo.org/2015/01/22/fear-china/</a>, <a href="http://serverfault.com/questions/656093" rel="nofollow">http://serverfault.com/questions/656093</a>, <a href="http://serverfault.com/questions/658433" rel="nofollow">http://serverfault.com/questions/658433</a>, <a href="http://www.jwz.org/blog/2015/01/chinese-bittorrent-the-gift-that-keeps-on-giving/" rel="nofollow">http://www.jwz.org/blog/2015/01/chinese-bittorrent-the-gift-...</a>, <a href="https://isc.sans.edu/forums/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175/" rel="nofollow">https://isc.sans.edu/forums/diary/Are+You+Piratebay+thepirat...</a> and more.
My company hires freelancers for China-related research. Contributors from Mainland China would be ideal. But my reliance on services like Google Drive means that I typically end up with people from HK, Taiwan, Singapore and Malaysia. It's simply much more convenient.
This has been going on for some time now, I'm surprised it is being reported again now.<p>Rule of thumb.. if someone can work out what you are doing by launching Wireshark, so can a nation-scale IPS system a la Great Wall
At Tinfoil Security we wrote a service for generating disposable VPNs on the fly. It's open source, and I personally made use of it while in China a few weeks ago.<p><a href="https://www.tinfoilsecurity.com/vpn/new" rel="nofollow">https://www.tinfoilsecurity.com/vpn/new</a>
My old company has its dev team in Shanghai, we used multiple VPNs: openvpn and a Cisco vpn; we setted them on company's router.Normally it's ok except some special days like every year's session.
Fucked up! Baidu should never be used to search English pages. Even you search English glossary, it will return some unrelated low quality Chinese webs. And in many professional sections, you can only find stupid shallow scraped content in Chinese even with google. When you have to search in English, Bing is the most convenient one left. The problem is I have to speak to myself loudly each time I search in Bing: "is Bing retarded!?" Maybe Bing is trying it's best to be difference from G. Then when G gets most of right results, Bing sucks so hard by bringing tons of heavily SEOed craps.<p>I use gmail, adsense, google calendar daily, and expecting to use facebook, twitter and other SM daily. I use 3 to 4 methods to get through GFW, none of them can guarantee a stable access. The fuckest thing is I waste 1/3 of my working time only because of the blocking. (Really, when you can’t get through or the speed is too slow, you just don’t know where you’ve surfed to and what you’ve being read for hours).
I am currently a Business VPN user of PureVPN and its working perfectly fine. My employees can access the Google/Gmail and rest of the website easily.I did face the speed issue but their support team has provided me with the "Stealth" protocols after that the speed gets normal.<p>source: <a href="http://www.purevpn.com/blog/china-great-firewall-update-has-no-effect-on-purevpn/" rel="nofollow">http://www.purevpn.com/blog/china-great-firewall-update-has-...</a>
Many VPN services now provide obfuscated access. Some use haggismn's XOR patch for OpenVPN. Others provide access via SSH, Stunnel (SSL) and/or obfsproxy (obfs3). I presume that any approach developed for Tor could be used with VPN. Using meek, traffic is obfuscated and routed through arbitrary third-party sites.
Here's a question: If some VPNs are blocked and others aren't maybe they are just blocking stuff that they can't control?<p>In other words: The services that are good enough to prevent eavesdropping are blocked, while the other services are "clear text" to the attacking party. Is that a possibility?
God is the internet annoying there. They randomly drop packets just to disrupt VPN connections. One method may work today but not tomorrow. I've had luck with alternating between obfsproxy and ssh and l2tp.<p>The truth is that no one cares. Everyone more or less knows, but it's a pain in the ass to bypass.
How do foreigners doing business in China deal with this? Presumably there are a lot of large companies doing very important work and very important deals in China and being able to connect to the company network while they are in China over VPN is necessary?
What about i2p,Tor?<p>Communism, dictators, some kings, like extreme religions wants to control the flow of information so the minds of the population doesn't catch dangerous memes like freedom movements.