Who is protecting the VPNs?

In recent days news has spread that China is cracking down on VPN use (Guardian, Global Voices). Chinese internet users, particularly those in universities, are finding it increasingly difficult to make use of VPNs to circumvent online censorship and access blocked websites. This seems to be a continuation of the increased censorship witnessed this year, including temporary blocks of GMail and LinkedIn.

While important, this development leaves an obvious question unanswered: Why do the authorities not block access to the main websites of the major VPN providers? Each serious provider offers access to a number of servers around the world and blocking actual usage of these is somewhat complicated. The main websites, however, could be blocked in an instant. After all, the Great Firewall has no problem constantly blocking other websites such as Youtube and Facebook.

There are three apparent possibilites. The first is incompetence. The authorities might simply not be aware of the VPN providers that are not blocked. This seems unlikely for two reasons. First, all it takes is a Google search of, say, "VPN China". Blocking the top 10 results would go a long way to making VPN access in China more difficult. Second, some providers, such as StrongVPN, are in fact temporarily blocked from time to time.

The second possibility is that blocking VPN use is not a priority. Paid VPNs may mostly be used by foreigners, and the censorship is more consistent when it comes to free solutions such as Tor and Witopia.

The third possibility is that some faction inside the regime is vetoing ideas of blocking VPN use altogether. This may be the most likely reason that major VPN provider websites remain unblocked, given how easy it would be to block them.

What do you think? We welcome your opinions.


More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Tue, Jul 05, 2016

GreatFire.org now testing VPN speed and stability in China

There is a commonly held belief in China that if you have a VPN that works then you should keep quiet about it. In terms of freedom of access to information, the problem with this approach is that access to knowledge suddenly is a secret. Today we are launching a project that we hope will destroy that model.

Our newest website, Circumvention Central (CC), aims to provide real-time information and data about circumvention solutions that work in China. Since 2011, we have been collecting data about blocked websites in China and now we will add data about the effectiveness of VPNs and other circumvention tools.

We are launching CC with four main objectives in mind.

Our first objective is to help to grow the number of Chinese who circumvent censorship restrictions in China. By sharing our information and data about these tools, we hope to show a wider audience which circumvention tools are working.

Our second objective is to improve the circumvention experience for users in China by bringing transparency to tool performance. We will measure these tools on speed (how quickly popular websites are loaded) and on stability (the extent to which popular websites load successfully).

Sat, May 07, 2016

The New York Times vs. The Chinese Authorities

Could the New York Times be setting the best path forward for news organizations in China?

Thu, Feb 18, 2016

From the desk of Lu Wei: Apple, encryption and China

Lu Wei, Director of the Cyberspace Administration of China, offers some friendly help to FBI Director James Comey.

Thu, Sep 24, 2015

Apple blocked CNNIC CA months after MITM attacks

In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center (CNNIC). CNNIC was controlled by the Chinese government through the Ministry of Industry and Information Technology and is now under the management of the Cyberspace Administration of China (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.

After Google found these unauthorized certificates, both Google and Firefox revoked its trust in CNNIC a few days later, a development we at GreatFire.org have adovacting for since 2013. Apple and Microsoft on the other hand, did not revoke their trust in CNNIC, nor did they make any announcements regarding the security compromise.

Wed, Sep 23, 2015

Malicious Xcode could spread via download manager Xunlei

What’s at stake?

We reported last week that popular Chinese iOS apps were compromised in an unprecedented malware attack. We discovered that the source of the infection was compromised copies of Xcode hosted on Baidu Pan. Apple has published an article urging developers to download Xcode directly from the Mac App Store, or from the Apple Developer website and validate signatures. We’ve now discovered that even if a developer uses a download link seemingly from Apple, he might still be possible to obtain a compromised copy of Xcode.

Please note that we do not have evidence that such attacks has happened. But it is an easy attack that anyone can implement.

How does it work?

This compromise happened because of Xunlei. Xunlei is the most popular download manager in China. Much of its popularity is due to the fact they can accelerate download speeds by pulling resources from other Xunlei users as well as cached copies on the Xunlei server. All of this, however, is invisible to users. Users can simply enter a regular http download address into Xunlei  download manager and the download will start. Chinese developers were using direct download addresses such as http://adcdownload.apple.com/Developer_Tools/Xcode_7/Xcode_7.dmg to download Xcode.

Subscribe to our blog using RSS.


Here are some reasons:
*All sites that would mention them as a way to get out of the firewall are blocked. So are most of the Google searches.
*They are trying to gain support from the West, and it is not a problem.
*People might be lazy to download it, instead use an online proxy so it is not a threat.
*They may have made a deal with VPN companies to ban all websites that China blocks.
I am baffled too.

They are blocked, they probably read this.

Been using VPNinja for a while now, it's pretty solid and for a decent price. Friends using strongVPN are forever complaining that it's blocked, but I never encounter problems like that

Another possibility is that the major VPNs have been penetrated by Chinese Intelligence who now have access to subscriber names and credit card details, thus linking subscriber details to all their traffic, sniffed and decrypted via Huawei routers installed in the major local Chinese Servers before arriving at the foreign VPN servers. A glorious harvest indeed, email passwords, skype messages, bank account information, postings, commercial secrets, personal profiels all matched to a name, credit card and finally a residence permit number.. Paranoia bites!

I am using Astrill paid VPN. As of last night Open VPN was completely blocked on all servers. I contacted their support and they said that China is cracking down during the leadership convention, and that it will be removed after.

I would bet there is an arrangement between Astrill and the government, since they can give this kind of answer. Furthermore my friends have reported that many of the other VPN solutions have also stopped working. Could it be the ones that refused?

I have also observed that my Vonage VOIP phone has been blocked since last night, and skype calls are severely bandwidth limited. Wonder when it will lighten up.

inspired a lot from this post am following this blog regularly and found very good for bookmarking thanks admin
happy new year 2015 sms
indian festivals 2015
public holidays 2015
new year 2015 quotes
happy new year 2015
new year 2015 quotes
new year 2015 greeting cards

this post is awesome, great msg for us, plz update ur blog for daily basis, i am regular visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website
click here for msg movie

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.