GitHub blocked in China - how it happened, how to get around it, and where it will take us

What happened?

Update: On January 23, https://github.com was unblocked again.

On January 18, or possibly the day before (though our test data doesn’t cover this), the Great Firewall began to reset connections containing “*.github.com”. As a result, code sharing projects hosted on a subdomain of GitHub, such as aoxu.github.com, were blocked in China. The main GitHub website was mostly unaffected, for two reasons. Firstly, it’s hosted on github.com, without a subdomain. Secondly, it serves encrypted content only, thus preventing the Great Firewall from resetting connections based on keywords.

A day later, the block was extended through the inclusion of github.com, without subdomains, in the list of keywords causing connections to be reset. Chinese users could still access GitHub as long as they manually typed in https://github.com in their browser (notice the https). Strangely the www.github.com host was DNS poisoned, but not any other hosts. The www subdomain is not used by GitHub.

On January 21, DNS poisoning was extended to all github.com hosts including the root domain as well as all its subdomains. In effect, all of GitHub was blocked in China.

Interestingly, the blocking of GitHub has seemingly not been censored on social media. The keyword “github” has not been blocked on Sina Weibo, and we have not detected any deleted posts containing “github” on FreeWeibo.

For further information on how the blocking was introduced, including data references, see the Timeline at the end of this article.

Why oh why?

As always when online censorship in China changes, the first question asked is why. While we cannot be certain, it doesn’t stop us, or anyone else, from speculating.

Some have suggested that it may be because of the Mongol project, hosted on GitHub. Mongol is an open-source tool used to detect routers that block certain connections going out of China - in essence tracking where the Great Firewall is located. While such a tool may seem threatening from the point of view of the Chinese authorities, there are a few facts that make the blocking of Mongol seem unlikely: the tool was released a full month ago, the working principle of the software was released back in 2011 and the paper describing it is still not blocked.

Another theory is that the government jumped on the opportunity to block an all-encrypted file-sharing service which, though intended for code sharing, can also be used to share politically sensitive material. Other file sharing services have faced similar dilemmas in China, including Dropbox which was blocked in 2010. Was GitHub being used by activists to share information?

The train ticket theory

The most gripping tale though ties this story in with China’s annual mass migration during the new year holiday. Each year tens of millions of Chinese scramble to purchase a limited and insufficient number of train tickets so they can make the journey home to spend the holiday with their families. Train tickets in China can only be bought 18 days ahead of the planned journey. With tens of millions of people traveling home for the Spring Festival, getting hold of the right ticket is a real challenge. Failure can mean missing out on the often only once-a-year chance to meet up with the family.

With the increased use of the internet, however, a lot of ticket sales are done online via the government-run website 12306.cn. While waiting for the right ticket to go on sale, users will often reload a web page continuously. This is of course a problem easily solved by creative software developers. Several Chinese web browser providers rolled out add-ons that automatically reload the government website and book the ticket as soon as it's available.

A particularly interesting add-on was called 12306_ticket_helper (https://github.com/iccfish/12306_ticket_helper, now deleted). The software was using files embedded on GitHub. It’s sudden popularity caused such a traffic load that GitHub temporarily went offline, and an employee sent an abuse complaint to 12306.cn. GitHub didn't know that it was actually the browser add-on that embedded the file, and not the 12306.cn website itself.

On January 18, at the same time that the GitHub block was introduced, the Ministry of Railways was said to be asking Kingsoft, one of the other browser providers, to disable their ticket-buying add-on. On the same day, the Ministry of Industry ordered all browser providers to remove similar add-ons.

Is the GitHub block just a matter of the site being in the wrong place at the wrong time? It’s not inconceivable to think that when the Ministers of Railways and Industry say “dance” that everyone dances. After all of the accomplices who were involved in the ticket scandal made amends, it is likely that they looked further to see who else was involved and GitHub may have just found themselves caught in that net.

If this is true, then this episode does reveal something about the Chinese censorship mechanism. One of two things would have had to occur for GitHub to have been blocked. The person who has his finger on the censorship button had free reign to just censor what he thought needed to be censored (in relation to the ticket scandal) which would indicate that this civil servant does not have to jump through a lot of hoops when he thinks a site should be blocked. Another explanation is that the powers-that-be in the censorship bureau who gave the go-ahead to block GitHub are so incompetent that they could not comprehend the fallout related to closing down the site. They were either too lazy to investigate, too distracted to care or just plain oblivious to the role that GitHub plays for many developers across China.

Our tests indicate that the likely answer is a combination of the two theories above. At first the censors started resetting *.github.com but found that this was ineffective. So then they moved to a more comprehensive block when they understood that the first one was not working. Which would mean that the powers-that-be had no understanding of how GitHub works and the civil servant with his finger on the button can choose to push that button whenever he wants.

The HTTPS theory (true either way)

Because GitHub is HTTPS-only, the Great Firewall cannot block individual pages. Regardless of the specific project the authorities wanted to block access to, the only way they could do it was to block GitHub altogether. This could have severe implications for other websites as well. As more and more of the Internet is switching to encrypted connections, the ability for online censorship authorities to selectively block content decreases. If, or perhaps when, Google Search, Wikipedia and CNN switch to HTTPS-only, will the Chinese authorities decide to block them altogether as well?

What will the knock on effects be?

According to Alexa, GitHub is the 276th most popular website in China. Globally, GitHub is ranked 209th. Since its targeting a very specific audience (software developers), that’s not a bad ranking. Github themselves told Techinasia that China ranks fourth in terms of visits to the site.  The only foreign-hosted websites ranked higher than GitHub in China are Google, Bing (and Live.com, Microsoft.com, Msn.com), Amazon, Yahoo, Wikipedia, Apple, eBay and Adobe.

While GitHub is popular, there are many other code-sharing services offering alternatives. Google Code is not blocked, though the HTTPS version sometimes is, and if or when they switch to HTTPS-only they may well face the same dilemma as GitHub. Sourceforge is also not blocked, as well as many other smaller providers.

Software developers often have to work with whatever code sharing service their project is already using. Switching from one to another is somewhat complicated. Many Chinese developers, especially the ones that work with customers abroad, will now have to use circumvention tools to stay in business. With such tools being actively targeted, some of them may not be able to continue their work at all.

China has been successful in attracting a lot of foreign developer houses to the country due to lower costs and access to plenty of developer talent. Foreign investors in this area may now start to question if it is a wise decision to place so many human resources in a country that may prevent or limit access to key technical resources without warning. Companies who run Gmail for their enterprises have learned the hard way that their communications can be turned off on a whim. Most who experienced outages when China completely blocked Google last November have probably found enterprise alternatives to Gmail already. Companies will now likely consider more stable alternatives to China.

The most devastating impact could come in an attitude shift amongst young Chinese. China’s censors have effectively just pissed off a whole nation of developers. It is likely they knew how to get around the firewall anyway but when developers have to turn on VPNs or fiddle with proxies in order to do their jobs, they will get upset. Does China really want to create a generation of would-be hackers? Especially within her borders? Could this signal the birth of a Chinese Anonymous? Perhaps an end to online censorship in China is now closer than we think?

How to get around it?

If the Great Firewall has not fallen by the time you read this, then you can follow these instructions to circumvent the blocking of GitHub.

If you are using a VPN, all your traffic is rerouted through a foreign server and GitHub will work as usual. Unless the Great Firewall also blocks the IP address of GitHub, another simpler alternative is to manually edit the so-called hosts file, adding the following entry:

207.97.227.239 github.com

With such an entry in place, connections to https://github.com will work from inside the Great Firewall. The unencrypted http://github.com will not work, so remember to add the “https” manually.

The IP address of GitHub may change at any time, of course. A more stable solution is to use an encrypted DNS lookup service such as DNSCrypt which effectively bypasses DNS poisining. Ironically, the Mac version downloads links to GitHub, which of course is blocked. But the final download link is not blocked: http://download.dnscrypt.org/guis/opendns/osx/dnscrypt-osx-client-0.19.dmg.

If you are using an SSH tunnel or some other type of proxy, you can configure GitHub to make use of it with the following command:

git config --global http.proxy YOUR_PROXY

Timeline

DateEventReference(s)
Jan 18Connection reset of *.github.com including www.github.com (not DNS poisoned)https://en.greatfire.org/www.github.com
https://en.greatfire.org/aoxu.github.com
https://en.greatfire.org/jingyuan.github.com
https://en.greatfire.org/pages.github.com
Jan 19Connection reset of github.comhttps://en.greatfire.org/github.com
Jan 19DNS poisoning of www.github.comhttps://en.greatfire.org/www.github.com
https://en.greatfire.org/https/www.github.com
Jan 19the www.github.com keyword causes connection reset on Google Searchhttps://en.greatfire.org/www.google.com/search%3Fq%3Dwww.github.com
Jan 20Connection reset of *.github.com (still not DNS poisoned)https://en.greatfire.org/cwyalpha.github.com
https://en.greatfire.org/raw.github.com
Jan 21DNS poisoning of github.com root domain (as well as *.github.com)https://en.greatfire.org/github.com
https://en.greatfire.org/https/github.com
https://en.greatfire.org/fanzuoyong.github.com
https://en.greatfire.org/https/gist.github.com

 

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Nov 30, 2017

About those 674 apps that Apple censored in China

Apple opened the door on its censorship practices in China - but just a crack.

Tue, May 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (https://twitter.com/KwokMiles), the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.

via https://twitter.com/KwokMiles/status/863689935798374401

Mon, Dec 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

Thu, Nov 24, 2016

Facebook: Please, not like this

Facebook is considering launching a censorship tool that would enable the world’s biggest social network to “enter” the China market. Sadly, nobody will be surprised by anything that Mark Zuckerberg decides to do in order to enter the China market. With such low expectations, Facebook is poised to usurp Apple as China’s favorite foreign intelligence gathering partner. If the company launches in China using this strategy they will also successfully erase any bargaining power that other media organizations may hold with the Chinese authorities.

Tue, Jul 05, 2016

GreatFire.org 现在开始测试VPN在中国的速度和稳定性

在中国有一个普遍观念,如果你有一个可以使用的VPN,那么你应该保持沉默。就信息自由而言,这种观念的问题在于获取知识竟成了一种秘密。今天,我们推出一个项目,希望能够摧毁这种模型。

我们最新的网站,翻墙中心,目的在于实时提供那些能够在中国使用的翻墙方案的信息和数据。在2011年以来我们就已经开始收集在中国被屏蔽的网站,现在我们也将增加那些可用的VPN和其他翻墙工具。

我们发布翻墙中心主要有四个目的。

我们的首要目标是助长使用翻墙工具的国人的数量。通过分享我们这些工具的信息和数据,我们希望对更广泛的受众展示那些工具时可以使用的。

我们的第二个目标是通过带来工具性能的透明化来提升中国用户的翻墙体验。我们将会测试工具的速度(流行网站的加载速度)和稳定性(流行网站加载成功的程度)。

我们开发速度测试的目的是要真实反映用户的体验。当用户在网站测速时,浏览器在后台会从10个世界上最流行的网站上下载一些资源文件。根据Alexa排名,这些网站分别是Google, Facebook, YouTube, Baidu, Amazon, Yahoo, Wikipedia, QQ, Twitter and Microsoft Live。速度的结果是简单的计算下载文件文件的大小和下载所需的时间。我们同样也会验证下载的文件是否完整。如果文件的内容是错误的或者在40秒内无法完成下载,我们会标记为失败。这个数据被我们用来生成另一个重要指标-稳定性。

其他的速度测试工具仅仅是通过发送数据到它们自己的服务器来测量上传和下载的速度。这种数据无法反应用户的体验,因为正常的浏览器通常会频繁的发送一系列的请求(而不是上传或下载一个大文件)到许多的服务器,而不止是一个。

我们的第二个指标 - 稳定性 - 是其他的服务通常不会测试的。一个健康的互联网连接应该达到100%的稳定性,除非有人在测试中把网线拔了。但是在中国使用翻墙工具却不是这样。任何时候连接都有可能变得不稳定或十分缓慢。根据请求的大小,最终的地点和代理的方式,一些请求有可能会失败。比较服务的稳定性要比比较速度更加重要。

你可以测试任意的翻墙工具,列表之外的也可以。中国的VPN用户也可以测试他们的工具,测试结果也会添加到数据库中。这些数据都将会对所有人开放。实时的在中国测试是非常重要的,因为VPN随时都可能被封锁或解封。我们欢迎任何的关于测试过程的反馈。有技术能力的用户也可以通过审查我们的javascript代码来获悉我们的测试是如何工作的。

我们郑重的邀请翻墙工具的开发者们向我们提供测试过程的反馈。我们的第三个目标是帮助这些开发人员改进他们的产品,让更多的选择适用于中国的顾客。此外,越多的工具可以工作,就意味着中国当局对翻墙的打击就会越难。

中国的用户都知道,在过去的18个月中当局加紧了对翻墙工具的攻击。而翻墙中心将会吹响反击的号角。反其道而行之,让这不再成为秘密。我们要鼓励人们分享翻墙工具可以工作的信息。

我们的第四个目标就是要为GreatFire.org创造收益。目前GreatFire仍然依靠世界各地的热心人士和组织的捐款。我们希望减少对这些机构的依赖,并探寻GreatFire.org自给自足的道路。用户只需到翻墙中心就能购买任意一款我们目前在测试的付费工具。GreatFire将作为这些工具在中国的经销商,因此VPN供应商会给予我们每个零售的一部分。用户也不必在中国购买这些翻墙服务。

Subscribe to our blog using RSS.

Comments

But from 1977 Albert Uderzo took over as mcdougal of the comic after the death of co-creator Goscinny.

The ferry will land you on the little capital of
scotland- Lixouri. It takes the route of the old Perfume Line
since it was known which has been used prior to the second world
war to transport perfume down from Grasse to Cannes and after
that on for the rest of the world.

Feel free to visit my page: شركة تنظيف فلل في الرياض

The volume of damage they are able to do to a home inside a matter of months is
quite surprising. You will definitely encounter the process of having to post the right business specifically if the tariff with the services provided
by the agencies varies for some 100's of dollars.

The effectiveness of Fipronil being a termiticide is beyond doubt.

Look into my weblog; شركة مكافحة النمل الابيض بالرياض

Household robots, also commonly referred to as domestic robots, can mow your lawn, clean a pool,
clean your gutter, sweep and mop the floor, and even keep watch
over your dog. In addition to becoming an eyesore,
algae clog filters, pump inlets, and also other equipment.
Municipalities are using smoke testing widely from your beginning with the sixties to detect sewer mains, pumping plants and causes of unwanted
rainwater consequently from a broken manhole.

my weblog: شركة نظافة مسابح بالرياض

Aquarium keeping is a sensitive hobby with no mistake is admissible as it can certainly cost life of some beautiful, living creature.
In general, every five years is really a good
guideline, along with just assume you're inside clear should your last septic tank cleaning was more recent.

When offshore tank cleaning specialist companies still find it
necessary for anyone to enter a tank to clean it there can be a proper safety procedure that should always be observed.

Stop by my web blog - شركة نظافة خزانات بالرياض

Such firms that can help, include bug elimination agencies, garden centers and The Home Depot.
To simplify it further, for those who have great relationships-especially probably the
most important one, which can be with yourself-the rest will follow.
Ants may be extremely difficult to get eliminate because the colony may
be quite large - large, hungry and always about the lookout for more food.

Also visit my weblog رش المبيدات بالرياض

Thus for leather cleaning and upholstery cleaning, particularly if it comes
to getting rid of stains, the aforementioned
methods might help. Also, you'll be able to even hire a full time person in the
commercial cleaning services, to take proper care of these
jobs for you. The cleaning of the carpets and rugs is
usually recommended from time to time to stop
any uninvited injury to the precious material used in weaving these.

Look at my web site ... شركة نظافة بالرياض

Greetings I am so happy I found your weblog,
I really found you by error, while I was looking on Google for something else, Regardless
I am here now and would just like to say cheers for a remarkable post and a all
round thrilling blog (I also love the theme/design), I don't have time to
look over it all at the minute but I have bookmarked it and also included your RSS feeds,
so when I have time I will be back to read much more, Please do keep up the awesome
work.

It might take a few treatments to eliminate them, but compared to the amount of damage they could do, this may save
you a lot of money and heartache. Tiny, blood
spots on the mattresses and also dark spots around the
frame or within the cracks and crevices are likely
indicators associated with an infestation. In fact, some don't even know that of a termite looks like.

Check out my webpage; شركة مكافحة الحشرات بالدمام

They search for the breeding grounds of these pests and do their job thoroughly.
Favour floricultural friend over foe by taking control of your
situation with bug elimination. In fact, some don't even know what
a termite looks like.

Here is my website شركة رش مبيدات بالعينة

You got that at Windsor Hills Resort or Windsor Palms Resort.

This port was within the capital of Roman's
province Iria Flavia. Afterwards, head approximately see the 15th century Malaspina Castle which sits over a hill overlooking the
city.

Here is my web blog :: افضل شركة تنظيف فلل بالدمام

robots, can mow your lawn, clean a pool,
clean your gutter, sweep and mop the floor, and even keep watch
over your dog. In addition to becoming an eyesore,
algae clog filters, pump inlets, and also other equipment.
Municipalities are using smoke testing widely from your beginning with the sixties to detect sewer mains, pumping plants and causes of unwanted
rainwater consequently from a broken
شركة تنظيف بمكة

شركة تنظيف وعزل خزانات بالمدينة المنورة

شركة تنظيف فلل بمكة

شركة تنظيف مجالس بالبخار بمكة

شركة تنظيف بالمدينة المنورة

شركة تنظيف بالرياض

I don't even know the way I stopped up here, but I thought this submit was great.
I don't recognize who you're however definitely you're going to a famous blogger in case you are not
already. Cheers!

Also visit my web-site :: albyaan.com

Plumbing at Plungeit.
Focolare Carpentry Training Centre was founded in 1968 being a school which transforms school youth into really professional carpenters.

Feel free to visit my webpage
شركة تنظيف شقق بالرياض

Unless you might be a plumber you'll never really know just
what it is. In the Joliet and Orchard Park Illinois area for
Orchard Park plumbing visit Courtesy Plumbing at Plungeit.
Focolare Carpentry Training Centre was founded in 1968 being a school which transforms school youth into really professional carpenters.
Feel free to visit my webpageشركة تنظيف بالدمام

If you have the tendency to horde things, you will have to learn let go.
There is no limit on what you earn - Once you have made a good base
of clients, you will see that you can earn as much as you want.

Regardless of whether you have a 3 bedroom apartment home or a
studio, your place will get dirty.

My page شركة البيت الراقي

Apply it to a soft cloth and use it to wipe down woodwork and furniture.
This lets them know how they have done and it helps them
to improve their cleaning. You don't want to be inhaling dust or preparing
food on dirty, contaminated surfaces.

Here is my web blog ... شركة تنظيف واجهات حجر بالدمام

These same apartment cleaning services Los Angeles use 100% biodegradable and green products.
It is an extremely versatile product that is inexpensive and helps cut
back on the use of expensive chemicals. Equipment should
also be serviced on a weekly basis to make them more efficient.

Also visit my weblog: شركة رش مبيدات بالرياض (Alejandro)

Another must-have piece of equipment is a
cell phone to enable easy response to your customers. It is an extremely versatile product
that is inexpensive and helps cut back on the use of expensive chemicals.
Of course, you don't want to be doing something every minute of
the day, so take some time to relax too.

my blog ... شركة ركن المجد

Actually, the problems that can be caused by traditional chemical
products can be enormous. Finally, I think parents and grandparents need to make it clear to students that keeping
the apartment clean is a personal health issue.
Is there anything special that the cleaning service needs to know about.

my web site افضل شركة مكافحة البق بجدة (Arletha)

Other video editor apps this Viva video clip vivavideodownload Switch. You could see the Viva Video app.

Formula for iOS as well as Android through Tubidy for Android Several web sites take advantage of Tubidys songs engine.

They are streaming doubtful web content, though the regards to usage state lively musically install the Live.ly application for Live Video Streaming from the iTunes application shop.

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.