Look Ma! I can see through the great firewall!

Today we have decided to take the battle against online censorship in China to a new level.

On Friday, November 15, we broke the news that the websites for Reuters Chinese and Chinese Wall Street Journal were both blocked in China. Tests on our servers confirmed those blocks. 

It appears that the block is related to the New York Times story published on November 14 concerning the relationship between JPMorgan Chase and Lily Chang (also known as Wen Ruchun), the daughter of former Chinese prime minister Wen Jiabao.

Reuters Chinese published news about the story on November 14, which is probably the reason the site was blocked.

In response to this block, we have just launched a mirror site for Reuters China, which is accessible here:

https://s3.amazonaws.com/cn.reuters/index.html

This website is accessible from within China without the use of any circumvention tools. 

PLEASE NOTE: We have created this mirror website without seeking the approval of Reuters ahead of time. This mirror website was created without Reuters’ knowledge. If Reuters ask us to remove this website, we will do so immediately.

We have already used this method or mirroring for our own blocked website, FreeWeibo.com:

https://s3.amazonaws.com/freeweibo/index.html

FreeWeibo shows weibo content that has been blocked by Sina and the Chinese government. Our official domain has long been blocked in China. Despite the block, we still have more than 15,000 visitors each day, a majority of which are using Internet circumvention software to get around the great firewall (GFW) of China.

We want to provide internet users in China with unrestricted information access. Internet circumvention software is for the most part stable in China but one needs to have some technical savvy for configuration.

With our new mirror sites, the GFW cannot block FreeWeibo.com any longer without causing significant collateral damage which would also cause significant economic fallout in China.

Our mirror sites are unique because rather than using our own domains, we use a subpath of Amazon and Google’s domains which support HTTPS access. This means that GFW cannot block our mirror websites without blocking the domain of Amazon or Google entirely, namely “s3.amazonaws.com” and “commondatastorage.googleapis.com”.

GFW might indeed go ahead and block these domains but it would risk considerable negative backlash and may cause problems economically for organizations within China that rely on these services. In January 2013, China blocked Github supposedly for having sensitive content. But the block created a fierce outcry in the Chinese developer community. Subsequently, the authorities backed down and stopped blocking the domain.

Our mirror site is not perfect! There are a few minor bugs in what we have created. However, we wanted to quickly put this together so that we could fire a shot across the bow of the Chinese censorship mothership.

The reason why we chose to mirror the Reuters Chinese web site was to show the authorities and Chinese internet users that there are holes in the great firewall. To plug this hole, the Chinese authorities have two options. They can block the Amazon and Google domains, thereby bringing down thousands of websites in China that rely on these web services. This will bring the issue of online censorship to a very large group of people in China. The other option is to force Amazon or Google to remove our sites willingly.  We have previously reported that Apple willingly remove OpenDoor, an Internet circumvention tool, from the China App store and this week there were reports about self-censorship at Bloomberg.  We hope Amazon or Google will not practice the same kind of self-censorship.

There is a third option. Mr. Xi Jinping, we hope you are listening. Just let this episode slide. Pretend it did not happen. Do nothing to stop this. Or, better yet, lift the block on these two websites and the hundreds of others. Do it in one swift movement. You will catch everybody off guard. And you will create your own lasting legacy as a true reformer.

We have participated in OpenITP’s report “Collateral Freedom: A Snapshot of Chinese Users Circumventing Censorship” and we fully agree with their conclusion:

The essence of the Internet freedom debate in China is segmentation, not blocking. When crucial business activity is inseparable from Internet freedom, the prospects for Internet freedom improve.

...

But, we would argue, a healthier response might move in the opposite direction, toward even greater integration between Internet freedom and business. Rather than working with particular online platforms, which may be individually vulnerable to censorship, the best long term answer might be to move anti-censorship deeper into the network infrastructure, incorporating it within the systems that large network operators use to exchange their traffic. Ideally, we might aim for a situation in which secure web access generally (rather than access to any particular platform) is inseparable from Internet freedom.

 

 

 

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Mon, Jan 26, 2015

An Open Letter to Lu Wei and the Cyberspace Administration of China

January 26, 2015

Beijing, China

 

Mr. Lu Wei

Director of the Cyberspace Administration of the People’s Republic of China 中央网络安全和信息化领导小组办公室主任

Director of the State Internet Information Office 国家互联网信息办公室主任

Deputy Director of the Central Propaganda Department of the Chinese Communist Party 中共中央宣传部副部长

Cyberspace Administration of China,

Floor 1, Building 1,

Software Park, Chinese Academy of Sciences,

4 South 4th Street, Zhongguancun,

Beijing, China, 100190

 

Dear Mr. Lu,

On January 22, 2015, the Cyberspace Administration of China (CAC), which is under your direct control, wrote a response to a story we published about an MITM attack on Microsoft. In the post, your colleague, Jiang Jun, labelled our accusations as "groundless" and  "unsupported speculation, a pure slanderous act by overseas anti-China forces".

We at GreatFire.org take great offense to these comments and we will refute them in this letter.

Mon, Jan 19, 2015

Outlook grim - Chinese authorities attack Microsoft

On January 17, we received reports that Microsoft’s email system, Outlook (which was merged with Hotmail in 2013), was subjected to a man-in-the-middle (MITM) attack in China.

The following screenshot shows what happens when a Chinese user accesses Outlook via an email client (in this case, Ice-dove):

We have tested Outlook to verify the attack and have produced the same results. IMAP and SMTP for Outlook were under a MITM attack. Do note however that the web interfaces (https://outlook.com and https://login.live.com/ ) were not affected. The attack lasted for about a day and has now ceased.

This form of attack is especially devious because the warning messages users receive from their email clients are much less noticeable than the warning messages delivered to modern browsers (see screenshot at the end of this post for comparison).

(Sample error message from default iPhone mail client)

Fri, Jan 09, 2015

GFW upgrade fail - visitors to blocked sites redirected to porn

In the past, the Chinese authorities’ DNS poisoning system would direct Chinese internet users who were trying to access Facebook, Twitter and other blocked websites (without the use of a circumvention tool) to a set of fake IP addresses that are blocked in China or are non-existent. After waiting for some time, Chinese internet users would receive a timeout message if they were trying to access a blocked site.

However, with the new DNS poisoning system, in addition to those IP addresses used before, the Chinese authorities are using real IP addresses that actually host websites and are accessible in China. For example, https://support.dnspod.cn/Tools/tools/ shows that if a user tries to access Facebook from China, they might instead land on a random web page, e.g. http://178.62.75.99

Below is a screenshot by a Chinese user when he was trying to access our GreatFire.org website which was blocked in China. He was redirected to a goverment site in Korea. In essense, GFW is sending Chinese users to DDOS the Korea government's website.

One Chinese Internet user reported to us that when he tried to access Facebook in China, he was sent to a Russian website, unrelated to Facebook. Another user tweeted that he was redirected to an German adult site when he tried to access a website for a VPN.

某墙你这什么意思,DNS 污染返回给我一个德国工口站的 IP,满屏很黄很暴力弹弹弹(

— nil (@xierch) January 4, 2015

Wed, Dec 31, 2014

CNNIC leadership change coincides with blocking of Gmail

On December 26, 2014, in an announcement posted on their website, a new chairperson for CNNIC was directly appointed by the Cyberspace Administration of China. The announcement of this appointment coincided with the complete blocking of Gmail.

Cyberspace Administration of China (中央网信办) is chaired by Lu Wei, “China’s web doorkeeper”. Lu Wei is also the vice chair of the Central Propaganda Department, according to his official resume.

chair.png

This office is directly responsible for the blocking of Gmail and other websites including Facebook, Twitter and Google.

CNNIC is China’s certification authority and operates the country’s domain name registry. 

What are certificates used for?

Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. 

What is a certification authority (CA)?  

Tue, Dec 30, 2014

Gmail completely blocked in China

All Google products in China have been severely disrupted since June of this year and Chinese users have not been able to access Gmail via its web interface since the summer. However, email protocols such as IMAP, SMTP and POP3 had been accessible but are not anymore. These protocols are used in the default email app on iPhone, Microsoft Outlook on PC and many more email clients.

On December 26, GFW started to block large numbers of IP addresses used by Gmail. These IP addresses are used by IMAP/SMTP/POP3. Chinese users now have no way of accessing Gmail behind the GFW. Before, they could still send or receive emails via email clients even though Gmail's web interface was not accessible. 

Google's own traffic chart shows a sharp decline of Chinese traffic to Gmail. 

Below is a ping request to the Gmail SMTP server, which is completely inaccessible in China.

 

Subscribe to our blog using RSS.

Comments

里根在西柏林演说时曾说:拆掉那堵墙吧!

在中国想说:拆掉那堵墙吧!

里根在西柏林演说时曾说:拆掉那堵墙吧!

在中国想说:拆掉那堵墙吧!

Significant economic fallout ? Wow, who told you that? Given the current circumstances, any one who cares about reliability in mainland china will choose not to use AWS or GCS, for the exact reason of not taking the risk that these will be blocked.
I think what you are doing is not helping but instead another reason for GFW to block these services. Google and Amazon would suffer more.

You can also make a downloadable offline mirror version of any website. I don't think GFW can really monitor what you have on your computer!

do you mind to share how do u mirrors the websites using amazon/google?
Appreciate your reply!
thanks!

I think this is one of the most important information foor me.
And i am glad reading your article. But wana remark on some general things,
The website style is great, the articles iss really excellent : D.
Good job, cheers

Loook at my web blog dietaparadiabeticos.es

Many people have misconceptions about beauty, fed mostly by media images. This isn't a good idea because these people aren't realistic at all. You need to figure out what beauty is to you. This article can help you with some smart beauty tips.

WOW just what I was searching for. Came here by searching for Banquet
Halls St. Joseph Mo

Feel free to visit my web page missourideejay.com

There's definately a great deal to learn about this topic. I really like all the points you have made.

My blog post :: American Business and Technology University Complaints

Good day! I could have sworn I've been to this website before but after
reading through some of the post I realized it's new to me.

Nonetheless, I'm definitely happy I found it and I'll be
bookmarking and checking back often!

Also visit my blog post ... engine optimization seo

inspired a lot from this post am following this blog regularly and found very good for bookmarking thanks admin
new year sms in hindi 2015
happy new year sms 2015
happy new year 2015 wallpapers
happy new year 2015 quotes
happy new year 2015
happy new year wishes 2015

Upon pressing the lower reset button, the large sweep
second hand and mini registers will go back to their original positions with the
former on the reset position and the latter indicating zero.

Today you can play a number of these game consoles' games
on the Wii Virtual Console, and also as part
of SEGA compilation packs such as the SEGA Genesis Collection on
the Play - Station Portable. Yes Bankruptcy Lawyer Charlotte and
Bankruptcy Lawyer Daytona are a right answer for you.

Review my blog :: daytona 500 live streaming

Have you ever thought about including a little bit more than just
your articles? I mean, what you say is important
and everything. However just imagine if you added some great photos
or videos to give your posts more, "pop"! Your content is
excellent but with images and videos, this site could undeniably be
one of the greatest in its field. Amazing blog!

My weblog: counterstrike global offensive hack

With the install complete you should now be looking at the Piriform CCleaner Application box.
It is also way for the consumer to know which is a good product
and what are definitely the things other users say and have
experienced using the certain registry cleaner software.
Moreover, the fragmented registry keys, embedded keys that are generated
and also the malware programs, traces of faulty uninstallation - pretty much all these make
the registry size broad as well.

Also visit my blog :: Ccleaner Pro Key

When someone writes an piece of writing he/she maintains the image of
a user in his/her mind that how a user can be aware of it.
So that's why this piece of writing is perfect. Thanks!

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.