News

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Mon, Jun 10, 2013

Wikimedia Foundation says it doesn't hold Chinese readers in any less regard - we disagree

Matthew Roth, Spokesperson for the Wikimedia Foundation, responds to our recent Wikipedia drops the ball on China - not too late to make amends article:

The Wikimedia Foundation doesn’t hold any readers of our projects in any less regard than others. Our mission is to bring the knowledge contained in the Wikimedia projects to everyone on the planet. There is no strategic consideration around how we can make one or another language project more accessible or readable in one part of the world or another. We do not have control over how a national government operates its censorship system. We also do not work with any national censorship system to limit access to project knowledge in any way.

It is worth noting the Greatfire blog post makes some incorrect assumptions about Wikimedia culture - including incorrect titling of some Wikimedia Foundation staff (e.g. Sue Gardner is the Executive Director of the Wikimedia Foundation, the non-profit that operates Wikipedia -- Wikipedia is written by tens of thousands of volunteers and has no director and no explicit hierarchy). There is also an incorrect assertion that Jimmy Wales has a direct role in working with our staff in making changes to core infrastructure. Of course Jimmy plays a role in the conversation as a member of the Wikimedia Foundation Board of Trustees, but he is participating in the conversation along with anyone else from the volunteer editor community.

Mon, Jun 03, 2013

China's Internet: Now a giant invisible cage

Our story last Friday about new Sina Weibo censorship tactics has attracted a lot of attention. In this story we ask the harder questions: Why would Sina start testing new censorship tactics at this time and what prompted this action?

Advantages

In summary, Sina's new censorship controls will:

  • mitigate user criticism of Sina's censorship policy
  • block information without exposing the importance attached to the information by the authorities through the mere act of censorship
  • block information in a way where users will likely not actively try to get around the block because they won't know it exists
  • create an image of Sina Weibo (and perhaps the Chinese Internet) as an open and welcoming forum with little censorship and bucketfuls of freedom of speech

Zhu Ling

It looks like the authorities finally learned their lesson after blocking information about the Thallium poisoning case of Zhu Ling. The censorship of this case is extremely interesting as the original incident took place in 1994. It aroused interest again after news about a recent poisoning incident at Fudan University. Strangely, authorities began to delete news articles posted on major Chinese media and blocked searches on Weibo and Google. This act of censorship actually creating more outcry than the case itself. Many Weibo users believed that the authorities were covering up discussion about the issue to protect the suspect, who comes from a family that has held senior posts in the government. After all, why would the authorities censor discussion about a 1990s murder case?

Wikipedia drops the ball on China - not too late to make amends

What happened?

From October 2011, Wikipedia started to fully support HTTPS connections on all language versions. This meant that for the Chinese language Wikipedia, the Great Firewall of China (GFW) could not selectively block sensitive content. This also meant that hundreds of articles that are blocked on the HTTP version of Wikipedia, were freely accessible to Chinese internet users if they simply added an ‘S’ behind HTTP.

On May 31, 2013, GFW began to block the encrypted version of Wikipedia through port blocking. HTTPS connections are usually established on port 443 while HTTP connections are on port 80. GFW only blocks Wikipedia’s IP on port 443.

All language versions of the encrypted version of Wikipedia are also blocked. See the testing data on our system for Chinese WikipediaEnglish Wikipedia and Wikipedia.

Consequence of the block

The HTTPS version of Wikipedia is blocked while the HTTP version is not. This method forces users inChina to use the unencrypted HTTP version, which is subject to keyword filtering; hundreds of articles are blocked including articles on Tiananmen Square protests.

Why

It surprises us that GFW took one and a half years to respond to the support of HTTPS on Wikipedia. One explanation of the slow reaction is that Wikipedia by default uses HTTP and only a minority of visitors to the site would use HTTPS.

Fri, May 31, 2013

Sina testing subtle censorship ahead of Tiananmen anniversary

What happened?

On May 31, 2013 at 7am, we observed that searching for keywords that are normally blocked, for example, “六四事件” (June 4th incident), surprisingly returned some results and no censorship notice. This temporary lift of censorship ended at 9am but started and stopped a few more times into early afternoon, as if literally somebody was flipping a switch on and off at Sina headquarters.

Update on June 2: Sina is still constatnly swtiching between those two method.

Update on June 8: From June 3-4th and onwards, Sina Weibo seems to switch back to explicit compelte block for those keywords.

Change in Tact

To understand what is happening you need to be familiar with Sina’s various censorship methods. We observed and reported last year that Sina had implemented new tactics to censor particular keyword searches. Just days before the June 4th anniversary, Sina is again tweaking its censorship mechanisms. During the morning hours of May 31, Sina completely abandoned its old style, explicit approach to censorship, which displayed a message but no search results:

“According to relevant laws, regulations and policies, search results for [the blocked keyword] can not be displayed.”

No, Sina has not suddenly decided to fully support freedom of speech. On the contrary, it would appear that Sina is using more advanced and subtler methods to censor search results. All keywords mentioned below are normally explicitly and completely blocked. But each behaved a little bit differently on the morning of May 31.

Sat, May 18, 2013

如何安全使用微信

原载于荷兰在线,文:Percy Alpha。授权在本站发布。

微信官方网站宣传其是超过三亿人使用的手机应用。但是微信对用户隐私的保护做的如何呢?我们如何能在微信上保持匿名呢?


微信官方对隐私和政府要求的解释


根据其使用条款:
用户所传播的信息相关的任何法律责任由用户自行承担。
用户不得利用腾讯微信或腾讯微信服务制作、上载、复制、发送如下内容:
• 危害国家安全,泄露国家秘密,颠覆国家政权,破坏国家统一的;
• 损害国家荣誉和利益的;
• …....
• 含有法律、行政法规禁止的其他内容的信息。
腾讯公司有权依法停止传输任何前述内容,并有权依其自行判断对违反本条款的任何人士采取适当的法律行动, 包括但不限于…并且依据法律法规保存有关信息并向有关部门报告等.
用户同意个人隐私信息是指那些能够对用户进行个人辨识或涉及个人通信的信息,包括下列信息:用户真实姓名,身份证号,手机号码,IP地址。

令人疑惑的是,在中文版的隐私保护条款并没有提及微信收集的地理位置信息和手机通讯录信息。而这些信息在英文版本中清清楚楚列了出来。以下是英文条款的中文翻译
• 地理位置信息:你的地理位置信息短期内会被我们的服务器储存。如果你提出删除要求,我们会人工删除你的地理位置信息。

• 手机通讯录信息:...你的手机通讯录会加密保存在由腾讯管理的服务器上。储存的信息会和你的微信帐号相关联。...

因为微信在中文版隐私政策对地理位置信息和手机通讯录信息避而不谈,我们不知道微信是否将其当作隐私信息处理。但即使微信认定这是隐私信息,服务条款中也明文写道,腾讯可以在”法律或有法律赋予权限的政府部门要求或用户同意等原因”的情况下披露个人隐私。

该中文版协议适用于中华人民共和国法律,英文版协议则适用于香港特别行政区法律。但大家不要忘记,雅虎香港控股有限公司曾自愿向中国大陆政府提供了用户邮件,导致用户入狱。所以我们必须假定在接到中国政府的命令后,无论在哪种协议下,微信收集的所有信息都能被政府获取到。

Sat, Apr 20, 2013

Internet dissidents in China

Retweet this! Arrests and online censorship in China.

Please find below a list of Chinese who are or have been imprisoned in China often for “inciting subversion of state power” using the internet as a means of information dissemination. In many cases, the internet properties which these activists were using were complicit in police investigations and provided full access to these accounts. Wikipedia has an excellent list of all dissidents in China which is surprisingly not blocked by the great firewall (even in Chinese!) at the time of publication. Much of the information which follows was gathered from that list.

Wed, Jan 30, 2013

China, GitHub and the man-in-the-middle

What happened?

At around 8pm, on January 26, reports appeared on Weibo and Twitter that users in China trying to access GitHub.com were getting warning messages about invalid SSL certificates. The evidence, listed further down in this post, indicates that this was caused by a man-in-the-middle attack.

What is a man-in-the-middle-attack?

Wikipedia defines a man-in-the-middle-attack in the following way:

The man-in-the-middle attack...is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

We go into detail about what happened later in this post, but first we will explore why we think this happened.

Why?

At the time of writing, there are 5,103,522 repositories of data on GitHub and as many possible theories as to why the Chinese authorities want to block or interfere with access. We will focus on one of these theories however please note that this is pure speculation on our part.

On January 25, the day before the man-in-the-middle attack, the following petition was created on WhiteHouse.gov:

People who help internet censorship, builders of Great Firewall in China for example, should be denied entry to the U.S.

Wed, Jan 23, 2013

GitHub blocked in China - how it happened, how to get around it, and where it will take us

What happened?

Update: On January 23, https://github.com was unblocked again.

On January 18, or possibly the day before (though our test data doesn’t cover this), the Great Firewall began to reset connections containing “*.github.com”. As a result, code sharing projects hosted on a subdomain of GitHub, such as aoxu.github.com, were blocked in China. The main GitHub website was mostly unaffected, for two reasons. Firstly, it’s hosted on github.com, without a subdomain. Secondly, it serves encrypted content only, thus preventing the Great Firewall from resetting connections based on keywords.

A day later, the block was extended through the inclusion of github.com, without subdomains, in the list of keywords causing connections to be reset. Chinese users could still access GitHub as long as they manually typed in https://github.com in their browser (notice the https). Strangely the www.github.com host was DNS poisoned, but not any other hosts. The www subdomain is not used by GitHub.

On January 21, DNS poisoning was extended to all github.com hosts including the root domain as well as all its subdomains. In effect, all of GitHub was blocked in China.

Interestingly, the blocking of GitHub has seemingly not been censored on social media. The keyword “github” has not been blocked on Sina Weibo, and we have not detected any deleted posts containing “github” on FreeWeibo.

For further information on how the blocking was introduced, including data references, see the Timeline at the end of this article.

Pages