Schneier on Security
A blog covering security and security technology.
« KeeLoq Broken |
| New Security Cartoon Site »
September 14, 2007
Chinese National Firewall Isn't All that Effective
The study, carried out by graduate student Earl Barr and colleagues in the computer science department of UC Davis and the University of New Mexico, exploited the workings of the Chinese firewall to investigate its effectiveness.
Unlike many other nations Chinese authorities do not simply block webpages that discuss banned subjects such as the Tiananmen Square massacre.
Instead the technology deployed by the Chinese government scans data flowing across its section of the net for banned words or web addresses.
When the filtering system spots a banned term it sends instructions to the source server and destination PC to stop the flow of data.
Mr Barr and colleagues manipulated this to see how far inside China's net, messages containing banned terms could reach before the shut down instructions were sent.
The team used words taken from the Chinese version of Wikipedia to load the data streams then despatched into China's network. If a data stream was stopped a technique known as "latent semantic analysis" was used to find related words to see if they too were blocked.
The researchers found that the blocking did not happen at the edge of China's network but often was done when the packets of loaded data had penetrated deep inside.
Blocked were terms related to the Falun Gong movement, Tiananmen Square protest groups, Nazi Germany and democracy.
On about 28% of the paths into China's net tested by the researchers, blocking failed altogether suggesting that web users would browse unencumbered at least some of the time.
Filtering and blocking was "particularly erratic" when lots of China's web users were online, said the researchers.
Posted on September 14, 2007 at 7:52 AM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The Thai censorship "firewall" is similar. There is not very much perimeter security, but the ministry of communication requires ISPs to filter sites it has blacklisted. Next there are laws which ban discussion of certain political topics or people and also circumvention of the censorship technology (so using TOR is now illegal).
Enforcement is also nonstandard: recently a webmaster from a forum covering a sensitive subject went missing for some weeks, not arrested, but abducted by the police.
But without doubt the largest obstruction to free discourse is self-censorship, since it is a cultural construct, not a legal one.
If your strategy is to minimize total damage (i.e. dangerous or unsafe ideas among the public), then this is a classic defense-in-depth technique and it is very effective. Many Thais are either unaware or unwilling to discuss pivotal events from the country's history. I can only assume China is similar or even more scary.
I think the easiest way to beat the Great Firewall might be to format the text with forced line breaks so that the message reads in columns, with the lines being gibberish. All Chinese characters in a given font have the same width, so they align perfectly. Thus, a message like "123456789" would be written like this:
It shouldn't be too hard to write a program to do this automatically.
I just tested and found out that if I try to search for "法轮" (falun) or "轮功" (lungong) on cn.yahoo.com (from abroad), my connection is reset, but "法国 车轮 气功" (Faguo chelun qigong) works just fine. However, there's a problem: how to let the interested Chinese readers find such pages? That's the real challenge, IMHO, and I haven't found any satisfactory answer. Of course, the government might also want to "kill the chicken to scare the monkey", that is, find a few such unpatriotic traitors and punish them harshly to dissuade others from engaging in such corrupt, un-Chinese behavior.
As to self-censorship, I did suggest caution to a friend of mine after she told me in an e-mail she was unhappy about the one-child policy. I wouldn't try to stop her if she publicly criticized the government on purpose (I would worry for her, though), but I'd hate to see her get in trouble just for being careless.
Dr Yubi Hu (��?逾��?)
(No, that's not my real name. I am a Ph.D., though.)
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.