There are so many errors in this article in the first few paragraphs that I have trouble believing any of it, even if the story itself is believable from what I know of Chinese religious oppression.
First, Xinjiang is in the west, not east. Second, Uyghurs in China do not speak Turkish. They speak Uighur, a Turkic language, but its orthography is Arabic and forced Chinese. It looks nothing like Turkish, which uses a modified Latin script.
Also there are about 10m Uyghurs as of 2010, not 8m.
That article is several months old and I've never heard of it on mainstream media.
This disgusts me. It's like those people are being dehumanized like the Jews. Maybe this is part of a wider conspiracy so when another another oil, resource grabbing led war is started. People will say and do nothing to stop it because people have sub-consciously brainwashed.
>The app reportedly scans for the MD5 digital signatures of media files in the phone, and matches them to a stored database of offending files classified by the government as illegal "terrorist-related" media.
What a dumb way to scan for "illegal" content, considering the goverment already controls their portion of the internet. So instead of monitoring who is accessing what they decide to compare checksums of files which can be trivially changed which would result in a completely new hash value.
In my opinion, in typical Beijing fashion the "competence" part of the equation is irrelevant. it's all about sending a message, loud and clear: "today we discriminate against YOU, by law, and there's nothing you can do about it". That the method used is laughably inefficient is not the point, it's all about keeping that boot in place on that throat, in a very visible manner.
But it could just be v1.. or it could be the govt describing a flawed approach so the resulting countermeasures are totally ineffective against the actual approach.
For example, if the actual approach is extracting keyframes and comparing against a library of keyframes of existing content (legal and illegal) or doing object recognition within those frames, the "add a null byte!" countermeasures are meaningless.
This is actually what digital forensics specialists do as well, although they've probably moved on from MD5 by now.
I know there's been talk of "fuzzy hashes" as well, in order to catch files with trivial modifications, but when I studied forensics (about four years ago), that was still in the future.
Searching hundreds of thousands or millions of files by hand would be impractical and for many types of offensive content, the authorities don't want to have to distribute the actual offensive content to the people who are doing the detection.
i.e. in the US, possession of child pornography is such a serious federal crime that if one happens to discover it on a PC they are servicing, they (or their employer) are legally obligated to contact the FBI immediately. Therefore, it doesn't make sense to distribute a detection tool that basically contains the original images (in order to do GIS-style "find similar images" searches), because that tool would violate the law it was designed to help enforce. Short hashes can't be used to recreate the original images, so they're "safe" in that sense.
It's not an ideal approach, but it works pretty well and fits within common constraints of the field.
This is very competent. It identifies some people trafficking in prohibited files, and it also identifies the true danger to the state -- people willing to circumvent their rules; when you pick up someone for bad files, and he (or his phone) says his buddy sent them, but his buddy's friend didn't report in, his buddy is eligible for a lot more trouble.
Experiment: tomorrow, ask 5 people you know who are not software engineers how to change the MD5 checksum on a file that resides on their mobile device.
Not to mention that it should be entirely possible to find offending files and create files that have MD5 collisions with them, causing false positives.
Elsewhere, I read that China doesn't allow Muslim civil servants and students from fasting during Ramadan. Was that only applying to this region or was applicable to other regions with non-Turkic Chinese Muslims?
Somehow china is becoming Ingsoc from 1984. Control people, censorship, Dictator state with no prospect of change, monitoring people, big brother is watching you type stuff among other things.
Just a week ago I read about traffic warnings personalised by face recognition. Now this. Soon China might become Ingsoc with Minlove and Double think and what not.
Your post [1] was autokilled because rfa.org is on the banned domains list. Try submitting something from rfa.org and it doesn't show up on new [2]. pg wrote a bit about banned domains here [3].
I don't think rfa.org should be banned, perhaps message the admins and they'll take it off the banned domains list.
It would likewise be easy for authorities to beat you within an inch of your life and jail you indefinitely for "hidden communication with a bad intent" or something similarly inane. They don't need you to unlock your phone for proof.
"Countermeasures" don't matter when there're a million ways to terrorize you, your family, and your friends into submission. They just have to suspect you.
Wow, those chinese surely are totalitarian in the way they approach surveillance technology aren't they ?
Good thing we have nothing like that. Only just closed hardware with closed or with some parts open complicated software mostly made by a few corporations which tend to and have in fact in past coopoerated with governments without even thinking about their customers.
You're doing liberty and democracy a disservice with your whataboutism. It's one thing to suspect your government of sneakily compromising hardware, another to receive official letters to install a surveillance app or be detained. Of course both are despicable, but they are not in the same league.
EDIT: I'm surprised about how many people jump to the defense of the Chinese government here on HN. Seems in stark contrast with the usual political opinion of the crowd. I can only ascribe this phenomenon to massive cultural relativism.
Is this OS specific? It would be good to have more details on the mechanism this app is using. Presumably this can only scan media that is stored outside of apps?
That hardly changes how terrible these measures are.
What's more, they seem technologically ineffective. As if the government were just trying to make a show of its power rather than provide real solutions.
It's absolutely indefensible and you must know it, considering you opened a new account to comment this.
The headline is slightly misleading. It's not all muslim minorities in China: it's muslims living in the separatist Xinjiang region, who are ethnically Turkic. There are a non-insignificant number of muslims outside of Xinjiang, such as the Huizu, which are essentially Han Chinese muslims. Lots of the "terrorism" originating from Xinjiang has separatist rather than just religious motivations; I wouldn't be surprised if this is why the Chinese government is so keen to crack down.
*Edit: the headline was originally 'China forces its Muslim minority to install spyware on their phones'
When I read the headline, I immediately thought Xinjiang, because that is where they have the greatest concentration of Muslims and where they have had separatism issues.
And then the first sentence starts with "China has ramped up surveillance measures in Xinjiang".
So I don't consider the headline misleading at all. News sites necessarily have to use short titles. The lack of an exhaustive title shouldn't be criticized unless it is clearly clickbait or contradicts facts or the article.
This is interesting. It goes to show how an autoritarian government can fix some problems in a more effective way. You can remove terrorist propaganda from YouTube, but how do you stop the spread of those videos in private platforms or messaging applications?
And even if the first version of this spying app only checks for md5 sums, which is arguably useless, I'm sure they're working on something more effective.
Its their country and their laws, trying to solve the problem of Islamic extremism on their own.
In western countries, you get detained for years in Guantanamo under torture without knowing for sure why you got arrested. Young girls get married as early as 12 to creepy old dudes and there is no need to ask for installing spyware because the phones and communications are already tapped by default.
Anyone criticizing China while permitting their own country to do worse is an hypocrite. Still waiting for the outrage about the mass surveillance from Amazon Echo, Google and others. Only the European Commission is doing something visible against this trend.
[+] [-] sl4i6j3o4i98g|8 years ago|reply
* Fake app, so people can pass a manual inspection of their device
* Fake dataset, to feed so many false positives into their database it makes it time-cost prohibitive to investigate
* Conflicting dataset - Duplicate MD5 strings matching 'bad' and 'good' files; may corrupt internal databases or provide plausible deniability
[+] [-] ascom|8 years ago|reply
[+] [-] virtuabhi|8 years ago|reply
[+] [-] intopieces|8 years ago|reply
First, Xinjiang is in the west, not east. Second, Uyghurs in China do not speak Turkish. They speak Uighur, a Turkic language, but its orthography is Arabic and forced Chinese. It looks nothing like Turkish, which uses a modified Latin script.
Also there are about 10m Uyghurs as of 2010, not 8m.
[+] [-] pcr0|8 years ago|reply
[+] [-] CommanderData|8 years ago|reply
This disgusts me. It's like those people are being dehumanized like the Jews. Maybe this is part of a wider conspiracy so when another another oil, resource grabbing led war is started. People will say and do nothing to stop it because people have sub-consciously brainwashed.
[+] [-] cronjobma|8 years ago|reply
[+] [-] zython|8 years ago|reply
What a dumb way to scan for "illegal" content, considering the goverment already controls their portion of the internet. So instead of monitoring who is accessing what they decide to compare checksums of files which can be trivially changed which would result in a completely new hash value.
Seems like a very incompetent way of doing this.
[+] [-] Hasknewbie|8 years ago|reply
[+] [-] caseysoftware|8 years ago|reply
But it could just be v1.. or it could be the govt describing a flawed approach so the resulting countermeasures are totally ineffective against the actual approach.
For example, if the actual approach is extracting keyframes and comparing against a library of keyframes of existing content (legal and illegal) or doing object recognition within those frames, the "add a null byte!" countermeasures are meaningless.
[+] [-] blincoln|8 years ago|reply
I know there's been talk of "fuzzy hashes" as well, in order to catch files with trivial modifications, but when I studied forensics (about four years ago), that was still in the future.
Searching hundreds of thousands or millions of files by hand would be impractical and for many types of offensive content, the authorities don't want to have to distribute the actual offensive content to the people who are doing the detection.
i.e. in the US, possession of child pornography is such a serious federal crime that if one happens to discover it on a PC they are servicing, they (or their employer) are legally obligated to contact the FBI immediately. Therefore, it doesn't make sense to distribute a detection tool that basically contains the original images (in order to do GIS-style "find similar images" searches), because that tool would violate the law it was designed to help enforce. Short hashes can't be used to recreate the original images, so they're "safe" in that sense.
It's not an ideal approach, but it works pretty well and fits within common constraints of the field.
[+] [-] toast0|8 years ago|reply
[+] [-] intopieces|8 years ago|reply
Experiment: tomorrow, ask 5 people you know who are not software engineers how to change the MD5 checksum on a file that resides on their mobile device.
Report the results here.
[+] [-] jansho|8 years ago|reply
[+] [-] CyberDildonics|8 years ago|reply
[+] [-] sdiq|8 years ago|reply
[+] [-] kronos29296|8 years ago|reply
Just a week ago I read about traffic warnings personalised by face recognition. Now this. Soon China might become Ingsoc with Minlove and Double think and what not.
[+] [-] raverbashing|8 years ago|reply
[+] [-] kawera|8 years ago|reply
http://www.rfa.org/english/news/china/china-orders-xinjiangs....
[+] [-] tristanj|8 years ago|reply
I don't think rfa.org should be banned, perhaps message the admins and they'll take it off the banned domains list.
[1] https://news.ycombinator.com/item?id=14785838
[2] https://news.ycombinator.com/from?site=rfa.org
[3] https://news.ycombinator.com/item?id=499044
[+] [-] jakobbuis|8 years ago|reply
[+] [-] dave_sullivan|8 years ago|reply
"Countermeasures" don't matter when there're a million ways to terrorize you, your family, and your friends into submission. They just have to suspect you.
[+] [-] libeclipse|8 years ago|reply
- Append a null byte to the end of your files, giving them a unique hash value.
- Disallow internet access to the application.
- Spoof the server using DNS tricks and control what is sent and received.
- Reverse engineer the application to make it look as if it's working while it actually isn't.
- Sandbox the application.
- Use an alternative phone for all of your "sensitive" activities.
- Don't keep "sensitive" information on phones, rather store on an encrypted computer.
- Use an old burner phone.
So not only is the policy utterly disgusting, it's also completely ineffective. A small blessing perhaps.
[+] [-] OzzyB|8 years ago|reply
Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out— Because I was not a Jew.
Then they came for the Muslims—and everyone rejoiced in their unity of hating them together.
[+] [-] treehau5|8 years ago|reply
[+] [-] hnbroseph|8 years ago|reply
[+] [-] wavefunction|8 years ago|reply
[+] [-] jansho|8 years ago|reply
*typo
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] buttcake|8 years ago|reply
Good thing we have nothing like that. Only just closed hardware with closed or with some parts open complicated software mostly made by a few corporations which tend to and have in fact in past coopoerated with governments without even thinking about their customers.
[+] [-] libeclipse|8 years ago|reply
I don't think they're the same.
[+] [-] Kenji|8 years ago|reply
EDIT: I'm surprised about how many people jump to the defense of the Chinese government here on HN. Seems in stark contrast with the usual political opinion of the crowd. I can only ascribe this phenomenon to massive cultural relativism.
[+] [-] olegkikin|8 years ago|reply
[+] [-] pyed|8 years ago|reply
[+] [-] piyushmakhija|8 years ago|reply
[+] [-] chrishowlin|8 years ago|reply
[+] [-] pacificera|8 years ago|reply
[+] [-] striking|8 years ago|reply
What's more, they seem technologically ineffective. As if the government were just trying to make a show of its power rather than provide real solutions.
It's absolutely indefensible and you must know it, considering you opened a new account to comment this.
[+] [-] dionian|8 years ago|reply
[+] [-] kronos29296|8 years ago|reply
[+] [-] logicchains|8 years ago|reply
*Edit: the headline was originally 'China forces its Muslim minority to install spyware on their phones'
[+] [-] em3rgent0rdr|8 years ago|reply
And then the first sentence starts with "China has ramped up surveillance measures in Xinjiang".
So I don't consider the headline misleading at all. News sites necessarily have to use short titles. The lack of an exhaustive title shouldn't be criticized unless it is clearly clickbait or contradicts facts or the article.
[+] [-] dang|8 years ago|reply
[+] [-] mustbesatire|8 years ago|reply
[deleted]
[+] [-] xyzxyz998|8 years ago|reply
[deleted]
[+] [-] mrkrabo|8 years ago|reply
And even if the first version of this spying app only checks for md5 sums, which is arguably useless, I'm sure they're working on something more effective.
[+] [-] CurrencyDigest|8 years ago|reply
[deleted]
[+] [-] stopthehate|8 years ago|reply
[deleted]
[+] [-] nunobrito|8 years ago|reply
In western countries, you get detained for years in Guantanamo under torture without knowing for sure why you got arrested. Young girls get married as early as 12 to creepy old dudes and there is no need to ask for installing spyware because the phones and communications are already tapped by default.
Anyone criticizing China while permitting their own country to do worse is an hypocrite. Still waiting for the outrage about the mass surveillance from Amazon Echo, Google and others. Only the European Commission is doing something visible against this trend.