Before I went to China I bought a burner phone, mainly to install WeChat (which is also a kind of malware and also "required" in China). Basic Android phones are not too expensive these days - I wonder if it will become commonplace to own several and physically separate your life across them?
FWIW I got a Huawei phone (Honor 10 Lite) for under 200 EUR, but much cheaper phones than that are available.
Edit: To be clear this is not to avoid Chinese surveillance. That's unavoidable whatever you do because China is a police state. It's to separate out that surveillance from my contacts and my regular life at home. (I also think it's at least arguable that the Chinese government has a duty to look closely at what foreigners are up to. It's not an argument that I agree with myself very much because it infringes freedom while also making the wrong trade-offs, but given we live in a world of nation states it follows logically from that.)
> Edit: To be clear this is not to avoid Chinese surveillance. That's unavoidable whatever you do because China is a police state. It's to separate out that surveillance from my contacts and my regular life at home.
Not sure what's wrong with avoiding Chinese surveillance. And why you think having a burner phone to separate US and Chinese life is not an act to avoid surveillance.
I bought a dual sim Mi phone for this purpose as well. It worked out really well. At the border crossing from Hong Kong into mainland china, they didn't seem interested in my devices fortunately. Still will wipe my phone before I use it again, however.
Next time when you buy a burner phone, please try to be more conscious.
Huawei is likely one of the companies that contributed to this very Xinjiang endeavour [0].
Even if it's not directly related, by buying a Huawei phone, you are voting with your money to support a company that's been hurting innovation with IP theft through the years [1].
May be good to make the distinction between the Xinjiang Uyghur Autonomous Region† in the very north-west of China and the rest of China itself. The surveillance, monitoring, detention, "education", and de-radicalisation that are happening in Xinxiang are not to my knowledge representative of the rest of China. It is, of course, very troublesome that this illiberal dragnet exists anywhere in China. We would do well to remember that the crackdown (on the face of it) is a heavy-handed response to multiple Uyghur Muslim terrorist attacks‡ over decades that have claimed the lives of many and injured many more.
While an argument could be made that if any part of China is a police state then all of it is the same could have been said of, for instance, the United Kingdom at the height of the Troubles. At the time the UK deployed watch towers, mass stop and search checkpoints, and harsh anti-terrorism laws that encroached on everyone's freedoms. This was in Northern Ireland but the rest of the UK was relatively unaffected. And nobody at the time that I'm aware of called the UK a police state. The measures were seen as a clumsy response to localised terrorism.
What I'm saying is: yes we know that China is authoritarian, yes we know that it is totalitarian (bar Hong Kong and even that is crumbling…), yes we know China employs a (some would say draconian) social credit scoring system – but it might even still be a stretch to label China in its entirety as a police state when the measures being discussed (installing surveillance apps on phones at security crossings) are localised to one region of ~25 million people out of a country of ~1.4 billion. I'd like to think that if the whole of China was treated the same way there would be an uprising. For the record the ethnic composition of Xinjiang is: 45.84% Uyghur, 40.48% Han, 6.50% Kazakh, 4.51% Hui, 2.67% Other.
Calling WeChat "a kind of malware", what do you mean by this? I would see a miniscule difference between WhatsApp or Facebook Messenger or whatever and WeChat – none of these corps, be they Tencent or Facebook or whoever are cuddly and friendly, they're all out to extract as much revenue and profit from the eyeballs they engage as humanly possible. If you think WeChat is a kind of malware I expect you think the same about WhatsApp and FB Messenger. If you don't, why don't you? Is WeChat actually required in China? I can't find any article to corroborate this claim. Or are you just saying that it's extremely inconvenient to get by without it. One could say the same about Google or Facebook services in the West.
>"China is using technology for the perfection of dictatorship." -Pete Buttigieg, 2020 US presidential candidate
PRC may be blazing the trail, but as the tech becomes proved and available, I won't be surprised to see creeping adoption in more "free" countries (especially following crises).
This bit is important: "Foreigners crossing certain Chinese borders into the Xinjiang region"...
I'm not aware of Chinese authorities getting quite that draconian (yet) at the normal border entry points in Beijing, Shanghai, etc. However, I think it's still worth following the general advice that if you have sensitive data on your devices, leave them at home and use a burner phone/laptop + restore from the cloud later.
I don’t think they would even do this if you flew into Urumqi. Just if you crossed a border from one of the stans into xinjiang, and fen these are mostly closed to westerners.
Agreed. I would say the same thing coming into America. Even if you are American. I always refuse to fill out the paper while reentering my own damn country, unless I'm travelling with others. But that means I get pushed to secondary every time. Usually only Hispanic and middle eastern people in there. But the border control agents can take and search anything they want. So I say probably do the same for coming into America on the chance they send you to secondary.
""What you’ve found goes beyond that: it suggests that even foreigners are subjected to such mass, and unlawful surveillance."" Pretty bold for them to call it unlawful in two places when it was not shown to be against that country's laws. Distasteful, yes. Unlawful? Hard to tell from just this article. Personally, I'm more worried about exported android devices.
China signed the United Nations Universal Declaration of Human Rights.
This action almost certainly violates some of these rights (articles 18-21 come to mind: Articles 18–21 sanctioned the so-called "constitutional liberties", and with spiritual, public, and political freedoms, such as freedom of thought, opinion, religion and conscience, word, and peaceful association of the individual.)
Given China's expansive attitude to industrial espionage (all foreign companies are fair game), if I were in charge of security for a large multinational, what's my security policy going to be for my employees who travel to China for meetings? Does this change anything? or is behaviour like this from China or indeed anyone else, already priced in?
Others can chime in, but I believe that most serious companies doing business with China have a burner-device policy for employees travelling to China.
Your devices will all be hacked with industrial espionage malware, and just in case you don't have anything on those devices, you will be given devices as "gifts"—like flash drives and WiFi-equipped smart home devices--that will exploit any devices you didn't bring with you.
INAE, but I believe the usual policy is to accept the gifts but discard them at the first opportunity.
Basically China is too big and doesn't have good natural internal borders so throughout history it has only held together when the central government was especially ruthless. It's just too easy to steamroll off of some early military victories, so all insurrection needs to be quashed before it ever really gets started. This means you need a brutal police state.
In modern times the traditions of the past remain even after the natural barriers of communication time and mobilization speed have been eradicated by modern technology. The rules of the past become a part of the culture, language, and customs of the people, even after they are theoretically obsolete. Finally, there is a natural fear of retribution you see when a minority oppresses the majority for a long time. The minority doesn't want to be treated as they treated the majority for so long, and are terrified that if they give an inch they'll find themselves hanging from a pole just like so many of their victims.
It’s almost always been like that. The surveillance 25 years ago were grannies and aunties on the first floor of buildings keeping track of who comes and goes. Gates were already installed at many living compounds, so the guards too could easily see who comes and goes. Read about the danwei system, which essentially monitored everyone’s movements and indeed life path from birth until death. Not as high tech as now, but the control and surveillance has always been there. This is probably why the escalation has occurred without too much fuss from the general populace.
If the malware roots the device, probably not, but if it takes read.sms permissions, it should only get ciphertext. if it replaces the main SMS messenger, then it breaks, but you'd know.
I just did a rough threat model on this exact scenario and worked with the assumption that Signal's MasterSecret covered it in the sms DB - but haven't done a thorough code review yet.
The headline is really alarmist, implying China in general is applying this practice, while the reality is that this is a practice limited to sensitive regions. It's pretty much in line with the status quo in Western China. China has been very protective of the Xinjiang region for a long time, and very restrictive on travel in and out, especially for foreigners.
But here we go, we've started an alarmist comment thread where we've extended this out way beyond the current implementation, extending it into some kind of dystopian future where this kind of thing is universal. Time to get a burner phone and lock ourselves at home with our tin foil hats tightly in place!
All countries have always been paranoid when it comes to more contested and less stable regions. It's nothing new nor a surprise. Is this situation a good thing? No. It's been a human rights problem for decades.
Still, we should stop freaking out, that would be great.
This is not the customs and border process in China as a whole. It's not a reason to cancel a trip to Shanghai or Beijing or Xi'an.
Nobody can afford to care about all of the bad things in the world all of the time. Unfortunate but true. When people do find the attention budget to care about a bad thing, why is that a bad thing? Why is it appropriate to be dismissive?
> China Snares Tourists’ Phones in Surveillance Dragnet by Adding Secret App
and subtitle :
> Border authorities routinely install the app on the phones of people entering the Xinjiang region by land from Central Asia, gathering personal data and scanning for material considered objectionable.
Considering the scale of what China is accused of doing in Xinjiang and China's role as the vanguard of modern surveillance, what is alarmist about this?
Do you think that China is unwilling to use this same tech at the Pudong airport?
Move on, nothing to see here. Our investors would be very unhappy if we ACTUALLY had to take a moral stand on the human rights violations in our Shenzhen supply chain.
Urumqi is a quite big transit hub, but I opt to never buy flights through it for the chance of winning a free cavity search. That's another reason to keep away from that place.
I don’t think you would have much problems in Urumqi these days, the problems only start when you leave the big city.
Is Urumqi really an international hub? I can’t imagine anyone flying through that city for any trip that didn’t originate or terminate in China. Chengdu is much more of the hub these days.
This is bad PR for the Chinese government, but only in the West. They will probably stop doing this when they can get some NSA type organization to do this. Its much easier to vacuum up the data behind the scenes.
The journalists also asked researchers at ... Open Technology Fund, an initiative funded by the United States government under Radio Free Asia ... so the CIA basically?
Is there any way to get a copy of the application? I'm sure there are some of us that would love to take it apart and look for URLs / file hashes it is looking for.
What I don't understand is why they leave the app installed on the person's phone after the scan if it does not do any further scanning in the background.
[+] [-] rwmj|6 years ago|reply
FWIW I got a Huawei phone (Honor 10 Lite) for under 200 EUR, but much cheaper phones than that are available.
Edit: To be clear this is not to avoid Chinese surveillance. That's unavoidable whatever you do because China is a police state. It's to separate out that surveillance from my contacts and my regular life at home. (I also think it's at least arguable that the Chinese government has a duty to look closely at what foreigners are up to. It's not an argument that I agree with myself very much because it infringes freedom while also making the wrong trade-offs, but given we live in a world of nation states it follows logically from that.)
[+] [-] hartator|6 years ago|reply
Not sure what's wrong with avoiding Chinese surveillance. And why you think having a burner phone to separate US and Chinese life is not an act to avoid surveillance.
[+] [-] eladrin201|6 years ago|reply
[+] [-] cltsang|6 years ago|reply
Huawei is likely one of the companies that contributed to this very Xinjiang endeavour [0].
Even if it's not directly related, by buying a Huawei phone, you are voting with your money to support a company that's been hurting innovation with IP theft through the years [1].
[0] https://www.forbes.com/sites/zakdoffman/2019/05/25/huawei-ac...
[1] https://www.wsj.com/articles/huaweis-yearslong-rise-is-litte...
[+] [-] mfatica|6 years ago|reply
[+] [-] igravious|6 years ago|reply
May be good to make the distinction between the Xinjiang Uyghur Autonomous Region† in the very north-west of China and the rest of China itself. The surveillance, monitoring, detention, "education", and de-radicalisation that are happening in Xinxiang are not to my knowledge representative of the rest of China. It is, of course, very troublesome that this illiberal dragnet exists anywhere in China. We would do well to remember that the crackdown (on the face of it) is a heavy-handed response to multiple Uyghur Muslim terrorist attacks‡ over decades that have claimed the lives of many and injured many more.
While an argument could be made that if any part of China is a police state then all of it is the same could have been said of, for instance, the United Kingdom at the height of the Troubles. At the time the UK deployed watch towers, mass stop and search checkpoints, and harsh anti-terrorism laws that encroached on everyone's freedoms. This was in Northern Ireland but the rest of the UK was relatively unaffected. And nobody at the time that I'm aware of called the UK a police state. The measures were seen as a clumsy response to localised terrorism.
What I'm saying is: yes we know that China is authoritarian, yes we know that it is totalitarian (bar Hong Kong and even that is crumbling…), yes we know China employs a (some would say draconian) social credit scoring system – but it might even still be a stretch to label China in its entirety as a police state when the measures being discussed (installing surveillance apps on phones at security crossings) are localised to one region of ~25 million people out of a country of ~1.4 billion. I'd like to think that if the whole of China was treated the same way there would be an uprising. For the record the ethnic composition of Xinjiang is: 45.84% Uyghur, 40.48% Han, 6.50% Kazakh, 4.51% Hui, 2.67% Other.
Calling WeChat "a kind of malware", what do you mean by this? I would see a miniscule difference between WhatsApp or Facebook Messenger or whatever and WeChat – none of these corps, be they Tencent or Facebook or whoever are cuddly and friendly, they're all out to extract as much revenue and profit from the eyeballs they engage as humanly possible. If you think WeChat is a kind of malware I expect you think the same about WhatsApp and FB Messenger. If you don't, why don't you? Is WeChat actually required in China? I can't find any article to corroborate this claim. Or are you just saying that it's extremely inconvenient to get by without it. One could say the same about Google or Facebook services in the West.
† https://en.wikipedia.org/wiki/Xinjiang
‡ https://en.wikipedia.org/wiki/Terrorism_in_China
[+] [-] mLuby|6 years ago|reply
PRC may be blazing the trail, but as the tech becomes proved and available, I won't be surprised to see creeping adoption in more "free" countries (especially following crises).
[+] [-] mdorazio|6 years ago|reply
I'm not aware of Chinese authorities getting quite that draconian (yet) at the normal border entry points in Beijing, Shanghai, etc. However, I think it's still worth following the general advice that if you have sensitive data on your devices, leave them at home and use a burner phone/laptop + restore from the cloud later.
[+] [-] BurningFrog|6 years ago|reply
Quite different from the rest of China.
[+] [-] seanmcdirmid|6 years ago|reply
[+] [-] CodiePetersen|6 years ago|reply
[+] [-] xenospn|6 years ago|reply
[+] [-] TadaScientist|6 years ago|reply
[+] [-] aussieguy1234|6 years ago|reply
[+] [-] ce4|6 years ago|reply
https://www.sueddeutsche.de/politik/china-app-ueberwachung-t...
[+] [-] phy6|6 years ago|reply
[+] [-] johnzim|6 years ago|reply
[+] [-] Tepix|6 years ago|reply
This action almost certainly violates some of these rights (articles 18-21 come to mind: Articles 18–21 sanctioned the so-called "constitutional liberties", and with spiritual, public, and political freedoms, such as freedom of thought, opinion, religion and conscience, word, and peaceful association of the individual.)
[+] [-] erdo|6 years ago|reply
[+] [-] braythwayt|6 years ago|reply
Your devices will all be hacked with industrial espionage malware, and just in case you don't have anything on those devices, you will be given devices as "gifts"—like flash drives and WiFi-equipped smart home devices--that will exploit any devices you didn't bring with you.
INAE, but I believe the usual policy is to accept the gifts but discard them at the first opportunity.
[+] [-] bovermyer|6 years ago|reply
However, the implications are still ominous.
I'm curious, how did China develop into such a police state? Anyone able to point me to some reading on the subject?
[+] [-] jandrese|6 years ago|reply
In modern times the traditions of the past remain even after the natural barriers of communication time and mobilization speed have been eradicated by modern technology. The rules of the past become a part of the culture, language, and customs of the people, even after they are theoretically obsolete. Finally, there is a natural fear of retribution you see when a minority oppresses the majority for a long time. The minority doesn't want to be treated as they treated the majority for so long, and are terrified that if they give an inch they'll find themselves hanging from a pole just like so many of their victims.
[+] [-] scooke|6 years ago|reply
[+] [-] iiuuhhggff|6 years ago|reply
[+] [-] motohagiography|6 years ago|reply
If the malware roots the device, probably not, but if it takes read.sms permissions, it should only get ciphertext. if it replaces the main SMS messenger, then it breaks, but you'd know.
I just did a rough threat model on this exact scenario and worked with the assumption that Signal's MasterSecret covered it in the sms DB - but haven't done a thorough code review yet.
[+] [-] mortivore|6 years ago|reply
[+] [-] dangus|6 years ago|reply
But here we go, we've started an alarmist comment thread where we've extended this out way beyond the current implementation, extending it into some kind of dystopian future where this kind of thing is universal. Time to get a burner phone and lock ourselves at home with our tin foil hats tightly in place!
All countries have always been paranoid when it comes to more contested and less stable regions. It's nothing new nor a surprise. Is this situation a good thing? No. It's been a human rights problem for decades.
Still, we should stop freaking out, that would be great.
This is not the customs and border process in China as a whole. It's not a reason to cancel a trip to Shanghai or Beijing or Xi'an.
[+] [-] jjoonathan|6 years ago|reply
[+] [-] mrighele|6 years ago|reply
It's not bad because it's exceptional, it's bad because it inerhently is. If else the fact that it is normal makes it even worse
[+] [-] habnds|6 years ago|reply
> China Snares Tourists’ Phones in Surveillance Dragnet by Adding Secret App
and subtitle :
> Border authorities routinely install the app on the phones of people entering the Xinjiang region by land from Central Asia, gathering personal data and scanning for material considered objectionable.
Considering the scale of what China is accused of doing in Xinjiang and China's role as the vanguard of modern surveillance, what is alarmist about this?
Do you think that China is unwilling to use this same tech at the Pudong airport?
[+] [-] prepend|6 years ago|reply
[+] [-] endymi0n|6 years ago|reply
[+] [-] baybal2|6 years ago|reply
[+] [-] seanmcdirmid|6 years ago|reply
Is Urumqi really an international hub? I can’t imagine anyone flying through that city for any trip that didn’t originate or terminate in China. Chengdu is much more of the hub these days.
[+] [-] xenospn|6 years ago|reply
[+] [-] apeace|6 years ago|reply
Is this known to be possible? I would've thought it isn't (at least without the user entering their passcode and "trusting" the device).
[+] [-] xmly|6 years ago|reply
NSA could monitor all of us without installing any spyware.
China should improve its surveillance techniques!
[+] [-] acomjean|6 years ago|reply
[+] [-] la_barba|6 years ago|reply
[+] [-] chvid|6 years ago|reply
[+] [-] mg794613|6 years ago|reply
[+] [-] x2f10|6 years ago|reply
[+] [-] JumpCrisscross|6 years ago|reply
This is hyperbolic. It's potentially reprehensible and almost certainly oppressive. But it's not unlawful in a state without the rule of law.
[+] [-] implying|6 years ago|reply
[+] [-] redwards510|6 years ago|reply
[+] [-] plussed_reader|6 years ago|reply
[+] [-] helloindia|6 years ago|reply
[+] [-] Florin_Andrei|6 years ago|reply