top | item 36533458

(no title)

__sy__ | 2 years ago

I’ve done so much experimentation with GFW pre pandemic while staying in China for extended period of times. I was always amazed at how quickly they would catch up on my shadowsocks, random ssh tunnels…etc. 48 hours top before I had to rotate IPs. This report seems to indicate this is now instant?

Fwiw My most reliable trick ended up piggie-backing off of a physical line going into Hong Kong from Shenzhen, and when roaming around China, using a vpn to get to that shenzhen gateway. As far as I can recall, that always worked. This led me to believe that most of the vpn traffic analysis (and blocking)was done at the edge of the GFW and not inside of it. Again, this could be outdated by now.

discuss

apatheticonion|2 years ago

I tried to setup a shadowsocks server to bypass the GFW about 2 weeks ago. Server was hosted on my local network in Australia (with public IP), client was connecting from China (using the server IP).

It was blocked immediately and the client could not connect. I had several unknown IPs try to connect prior to the attempted connection.

I was stunned at how water tight the GFW is, it's really unfortunate as I would love to work/travel through China but cannot due to needing an active internet connection.

__sy__|2 years ago

Yeah pdf of report says that blocking is instant as of 2021. Also completely agree with the need for an active connection to do work. A lot of the software/hacker devs I knew have left China all together in the last 3-4 years. Inability to look up stuff reliably (even on working VPN providers) was one of the reasons cited by a few.

throw_19cn1k3|2 years ago

A fellow Aussie currently in China, a Trojan [0] server has been working fine for the last week I've been here. I've got it hosted through a VPS (smaller provider) in LA. While it's a bit of a pain to setup, reliability has been pretty decent (with occasional? short breaks) and definitely useable - my laptop is connected 24/7 and I can access the unfiltered web, including video, just fine. V2ray also supposedly works quite well, but I haven't looked into it.

[0] https://github.com/trojan-gfw/trojan

fundatus|2 years ago

Last time I went to China (2018) you could simply get a China Unicom Hong Kong SIM card and then use that to roam in mainland China. With that you'd get the Hong Kong censorship level, which is much much less restrictive. No VPN or anything needed apart from the SIM card itself.

m-p-3|2 years ago

I run https://snowflake.torproject.org/ in my browser as my way to help.

Grimburger|2 years ago

That's a massive shame because shadowsocks has been the only real reliable method for a long time.

I used it successfully when I was in mainland China while VPN's, even the ones boasting they could get through the GFW were all hit or miss.

gruez|2 years ago

There's a more straightforward way: roam with a foreign sim card. Roaming traffic is tunneled to your home telco and for whatever reason the tunnel isn't inspected at all. With the advent of esims you can buy a roaming sim and use it on your phone within minutes.

Roark66|2 years ago

Can you activate it while abroad though? After I moved away from the UK I still had to have a UK mobile phone for various things. My UK sim would stop working after about a year away. When buying a new one I had to get someone in UK to put it in their phone to let it at least once connect to the home network. Without it the card would be useless. Is using foreign sim cards now easier?

ehhthing|2 years ago

GFW only looks at connections with destination IPs outside of China, the private fibre line bypasses it entirely.

traceroute66|2 years ago

> the private fibre line bypasses it entirely

Well, I'm sure the Chinese are tapping it. ;-)

Its more that they are just not actively acting on the content.

narism|2 years ago

MS and other vendors recommend doing something similar (connecting via Hong Kong): https://learn.microsoft.com/en-us/azure/virtual-wan/intercon...

jiggawatts|2 years ago

Meanwhile Microsoft refuses to implement TLS 1.3 in their CDNs so that HTTPS-VPNs can’t be blended in with other Microsoft traffic.

“You should…” from any large corporation translates in my mind to “…because we certainly won’t.”

gaoshan|2 years ago

Many years back I was running a socks proxy for access while in China and I found that it worked great in Shanghai but was rapidly blocked (or degraded in some fashion) in Hangzhou. That seemed internal and not edge but I do no really know how they were interfering with it. Given Hangzhou's tech expertise it just may be the ISP there was more capable and up to date?

kccqzy|2 years ago

Was there an international event in Shanghai at that time? If they expected a large number of foreigners in a particular region they would relax the censorship in that particular region. They could even do it per hotel room where hotel rooms booked by foreigners automatically have lesser interference between GFW.

jszymborski|2 years ago

I wonder if the whole tor obsf4 and snowflake business works with the GFW.

rfoo|2 years ago

Yes but they are unfortunately targeted more than other censorship circumvention tools. Since everyone knows Tor/Obfs4/Snowflake it's easier to get your research published if you work on detecting that.

EGreg|2 years ago

Why don’t they just detect and block all VPNs? In Dubai, that’s what seemed to be happening

physicles|2 years ago

They certainly could, but I assume there’s an understanding among officials that to do so would cripple certain sectors of the economy. Certain kinds of work would grind to a halt. I’d wager that a majority of non-Chinese residents would leave the country.