What is Digg?65 Comments
- TetsuoSama, on 10/12/2007, -1/+33It was probably made in China.
- Tkkt, on 10/12/2007, -0/+21And that was the last comment ever seen by the person who goes by 'RestlessDream'. ;)
- bobothn, on 10/12/2007, -3/+21I dont know about it being the most sophisticated system maby the one that affects the most people.
- RestlessDream, on 10/12/2007, -0/+16ha, i'm in china mainland. even wikipedia is "forbidden" from access...crack it~
- MacGyver, on 10/12/2007, -2/+17I'd rather see the creators do what they're doing now, hindering oppressive governments, before worrying about speeding up bittorrent downloads.
- jer2eydevil88, on 10/12/2007, -1/+13Chinese government is nothing more than an opressive regime that has its roots in communism and doesn't really have any claims left in that.
- theblooms, on 10/12/2007, -8/+19Kill a commie for mommy!
(Back in High School in the '80's I actually had a T-shirt that said this!) - nailbunny, on 10/12/2007, -0/+10carcinogen. it provides the energy that builds the carbohydrates and lipids in your ramen.
- Agret, on 10/12/2007, -0/+9bittorrent has encryption support now, use utorrent
- pbjorge12, on 10/12/2007, -1/+9This sounds like an SSH Tunnel...
- inactive, on 10/12/2007, -3/+11that's awesome, keep it up UT.
- bbeahm, on 10/12/2007, -1/+9I wonder if this could be used here in he US to end ISP's from packet shaping and blocking VOIP and Bit Torrent?
- theplant, on 10/12/2007, -1/+9In the future we will learn the Great Firewall is just a HOSTS file constantly being updated on a computer connecting China to the world
- chil2c5, on 10/12/2007, -0/+7This assumes a rural Chinese farmer is going to have no problem building a trust network of family and friends in countries like Canada. 'Tor' might be a better alternative as it provides the benefits of both mixes and proxies and already has a large 'trust network' to tap in to. It's not quite ready for full-scale China implementation yet (not enough exit node bandwidth available), but it could be soon:
http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
http://tor.eff.org/ - redrob, on 10/12/2007, -1/+8Marxism and communism as it has been realised in the contemporary world actually have very little in common. Also last I checked Chomsky poses alot of questions about the organisation of contemporary western societies and what those nations are doing to the world, but he's not a communist. As with most things, there is not a simple dichotomy.
- richardiscool, on 10/12/2007, -4/+10So, "He puts down his Che Guevara mug", then continues to fight communism?
Man, is this guy confused. - Derrekito, on 10/12/2007, -3/+9Haha this is awsome, wonder what they will do if they get what they want.
- nailbunny, on 10/12/2007, -1/+7i think tkkt has distilled the essense of the issue. che's become a mythical cartoon santa claus of revolution. lots of rage against the machine fans tooling around knowing little more than that they like him.
- mattmac24, on 10/12/2007, -1/+7ok after reading the documentation on this program, in my opinion, this whole concept is flawed.
Basically there making a system where by if a URL such as "http://remote-address:443/url="www.google.com" and becuase it is using https the chinese government wont be able to see what is on this page....YaY...goal acheived, they cant filter out by url (because the url is not "www.google.com") or by searching the page for "democracy" because the data is encrypted using some form of self signed cert.
but nowere does it mention anyway to stop the firewall from simply searching witin the url (http://Remote-address:443/url="www.google.com) for the term "google.com".
i mean even my school uses this method for stopping us accessing stuff (like porn, etc.) that they dont want us to.
if i goto "www.google.com/sex", the filter will block the request, it dosnt care about the actual page, it sees that "Sex" is a black listed word, so it blocks it.
this system is not going around the "great firewall", simply finding a way to go through it, until they patch it
also what happens if china decides they are going to only allow http requests to an actual domain name, not an ip address, if china ever do that, this entire system is screwed, of course you could list all the proxies in a dns server, but that costs money, and if you just use sub domains, all china need to do is block the domain.
i would really like to say "congratz" to the "hackers" for going to all this effort, but reality is, it is not going to work. You cannot encrypt a url and then pass it through a gateway and expect it to still arrive at its destination because how is the gateway meant to forward or pass on what it cannot read?
another point: how is a remote chinese farmer meant to make friends with a canadian? and after that is done, how is the chinese guy meant to get his friends IP without being noticed?
Matt - Tkkt, on 10/12/2007, -3/+8el Che is an icon of socialist revolutionary movements. He's about fighting against the powers that be. Forget who he fought for.
- mrASSMAN, on 10/12/2007, -3/+7no.. definitely both. most sophisticated and affects the most people.
and it was all done with the help of american companies. aren't we so nice.. - jabab, on 10/12/2007, -0/+4What is this "sunlight" the article speaks of?
- richardiscool, on 10/12/2007, -1/+5I think you'll find that Che Guevara was supportive of Chinese communists, which Castro didn't like, so he "disappeared".
- richardiscool, on 10/12/2007, -0/+4Many do, but the Chinese government always get hold of the lists of proxies, and block them, whereas with a trusted network, the idea is that the government don't get the list.
- blahblah, on 10/12/2007, -0/+3You don't understand how HTTPS works. First the browser connects to remote-address.com port 443, then it initiates a secure (encrypted) channel. Then, over this encrypted channel, it sends the remaining part of the URL, the part with the request to load google in it. A firewall will not see the request to load google as it will be encrypted. You can verify it works this way by checking the https protocol information using a sniffer. The only clear text will be for remote-address:443
The only way to block this would be within the browser or OS (TCP stack). This is probably beyond the capability of a government to do in general (ie, in all cases), but could be effective against a majority of users. Force all software vendors, computer sellers etc to include special code to block URLs in the browser, and/or force users to install government mandated software before allowing connection to an ISP. - redrob, on 10/12/2007, -1/+4He's not fighting communism, he's attempting to circumvent repressive regimes ability to control the flow of information into their societies. True communism has yet to be realised in the world, communism was about the withering away of the state and thus government.
The repressive regimes of China and formerly of the USSR were not communist. They were not the type of society as envisaged by Marx, or later by Lenin and Che. While Tkkt has a point that Che Guevara has become the iconic poster boy for all things anti establishment, it is worth doing some reading regarding what the ideals of communism actually were. You may not agree with them, you may find them as flawed, but they were never about repression and stemming the flow of information to a society ... the fact that this seems to have happened in most of the large scale attempts to adopt communism highlights the fundamental problem with the concept of how societies are meant to convert to communism. - The_Decryptor, on 10/12/2007, -0/+2Ever heard of VPN's?
It sounds like this program is just a VPN between friends, and i don't see why you cant proxy DNS over that. - swagy, on 10/12/2007, -0/+2I was fascinated by the article, and I too was momentarily confused by the Marxist reference, but like all good anarchists he does not believe in any goverenment controlling the flow of information.
My take on this is that it is an important first baby step in providing the world an unfiltered view of the vast array of opinion and beliefs outside their own countries, more power to them.
I digg it. - UberNick, on 10/12/2007, -0/+2mattmac24
You're questioning the right things. That skepticism is necessary for *really* understanding this kind of stuff.
The 'picture' idea I mentioned is just a way of obscuring text. Direct encryption would be more efficient and more secure. Now since protocols for making financial transactions have encryption built-in, the programmers are using this means to transmit data.
Simplified description:
When you're sending your credit card number to a merchant, no outsiders can read what's being transmitted. The math behind how it works is fun, but outside our scope right now. The idea behind their program seems to be "what if instead of sending credit-card numbers, we send coded text from web pages?" Since censors can't decipher the CCs, they won't be able to tell the difference between a person buying something online and another person browsing censored sites.
You're right that if they could track down a user who is re-transmitting the censored sites, they could just block that IP. Well, the program seems to work by shifting the transmission responsibility between a network of people, and chaining communications to hide original transmitters. If one link in the chain was broken, the software would automatically create a new chain. With enough of these networks, it would be impossible to track them all down. And if you can't tell the difference between online merchants and data-retransmitters, wouldn't you have to shut down access to all 'untrusted' online stores? Like I said before, not even elementary schools, let alone countries, can operate under blanket-bans like that.
You said that bouncing the information off proxies may be slow. Well, with sophisticated software it doesn't have to be. The whole internet works by bouncing communications through a series of networks, with data automatically finding its path. Open a command shell (start menu->run->cmd) and type 'tracert google.com' to see how many computers you have to bounce off of before you can communicate with google. Over a dozen hops can take less than a few milliseconds. Skype does the same thing and adds an encryption layer so quickly that you can hold real-time conversations on it. New techniques are making this work better than ever, but you're correct in thinking that a chain of proxies, in practical use today, usually slows down communication.
Now, the professors definitely have their work cut out in teaching their students to implementing CS and communication theories into the program. The kids working on this stuff are truly learning to be computer scientists, not just code-monkeys. I'd consider it a worthwhile and academic venture.
Hopefully you can think of more 'but what if...' scenarios. For now though, I have to get ready for an exam in 3 hours that I need to pass if I want to graduate this Friday. :-) - Baal, on 10/12/2007, -0/+2"Unlike most Internet traffic, Psiphon data is encrypted and shoots around the world on a network reserved for secure financial transactions, so a censor cannot see what the person is accessing. And a censor wouldn't be able to tell a Psiphon request from a MasterCard purchase."
Sounds more like SSL to me. - JudgeDredd, on 10/12/2007, -0/+2It is so easy to get around it. I used to run a site dedicated to how to use proxy servers, etc. to defeat the Great Chinese Firewall. I got blocked within a year, so I changed the address. Blocked again withing 6 months. My Singapore based site was also blocked due to some nasty anti-CCP stuff that was being constantlly posted. Tech savvy Chinese know all about how to use the internet to read real news instead of People's Daily (hence the crackdown on internet cafes).
Yes, the last time I applied for a Chinese visa I was denied. - inactive, on 10/12/2007, -0/+2Well, if Chinese nerds can pretty much access any information while the remaining population sees only what the Chinese government wants them to see... Then the solution is to marginalize nerds and relegate them to subhuman status like in America. It won't matter what information the nerds leak to the others, they won't be trusted. Win!
- Osjpr, on 10/12/2007, -3/+5doomed to fail. they are being way overhyped
- meleeglow, on 10/12/2007, -0/+1I highly doubt that they would give out all of the info to prevent easier reverse engineering, I don't know, I'm just spiff balling.
- mattmac24, on 10/12/2007, -0/+1ok so after his made friends with a canadian....how is he meant to get the IP address of his new friend?
using DNS wont work,
and if his using a dynamic IP things just get harder.
and even if that problem is solved....as i said above, the whole system is flawed - meleeglow, on 10/12/2007, -1/+2Kudos to some one looking out for other people, when geeks are looking out for geeks(or all people opressed by the "Great Firewall of China") they don't know,KUDOs. Ithink we all should digg and raise an awareness, even if you have a problem with the story or tech involved.
DIGG
Today digg then diggnation then the world mwahaha - starmanjones, on 10/12/2007, -0/+1people were giving google trouble for selling out to china. but... they knew... and YOU knew that this is what was going to happen if they just got the door open a crack.
- nailbunny, on 10/12/2007, -2/+3gotta know a guy who knows a guy
- mattmac24, on 10/12/2007, -0/+1Its all spelled out exactly how in a pdf file from the link at the top of the page,
it doesnt leave much to the imaginataion. but i can see what you mean, why they would put all that info on there website is a mystery to me too.
Matt - blahblah, on 10/12/2007, -0/+1mattmac24 - in response to my previous response, you said "then by blocking the domain name of the remote host they could then block this, correct?".
Yes, this is correct. But they would have to know the domain name/IP address to block. The idea behind this project is that the person using this software already knows someone outside the firewall who is running one of these proxies, and gets the address from them. If authorities discover it as well, it can be blocked. But simply connecting to the equivalent of "myshoppingcart.com" (which, for example, is the proxy, made to look inocuous) will not draw attention, and subsequently getting restrictred documents via this proxy won't draw attention either, as that cannot be detected due to the encryption.
The idea works only if you presume there is already a covert channel between the two parties in which the proxy address can be communicated. The general concept is called a darknet. - nailbunny, on 10/12/2007, -3/+4if tubgirl is any indication, they're still at work
- mattmac24, on 10/12/2007, -1/+2ubernick3: ok so i guess that would work, i didnt actually ever think of actually sending pics back to the user, and i spose it would be possible to communicate back to the proxy what youve clicked on by usin the x,y co-ordinates of the mouse on the image.
that sounds far more likely to work then the method these people developing the prog are using.
but there is still one thing im highly doubting will actually work, accessing the remote proxy, you still need to connect to it using a ip address by simply blanketing all connections directly to an ip address you could stop this.
your right, there are billion ways to do anything, and the sensors will always be one step behind
ok so bypassing the firewall is possible, however slow it may be, that method sounds feasible.
i still say the method these university prof's are trying will not work.
but thats just me, im stubburn...accept it
lol
Matt - UberNick, on 10/12/2007, -0/+1aren't they canadian?
- UberNick, on 10/12/2007, -0/+1@mattmac24
It's much more sophisticated than that. Though I don't know the exact workings of their system, there's no limit to how creative you can get when bypassing firewall and censors.
For instance, let's say you want to get past your school's censors. Install a program on your home computer that allows remote access, say through a web interface. There's currently software to do this. Now the only information you'd be sending is mouse clicks and keyboard input- which could be scrambled. Now all your home computer is sending back the school computer are jpg images of the web site it's visiting. In order for sensors to have any idea what pages are being viewed, they'd have to scan every image being sent and find/analyze text being shown on it. But even if they go through all of that work, there's unlimited channels to transmit it through and unlimited obscuring techniques. Because of the creativity element, censors will always be one step behind. They not only have to first discover what's being used, but also how to block it-- if that's even possible.
The only way to stop people from coming up with these new techniques is to simply filter all transmission protocols except http, then restrict access to everything except a finite list of trusted sites. Considering how impractical this would be (bye bye email, voip, im, etc) China could never do it. Even elementary schools have trouble functioning with limits like that.
@meleeglow
There wouldn't be real security unless their algorithm and methods were analyzed, tested, and exposed to attacks. Look at RSA encryption, for example. TFA makes it sound like the only way to block the program would be to block the entire protocol for making financial transactions. If this is true, it would be too impractical to restrict the entire country from ever buying anything online. If there is a way to block it, it's better having the whitehats find out first then figure out a way to fix it. - expertblogger, on 03/16/2008, -0/+1'Tor' might be a better alternative as it provides the benefits of both mixes and proxies and already has a large 'trust network' to tap in to. It's not quite ready for full-scale China implementation yet (not enough exit node bandwidth available), but it could be soon: afterall Their government did nothing to stop such an attack on the Chinese even though everyone clearly knows about it now. These idiots went around bragging about what they are doing so everyone knows who they are...you think the Chinese Government isn't going to take action to prevent it? http://tubaslivre.info http://vuggytapis.info http://wailstable.info http://whealyamen.info http://whiptkonks.info
- inactive, on 10/12/2007, -0/+1Old story but diggworthy nonetheless. DUGG
- mattymcg, on 10/12/2007, -2/+3Terrific article. I remember visiting Japan 10 years ago when they used to pay someone to block out pubic hair from porn magazines. The Internet certainly changed that and those govt-employed censors (what a job!) are now out of a job. The Chinese have a right to view porn as much as anyone. Go U of T!!
- zonemen, on 10/12/2007, -0/+1Yes they do. However most connections are just dial-up, and only the richer people have them.
They've blocked the use of HTTPS/SSL altogether... - zonemen, on 10/12/2007, -1/+2"China's "Great Firewall," the most sophisticated Internet censorship system in the world."
Is it? Has this been proven? Like have they compared to the one in say, Myanmar? A country ruled by the military... - tidejwe, on 10/12/2007, -0/+1I see good and bad sides to this. The good sides are mostly obvious, so I will deal with the downsides. If the firewall is hacked, it would only be broken on a temporary basis, and would be re-written and harder to bypass in the future. Also, this could be considered an act of war, and the Chinese could demand their government extradite them (turn these guys over) for trial, etc...to avoid war with a nuclear super-power Canada might have little choice...afterall Their government did nothing to stop such an attack on the Chinese even though everyone clearly knows about it now. These idiots went around bragging about what they are doing so everyone knows who they are...you think the Chinese Government isn't going to take action to prevent it? They wouldn't be hard to track down...they already told everyone where they're located (idiots). If worse comes to worst, and the Chinese government can't stop the firewall breaches, you think they'd simply give up? We're talking about an evil vicious dictatorship...they wouldn't give in, they'd modify the rules of the game. The Chinese government could simply make ALL internet access illegal and that'd keep people from not only reading stuff about freedom, etc but from reading ANYTHING. Oh yeah...that'd really help the country out if they had to resort to shutting off ALL internet access instead of simply "Limited" internet access.
I think the downsides far outweigh the benefits.... -
Show 51 - 65 of 65 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is