On Monday, 23 January 2017, the Chinese government has announced its intention to crack down on unauthorized virtual private networks (VPNs) in an effort to more easily regulate the Internet within its borders. For years, what has been known as the Great Firewall of China (GFW) has blocked Chinese citizens from accessing the Internet in ways that most of us take for granted. It uses several different methods of either obfuscating or outright blocking Internet traffic going out of and coming into the country ruthlessly.
Our question now is whether a crackdown on VPNs can actually succeed and what most Western tech outlets get wrong about the GFW in general.
How the Great Firewall Works
China’s Great Firewall project has evolved over the years, adding several layers of detection algorithms as encryption technology marched forward. Its most common method of intervention is through deep packet analysis of all traffic leaving the country. If it finds a request to a website whose access is forbidden by the government, it is blocked. It also scans for behavioral patterns found within packets, detecting what kind of protocol is being used and intervening when it finds something that does not fly well with authorities.
As a side note, the GFW has also been known to use DNS poisoning (i.e. making a URL point to an “incorrect” IP address) to redirect Chinese citizens to more “appropriate” websites.
The crackdown by the Chinese government mentioned earlier is an attempt to consolidate the power that the GFW has over the country’s airwaves, stopping citizens who try to circumvent it using international and unauthorized VPNs. Only enterprises who have been given special permission by Chinese authorities would receive an exemption from this rule.
Would the Crackdown Be Successful?
This all depends on what you define as successful. In all likelihood the GFW will be able to block traffic on most channels, but there will always be moves from other parties to mask the traffic specifically to circumvent any censorship attempts. This potentially makes VPN traffic difficult to detect.
Also, “secret” TOR nodes configured to run with certain bridges can still circumvent these methods with ease. There will never be a one-hundred percent guarantee unless the Chinese government has some magic wand we’re not aware of that can stop all unlawful traffic overnight. Let me make one thing clear: I’m not saying that this won’t potentially present a large blow to online anonymity in China.
Wait, the Great Firewall Blocks Tor?!
Much to the chagrin of TOR enthusiasts and most Western tech outlets, onion routing isn’t necessarily the most reliable way to circumvent the firewall in China. Their deep packet analysis methods can detect the “handshake” you make with a TOR node and then proceed to block it forever. Unless you fragment your packets to confuse the detector (and everyone else who connects to it does the same thing), the possibility of using that exit node is gone forever. Even VPNs that are meant to circumvent censorship end up being blocked by this manner of detection.
The most reliable way of getting around the firewall is by not being in China. Second to that is finding a protocol or specific VPN application that doesn’t operate in a way that is readily recognizable. In short, China is smarter than most of the media says it is.
What do you think will happen over the next five years in terms of censorship and the fight against it in the Chinese web? Tell us what you think in a comment!