Comment by AnthonyMouse

Comment by AnthonyMouse 3 days ago

2 replies

View on Hacker News

> The GFW autodetects and blocks a truly impressive number of tunnel encapsulation schemes, VPN’s, etc. and blocks a wide variety of proxy attempts.

They made a list of tunnel systems that don't attempt to disguise themselves and then blocked them. That's not really that hard, and it meanwhile causes lots of innocuous things to be blocked. There are uses for a tunnel other than bypassing censorship.

The hard thing is to block the ones that actively attempt to look like something they're not, and release updates to change their profile whenever the authors notice it being blocked, while still allowing the thing they're attempting to look like.

> It also auto detects ‘problematic’ content in near realtime for a huge swath of things. It does deep packet and content inspection, including of a bunch of encrypted traffic that it really shouldn’t be able to.

All of this is assuming the content is being distributed unencrypted or is otherwise leaking its contents through e.g. having a specific data length, none of which an encapsulation method is required to expose.

lazide 2 days ago

Sure, that’s why saying things like Tianmen square - over voice audio - in a game with an encrypted connection to the server gets everyone’s connections in China severed, even when the game servers are in another country and the game company has nothing to do with it.

The GFW is run by the definition of a Nation State Actor/NPT. They’re not perfect, or omniscient, but they aren’t fools or incompetent either.

And knowing all the people taking the ‘totally secret’ backdoor is not even a complex trick.

Folks like the NSA in the US have to stay in the shadows, and have a tiny budget and population to draw experts from. What do you think happens when they get to be direct, obnoxious, AND somewhat public in a national pride kind of way?

Reply View 1 reply
  • AnthonyMouse 21 hours ago

    > Sure, that’s why saying things like Tianmen square - over voice audio - in a game with an encrypted connection to the server gets everyone’s connections in China severed, even when the game servers are in another country and the game company has nothing to do with it.

    You're describing something that seems like an urban legend/coincidence. What technical means are you suggesting they're using to determine the contents of a voice chat over an encrypted connection?

    > And knowing all the people taking the ‘totally secret’ backdoor is not even a complex trick.

    That's assuming it can be distinguished from ordinary traffic.

    If your device goes direct when you want to read the Wikipedia article on the Streisand Effect but you also have a browser that proxies traffic through a random AWS VPS in Virginia when you want to read about something they don't want you to know, how are they supposed to tell that the latter is that and not just a regular arbitrary third party webserver?

    > Folks like the NSA in the US have to stay in the shadows, and have a tiny budget and population to draw experts from. What do you think happens when they get to be direct, obnoxious, AND somewhat public in a national pride kind of way?

    It becomes easier to find way to thwart what they're doing because any random device can be used to determine if or how something is being blocked instead of only the devices of high-risk people who can't afford to test the fences.

    Reply View 0 replies