A report from the University of Colorado describe a weakness in Tor, a popular anonymity system and tool for getting around the Great Firewall. While it does take a fair amount of resources to compromise the anonymity, it is a cause for concern because it is significantly more feasable than previously thought. From their paper:

We show that an attacker can infiltrate the Tor network and can fully compromise the anonymity of a large percentage of users…

In our experiments conducted on our isolated Tor deployment consisting of 60 nodes, our attack was able to correlate over 46% of circuit-building requests through the entire network. This is a significant increase over the 0.70% analytical expectation assumed by many anonymity systems analysts… our attack performed far above expectations.

Here’s a summary and link to the Slashdot posting that brought attention to this.

Tor Open To Attack

“A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn’t verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network.”

UPDATE (Feb 26 08:03:36 UTC): After just talking to the folks at the Tor project, it seems the threat is not as large as the paper has declared. Roger Dingledine and Shava Nerad of the project are incredibly sharp folks and promise to come out with an official response soon.

I was also concerned the paper was only a CS department report from the U of Colorado, and not an accepted conference or journal paper, meaning that no fellow researchers or folks in the field have endorsed their analysis. Some of the comments on Slashdot also agree that these are not brand new issues.

A new site called GreatFirewallofChina.net tries to bring attention to Internet blocking in the PRC by allowing folks to check sites for reachability within China. While there are a number of flaws to their methodology (a single test cannot give the full picture) it will be interesting to see what their results are.

Happy Chinese New Year, all.

Day two of the Internet restoration in China, and connections remain very fast. Seems most everyone in the PRC is getting good speeds to sites outside the country.

Just two weeks ago, roundtrip times to Google.com and other California-based ISPs were around 600 milliseconds with significant packet loss. A test yesterday showed that those times are now much lower, at around 250 milliseconds. Downloads of podcasts audio files have been very fast. Where last week some podcasts would not even start downloading, today 25 Mbyte audio files were downloaded in about 10-15 minutes.

There is, however, some weirdness with some sites. Flickr.com now fails to load correctly, with some of the visual Web 2.0 components breaking. Seems that Flickr images being supplied from “yimg.com” are not making it through.

UPDATE: Flickr.com seems to have started working OK again on Tuesday.

Google’s Sergey Brin was at the Davos conference last week, and one of the big questions he faced was Google’s launch of Google.cn, and the decision to run a “censored” version for the mainland audience.

So I was puzzled when on back to back days, two very different takes came out of his appearance. CNN/Fortune provided a detailed interview where Sergey Brin gave more insight into the factors for starting Google.cn with censored results:

Google founder defends China portal

January 25, 2006: 4:51 PM EST

David Kirkpatrick reports: I got a chance today to talk briefly to Google founder Sergey Brin, sitting on a sofa in Davos’ Congress Centre, about a topic all over the papers today — Google (Research)’s decision to put up a site in China that accepts censorship. Brin says the decision was difficult, but made easier by discussions he had with Chinese human rights activists, including one he met at the Fortune Brainstorm Conference.

Brin: Essentially the great firewall is sophisticated enough that it would block connections based on sensitive queries. The end result was that we weren’t available to about 50 percent of the users. Universities can’t afford the international bandwidth, so for example students at Tsinghua University — and I saw this myself — had to pay in order to use Google, and I mean pay a lot, even 25 cents a megabyte, which would be unaffordable even by American standards.

This is nothing…there’s no malicious plan there, it just legitimately is a bottleneck that bandwidth is somewhat limited.

Fortune: It’s probably by policy also.

Brin: I don’t know. I don’t want to speculate. But anyhow the net effect is that all of our services…soon we will be largely unavailable. We ultimately made a difficult decision, but we felt that by participating there, and making our services more available, even if not to the 100 percent that we ideally would like, that it will be better for Chinese Web users, because ultimately they would get more information, though not quite all of it.

I met the guy at Brainstorm, I think his name’s Xiao. Just over the years I’ve been interested in this question, and talked to three or four different people in China. My point of view really did change. And don’t forget that I was born in the Soviet Union and my early childhood was spent there, so I’m very sensitive to this kind of issue. It wasn’t easy. But I gradually grew comfortable, and I think we’re doing the right thing.

Seems pretty clear Brin’s thinking process on this. But interestingly, the Guardian’s view was that Brin considered it a “net negative” for the company, and a strong headline heralded this:

China censorship damaged us, Google founders admit

Jane Martinson in Davos
Saturday January 27, 2007

Google’s decision to censor its search engine in China was bad for the company, its founders admitted yesterday.

Google, launched in 1998 by two Stanford University dropouts, Sergey Brin and Larry Page, was accused of selling out and reneging on its “Don’t be evil” motto when it launched in China in 2005. The company modified the version of its search engine in China to exclude controversial topics such as the Tiananmen Square massacre or the Falun Gong movement, provoking a backlash in its core western markets.

Asked whether he regretted the decision, Mr Brin admitted yesterday: “On a business level, that decision to censor… was a net negative.”

The company has only once expressed any regret and never in as strong terms as yesterday. Mr Brin said the company had suffered because of the damage to its reputation in the US and Europe. [Emphasis/bolding by me]

The ellipses “…” raise some questions about the context, and what was “yada yada‘ed” out of the quote. Brin said on a “business level” it was a “net negative.” He could simply be commenting on the cold financial analysis of the decision. Was it also pertaining to the greater reputation and prestige of Google? The Guardian seemed to think so, and interpreted it as “damage” and “regret.” They seem to be reading a lot into it. Perhaps too much.

It’s possible Brin is still 100% behind the decision, and accepts the financial “net negative” as the price. But I’m wary of how the Guardian painted the picture. The Guardian/Observer has a joint irrepressible.info project with Amnesty International, so they have been very quick to jump on the aggressive human rights critique to make a point. At the time, I was wary about the newspaper partnering with an advocacy group. This is exactly what I was worried about — putting activism into the mix starts to raise doubt about a paper’s ability to faithfully report the news.

As for Brin’s decision, it is interesting that talking to some “human rights” people helped him shape his current thinking. But I would suggest he should talk to more than just “three or four” folks about this.

Sergey, you can reach me at my Google Mail address. You know what it is.

After getting back to China on New Year’s Day, I noticed that the Internet connections have not come back as quickly as those in Singapore. After two days of spotty connections in the city-state, the net was largely back to very quick speeds. But here in Beijing, there are still many quirks.

In many cases, “triangle” routing seems to work better than direct connections. That is, using a VPN to a server in the US to redirect traffic often gave higher throughput than direct contact with sites.

For example, downloading Apple’s 10.4.8 OS update, at around 28 Mbytes:

• Direct connection from China Netcom (CNC) DSL to Apple.com : 58 minutes
• “Triangle routed” from CNC to VPN in US to Apple.com : 15 minutes

This could be due to any number of factors: the interconnection of CNC with the VPN provider might be better than that of CNC to Apple.com directly. This is likely the case. Another example of triangle routing doing better — Google Mail is extremely slow to access directly from CNC. But if I use a VPN or SSH tunnel, it is much faster.

But I also do wonder if certain chokepoints of the Great Firewall are affected by increased traffic suddenly being funneled through systems that weren’t designed for so much load. In that case, would the opaque encrypted VPN packets be shuttled across the GFW interface faster than transparent FTP or HTTP packets? Since it makes no sense to inspect an strongly encrypted packet, it may get passed along with less hassle. And since the GFW system works on filtering cleartext streams, might some outside connections be throttled?

One bright spot: I have good enough packet throughput to do a Skype videoconference with folks in Singapore. The video was not frivilous, as I visually instructed my 10-year old niece how to connect a new Canon photo printer to their PC. It was much easier to show her the USB A-to-B cable on video, than to describe it by phone. Chalk one up for videoconferencing.

If you’re really into the geek speak, you can see the following addendum…

(more…)

Despite still being widely blocked in China, Wikipedia still ranks high according to China Websites Ranking (中国网站排名). It’s the #1 online encyclopedia, and the #3 overall reference site.

This is actually quite surprising. It seems to indicate that even with the PRC actively blocking Wikipedia’s traffic into China, folks have sought out Wikipedia’s content over sites that are more easily available. We know the Internet has largely been considered an “entertainment and communication highway,” so let’s consider the general users of reference sites in China, namely students.

We’ve known for a while most college students in China are savvy enough to use proxy servers to skirt Internet blocking. It’s been thought they use proxies only on occasion, since firing up the software is such a nuisance. But it seems they may be bothering to do so when it comes to Wikipedia. That would be in sync with Wikipedia’s incredible popularity among high school and college students in the US. (Tell an American university student you’re taking away their YouTube, Myspace and Wikipedia, and they’ll likely complain the most about missing Wikipedia).

Another surprise — the folks who started the China Websites Ranking site include the State Council Information Office, which has a hand in the operation of the Great Firewall. So the SCIO’s own ranking shows that folks are getting around the blocks, and in large numbers.

ENCYCLOPEDIAS:

REFERENCE SITES:

Caveat: Though there’s not much information about their methodology, they say they have “experts” involved, and their tool looks quite like Alexa. So take it with some skepticism. Also, their numbers seem to be dated back to September of 2006, around the time that Wikipedia was unblocked for a brief period, so that may have skewed the results somewhat.

This week, Citizen Lab released the Psiphon tool for surfing the Net “freely and securely” by having trusted friends and family members run a special version of a personal p-r-o-x-y server via SSL. Its biggest advantage is that it does not require any client software whatsoever.
I’ll post a full rundown of the tool this week. It’s an impressive accomplishment that, while not the magic silver bullet, is another excellent utility for the tool chest.

At Danwei, Ann Condi has a nice roundup of the general “apathy” of Internet users in China about getting around the Great Firewall. It’s worth a read.

Those outside of China often imagine hordes of Internet savvy Chinese Web surfers scouring the Internet for cracks in the Great Firewall, avidly downloading precious snippets of information blocked by the government to disseminate among the circle of politically-aware Chinese cybernauts. The hope is that the Internet is having a transformative effect on China by allowing The Truth – or at least some essential truths – to seep into this tightly controlled information environment. And surely (the assumption goes) the vanguard in this process of “peaceful evolution” would be young, English-speaking urban professionals.

This image is largely a myth.

It’s not hard to see why. Most Chinese language content they seek is all inside the PRC and filtered by domestic companies because they are within the sovereign borders of the PRC.

As long as content does not hit on the sensitive topics, Chinese surfers can get through to international sites. But cleverly, the PRC government always returns a technical error (ie. “TCP connection reset”) which makes it hard to determine if it’s an intentional block. The other day, a media executive and Chinese national referred to the no-no words as 3T1F, which I thought was a nice succinct way of putting it:

But would life without censorship necessarily “free” Chinese minds? Would they start clamoring for the truth?

Consider this: American web surfers have a completely unfiltered Internet, but they’re mainly using email, Youtube, Myspace, sports, entertainment and news sites. Being free of technical censorship, however, does not necessarily make for an informed populace.

• Americans are oblivious to similar historical ulcers, like the illegal annexation of Hawaii and overthrow of the monarchy by rich American businessmen backed by the US military.

• Most citizens know nothing about the CIA staging a 1953 coup to remove democratically elected Mossadegh in Iran. You want democracy in the Middle East? Well they had it. The U.S. usurped it.

• How about the disgraceful working conditions in the U.S. Commonwealth of the Northern Mariana Islands where U.S. minimum wage does not apply, and with sweat shops and child prostitution a common sight? Congressmen in the U.S. actively sought to keep Saipan in third world status to exploit the cheap labor and dreadful working conditions.

What’s the point? It’s easy to see the splinter with the Great Firewall when there is a log in your own eye.

Of course we’d like to see a day when China’s Internet can become more open for the benefit of Chinese and for the benefit of the world. I’m confident that will happen sooner than later. I’ve already made the case that participation from PRC users would be great for the global community.

But being jingoistic and simplistic about it is problematic, and even harmful. The moral righteousness exhibited by many Western countries and NGOs trying to push for change is enough to make even the most staunch critics of censorship within China wince in disgust.

Chinese Wikipedia was widely blocked again in China on Friday, November 17, somewhere between 9am and 10am China Standard Time.

New registrations took a dive after that point, but, curiously, they are still much higher than before October 10 when a full block was in place.

Here are some averages:

• Before Oct 10: 400 new users/day
• Before Nov 9: 600 new users/day
• Before Nov 17: 1300+ new users/day

But the registration numbers since the “reblocking” are still very high, despite the widespread reports Wikipedia is largely inaccessible in PRC. I have not heard of anyone from any municipality or ISP being able to get through to zh.wp successfully. But look at some numbers for the days ending:

• Nov 18, 0000 UTC: 764
• Nov 19, 0000 UTC: 589
• Nov 20, 0000 UTC: 811
• Nov 21, 0000 UTC: 826

So this is quite curious - the new user numbers have not dropped all the way back to pre-October 10 days of a full block. In fact, these numbers are still much higher than after the first unblock. Without more information about new registered users’ source IP address, we can only speculate.

It’s possible the news coverage of the unblock/reblock has led folks to visit Chinese Wikipedia from other locations outside the PRC and register. I don’t think that alone explains the large numbers. It is possible there are still folks in the PRC that can access Chinese Wikipedia and are still registering.

An update late Saturday, early Sunday: Wikipedia is still inaccessible for most everyone in PRC. The current block is actually a bit more restrictive than before October 10, since any mention of the string “zh.wikipedia.org” in any URL seems to be blocked.

For example:

http://www.google.com/search?q=zh.wikiepdia.org

will not go through, and will get you a “Connection reset” error.

I’ll try to post some more statistics later.