Puncturing the Great Firewall of China

Nimble hackers have stayed one step ahead China's lumbering internet censorship apparatus. But how much can they really accomplish?

Wired magazine's fascinating profile of Alan Huang, one of the men behind a firewall circumvention tool called UltraSurf, opens with a scrape with the law. Among the events that inspired Huang to dedicate his time and money to ensuring Chinese citizens have a way to squeak through was his 1999 arrest during a visit to Shenzhen. The reason? He was a member of a peaceful but nonetheless outlawed spiritual movement.

It's precisely this type of arrest that is made possible today by China's closely controlled and monitored networks, and which Huang hopes to prevent with a tool called UltraSurf.

If you can ignore its purpose, China's internet censorship system is a technical marvel:

A censor—be it a government, school, or corporation—has several options for preventing people from visiting places on the web. The simplest is to block a site’s Internet protocol address, the numbers that identify the computer hosting the site. A similar trick is to block DNS names, the text versions of IP addresses. Both tactics place an entire website off-limits. More technically difficult is keyword filtering, which blocks any traffic—search request, URL, or email—containing specific words or phrases. The Golden Shield does all those things so well that China reportedly exports the technology to other authoritarian countries, including Cuba and Belarus.

This digital dragnet is supplemented by battalions of human censors, who sift through the readily available online correspondences of their fellow citizens for more subtextual red flags--seditious material that might not be evident to machines, but which might stand out to a person. This is particularly effective for analysis of text messages, which are loaded with slang and colloquialisms.

Huang's UltraSurf software is purpose-built to circumvent these tools, hiding users' traffic from the gaze of censors, both machine and human. It's essentially a system for sending users' traffic through proxy servers--remote computers that reroute and make anonymous connections to banned sites. American office workers may be familiar with more basic versions of such proxy sites, which allow access to sites like Facebook and YouTube through corporate filtering software.

But Huang's system isn't just meant to unblock fun sites, or racy material, or porn (though it can); it's a tool that's widely touted as a tool for political dissidents.

A similar tool called Haystack, designed by American Austin Heap, garnered a tremendous amount of press last year for its alleged use by dissidents in Iran, which has a comparably restrictive firewall system, and a history of using it to actively find and punish citizens. More recently, it was revealed to be a worryingly unsophisticated tool, full of enough security holes that it could actually endanger those who use it, rather than keeping them same.

UltraSurf is evidently more secure than Haystack, as evidenced by its extensive use in China for a number of years--Haystack was barely used, so its claims of efficacy were based on theory, not data. But it's just that--UltraSurf's collected data--that is problematic. Wired's reporter was able to take a glimpse at the service's logs without much trouble. He just asked:

Lines of text zoom by, showing thousands of IP addresses and web pages visited. A search reveals that only a tiny handful of users went to Falun Gong-related sites. Pulling out a few others at random, we see that somebody in Beijing visited Dolce & Gabbana’s site, somebody in Turkey hit Facebook, and somebody in the United Arab Emirates spent quality time at ShemaleTubeVideos .com

For most of its users, the prospect of losing anonymity isn't terrifying. They're using the service for fun, basically, and if it were to be shut down or hacked, they wouldn't be likely to suffer severe consequences, if any.

Dissidents and the oppressed also trust services like this with sensitive data, and for them, the stakes are much higher. UltraSurf has the potential to be endlessly valuable to those for whom free communication and organization is otherwise impossible. But one thing they can't responsibly claim to be is infallible. This seed of doubt is small, but extremely powerful--and a testament, more than any single technical aspect of their firewall, to the ruthless efficacy of China's war on free speech.

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica}

This post was originally published on Smartplanet.com