The Great Firewall of China

The History of Computing - A podcast by Charles Edge

Categories:

“If you open the window, both fresh air and flies will be blown in.” Deng Xiaoping perfectly summed up the Chinese perspective on the Internet during his 11 year tenure as the president of the People’s Republic of China, a position he held from 1978 to 1989. Yes, he opened up China with a number of market-economy reforms and so is hailed as the “Architect of Modern China.” However, he did so with his own spin.  The Internet had been on the rise globally and came to China in 1994. The US had been passing laws since the 1970s to both aid and limit the uses of this new technology, but China was slow to the adoption up until this point.  1997, the Ministry of Public Security prohibits the use of the Internet to “disclose state secrets or injure the interests of the state or society. The US had been going through similar attempts to limit the Internet with the Telecommunications Decency Act in 1996 and the US Supreme Court ended up striking that down in 1997. And this was a turning point for the Internet in the US and in China. Many a country saw what was about to happen and governments were grappling with how to handle the cultural impact of technology that allowed for unfettered globally interconnected humans.  By 1998, the Communist Party stepped in to start a project to build what we now call the Great Firewall of China. They took their time and over eight years but a technology that they could fully control. Fang Binxing graduated with a PhD from Harbin Institute of Technology and moved to the National Computer Network Emergency Response technical Team where he became the director in 2000. It’s in this capacity that he took over creating the Great Firewall. They watched what people were putting on the Internet and by 2002 were able to make 300 arrests. They were just getting started and brought 10s of thousands of police in to get their first taste of internet and video monitoring and of this crazy facial recognition technology.  By 2003 China was able to launch the Golden Shield Project. Here, they straight-up censored a number of web sites, looking for pro-democracy terms, news sources that spoke out in favor of the Tiananmen Square protests, anyone that covered police brutality, and locked down the freedom of speech. They were able to block blogs and religious organizations, lock down pornography, and block anything the government could consider subversive, like information about the Dalai Lama.  And US companies played along. Because money. Organizations like Google and Cisco set up systems in the country and made money off China. But also gave ways around it, like providing proxy servers and VPN software. We typically lump Golden Shield and the Great Firewall of China together, but Golden Shield was built by Shen Changxiang and the Great Firewall is mainly run in the three big internet pipes coming into the country, basically tapping the gateway in and out, where Golden Shield is more distributed and affiliated with public security and so used to monitor domestic connections.  As anyone who has worked on proxies and various filters know, blocking traffic is a constantly moving target. The Chinese government blocks IP addresses and ranges. New addresses are always coming online though. They implement liar DNS and hijack DNS, sometimes providing the wrong IP to honeypot certain sites. But people can build local hosts files and do DNS over TLS. They use transparent proxies to block, or filter, specific URLs and URI schemes. That can be keyword based and bypassed by encrypting server names.  They also use more advanced filtering options. Like Packet forging where they can do a TCP reset attack which can be thwarted by ignoring the resets. And of course man in the middle attacks, because you know, state owned TLS so they can just replace the GitHub, Google, or iCloud certs - with has each happened. They employ quality of service filtering. This is deep packet inspection that mirrors traffic and then analyze and create packet loss to slow traffic to unwanted sites. This helps thwart VPNs, SSH Tunneling and Tor but can be bypassed by spoofing good traffic, or using pluggable transports. Regrettably that can be as processor intensive as the act of blocking. Garlic routing is used when onion routing can’t be.  All of this is aided by machine learning. Because like we said, it’s a constantly moving target. And ultimately, pornography and obscene contact is blocked. Discussion about protests is stomped out. Any descent about whether Hong Kong or Taiwan are part of China is disappeared. Democracy is squashed.  By 2006, Chinese authorities could track access both centrally and from local security bureaus. The government could block and watch what the people were doing. Very 1984. By 2008, Internet cafe’s were logging which customers used which machines. Local officials could crack down further than the central government or tow the party line.  2010, Google decides they’re not playing along any more and shuts down their own censoring. 2016, the WTO defines the Great Firewall as a trade barrier. Wikipedia has repeatedly been blocked and unblocked since the Chinese version was launched in 2001 but as of 2019 all Wikipedia versions are completely blocked in China. The effect of many of these laws and engineering projects has been to exert social control over the people of China. But it also acts as a form of protectionism. Giving the people Baidu and not Google means a company like Baidu has a locked in market, making Baidu worth over $42 billion. Sure, Alphabet, the parent of Google, is worth almost a trillion dollars but in their minds, at least China is protecting some market for Baidu. And giving the people Alibaba instead of Amazon gives people the ability to buy goods and China protects a half-trillion dollar market capitalized company, in moneys that would be capitalizing Amazon, who currently stands at $1.3 trillion.  Countries like Cuba and Zimbabwe then leverage technology from China to run their own systems. With such a large number of people only able to access parts of the Internet that their government feels is ok, many have referred to the Internet as the Splinternet. China has between 700 and 900 million internet users with over half using broadband and over 500 million using a smart phone. But the government owns the routes they use in the form of CSTNET, ChinaNet, CERNET, and CHINAGBN but expanding to 10 access points in the last few years, to handle the increased traffic.  Sites like Tencent and Sina.com provide access to millions of users. With that much traffic they’re now starting to export some technologies, like TikTok, launched in 2016. And whenever a new app or site comes along based in China, it often comes with plenty of suspect. And sometimes that comes with a new version of TikTok that removes potentially harmful activity.  And sometimes Baidu Maps and Tianditu are like Google Maps but Chinese like the skit in the show Silicon Valley. Like AliPay for Stripe. Or Soso Baike for Wikipedia. And there are plenty of viral events in China that many Americans miss, like the Black Dorm Boys or Sister Feng. Or “very erotic, very violent” or the Baidu 10 Mythical Creatures and the list goes on. And there’s a China slang like 520 meaning I love You or 995 meaning Help. More examples of splinternetting or just cultural differences? You decide. And the protectionism. That goes a lot of different ways. N Jumps is Chinese slang to refer to the number of people that jump out of windows at Foxconn factories. We benefit from not-great working conditions. The introduction of services and theft of intellectual property would be a place where the price for that benefit is paid in full. And I’ve seen it estimated that roughly a third of sites are blocked by the firewall, a massive percentage and places where some of the top sites do not benefit from Chinese traffic.  But suffice it to say that the Internet is a large and sprawling place. And I never want to be an apologist. But some of this is just cultural differences. And who am I to impose my own values on other countries when at least they have the Interwebs - online North Korea. Oh, who am I kidding… Censorship is bad. And the groups that have risen to give people the Internet and rights to access it and help people bypass controls put in place by oppressive governments. Those people deserve our thanks. So thank you to everyone involved. Except the oppressors. And thank you, listeners, for tuning in to this episode of the History of Computing Podcast. Now go install ToR, if only to help those who need to access modern memes to do so. Your work is awesome sauce. Have a great day.