China Tries To Block Encrypted Traffic

from the collapsing-the-tunnels dept

During the SOPA fight, at one point, we brought up the fact that increases in encryption were going to make most of the bill meaningless and ineffective in the long run, someone closely involved in trying to make SOPA a reality said that this wasn’t a problem because the next bill he was working on is one that would ban encryption. This, of course, was pure bluster and hyperbole from someone who was apparently both unfamiliar with the history of fights over encryption in the US, the value and importance of encryption for all sorts of important internet activities (hello online banking!), as well as the simple fact that “banning” encryption isn’t quite as easy as you might think. Still, for a guide on one attempt, that individual might want to take a look over at China, where VPN usage has become quite common to get around the Great Firewall. In response, it appears that some ISPs are now looking to block traffic that they believe is going through encrypted means.

A number of companies providing “virtual private network” (VPN) services to users in China say the new system is able to “learn, discover and block” the encrypted communications methods used by a number of different VPN systems.

China Unicom, one of the biggest telecoms providers in the country, is now killing connections where a VPN is detected, according to one company with a number of users in China.

Of course, there are countless ways to encrypt traffic, so all this really does is spur a cat and mouse game — and the best that can be done is having the system block any traffic that it can’t understand. Of course, once you go that far, you’re in for a lot of trouble, because there’s just a ton of legitimate content you’re going to block, pissing off a lot of people. Also, as this game goes on, it’ll just spur people to encrypt traffic in a matter that looks identifiable, but which really is not identifiable. Fighting against encryption is a game that can’t be won in the long term.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “China Tries To Block Encrypted Traffic”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

Do you really believe that the copyright marximilists are going to force the US government and US companies to give up the use of sending email and documents etc by encryption over the internet all for the sake of a new law of banning encryption on the internet in order to combat piracy. Yep you guessed it they will and in doing so will make it very easy for hackers and terrorists to read the US governments unencrypted email and documents being sent over the internet.

Tim Griffiths (profile) says:

Re: Re: Re:

I think there as a bit of reducing to the absurd there but honestly I wouldn’t put it past them to try with “exceptions for legitimate use”. It’s increasingly clear they are simply ready to burn everything down around them rather than give up what they have or try to change. It’s just sad that something that is a relatively minor part of the economy has powerful enough lobbies that it’s already screwing up other sectors on the back of this.

Zakida Paul says:

Compromising encryption would be a disaster for every business on the planet.

What potential customer will do business with a company who cannot secure their payment data?

China are digging their own grave here. In their efforts to control what their citizens do online, they are making the country look like a terrible place to do business.

Anonymous Coward says:

During the SOPA fight, at one point, we brought up the fact that increases in encryption were going to make most of the bill meaningless and ineffective in the long run, someone closely involved in trying to make SOPA a reality said that this wasn’t a problem because the next bill he was working on is one that would ban encryption.

I believe it was not banning, but regulating encryption. Sort of like concealed carry. You have to demonstrate a need. Nation security, terrorism, ya know.

Anonymous Coward says:

Re: Re:

You have to demonstrate a need. Nation[al] security, terrorism, ya know.

According to the US gov intellegence, “communication” itself is a “national security, terrorism, ya know” issue, so for once, the government’s interpretation of law may work in our favor.

Maybe we can make them look as foolish as the MPAA in a can’t have it both ways trap?

Anonymous Coward says:

I don't see how it could work...

Banning encryption or making it hard/impossible to use proxies/VPN is possible ONLY if a new standard is implemented globally where no person can be allowed to be administrator on their own computer.

Even trying is highly likely to remove every business relying on VPN’s, cloud services and proxies from the market IMO. Https has to go as well so say fare-thee-well to any service using encrypted login. Banks, amazon, online franchises, personal cloud storage and so on.

Colin (profile) says:

Re: possible to hide a VPN or bittorrent

Actually, I was thinking that since I never had any trouble downloading torrents while I was living in China, I suggest that VPN people could change their protocols to make the traffic look like torrent traffic. This would bypass the blockage and as a bigger bonus, those accused of piracy by the MPAA and other criminal organisations could just smile sweetly and say “sorry, you must be mistaken I was simply connected to the secure tunnel to my place of work – your detection software must be broken”.

OldMugwump (profile) says:

Perhaps it had to come to this...

This is the culmination of at least 35 years of official concern about the effects of personal computers.

I’m old enough to remember. As soon as computers became affordable to individuals in the late 1970s there was talk about “licensing” computer users. Talking Heads even wrote a song about it (Life During Wartime).

The good guys won, the bad guys lost.

Then, even before the Web, we had the Clipper chip. The EFF was created in response. And again the good guys won.

Then we had the CDA, and then CDA2. And again, the bad guys lost and the lovers of liberty won.

In the West, the war is mostly over (yet eternal vigilance remains the price of liberty).

Not so in the rest of the world, as last week’s ITU conference in Dubai demonstrated.

I say – let them try it. Let them lock down all the VPNs, shut off all the traffic they can’t parse. Let’s have the knock-down, drag-out fight between the hackers and the suits.

Stuart Brand was right. Information wants to be free. I know math. I know about stenography. I know about economics.

I know who will win.

out_of_the_bob says:

Google reptilians have been resisted, but for how long?

of course foreign devil mike would oppose glorious china’s attempt to wrestle with the evil influence which threatens to disrupt cultural harmony. no doubt tehse google sponsored attacks on the PRC whcih spew from mike’s mouth fail to notice the sheer amount of cultural evil which spreads from the internet to the public mind

for shame mike google for shame.

Chris Maresca (profile) says:

Simple solution

Use an https/SSL tunnel. Virtual impossible to distinguish from actual HTML pages and almost impossible to block.

You can do this with openVPN by running over port 443 –

Setup your VPN service on AWS and you run it for peanuts (e.g. $20/month or less) and get an IP that’s not likely to be blocked.

Beyond that, there are new peer to peer VPN systems. N2N is one of them –

Anonymous Coward says:

Re: Simple solution

No. They’re just disconnecting any encrypted channel that connects for over 10-15 minutes (varies), plus a 5-10 minutes (varies again) block to the same host.

This plus the rule that there can be only 1 ISP exist per building in China makes trouble for most VPN users. (My ex-boss have to rent a flat on an adjacent building that use a different ISP just to workaround that. A wireless router bridging two networks + router that able to form VPN by multiple IP endpoint makes the network mostly work…)

Anonymous Coward says:

It was only a matter of time before VPNs came under fire. If I was in the VPN business, I’d start getting ready for the idiot brigade.
They’re trying to make ISPs legally responsible, they’re trying to make search engines legally responsible, they’ll try to make VPNs legally responsible. Third party, fourth party, fifth party, doesn’t matter to idiots: the more people they can sue, the better!

Lorpius Prime (profile) says:

>Fighting against encryption is a game that can’t be won in the long term.

Although I’d certainly like this to be true, I’m not convinced it really is. Certainly the cat-and-mouse game seems likely to continue indefinitely, but it seems to me that simple nature will always favor the people trying to discover and decrypt information, and not the people trying to keep information hidden and secret.

That One Guy (profile) says:

Re: Re:

It comes down to sheer numbers though. There will always be drastically more people concerned with protecting their privacy, than there will be those for whom ‘privacy’ is a term they consider to only apply to their own actions.

On a one-to-one basis, the anti-privacy people do tend to severely outgun the pro-privacy people, true, but when you consider the pro group tends to outnumber the anti group by 1000-1, 10,000-1, 100,000-1… then the odds start swinging the other way.

Spaceman Spiff (profile) says:


You send “normal” stuff, but that is just a digital envelope. Inside the envelope is real data, that has been encrypted as well, so even if someone detects that there is a payload hidden there, it will still be difficult or impossible to decode without the appropriate keys. Done correctly, steganography is very difficult to detect. You could send a home video that has some “noise” in it… 🙂

Not an Electronic Rodent (profile) says:

Re: Re: Steganography

I believe that the biggest factors are how easy it is to do and how remote any serious consequences are.

The very definition of “Stuck in the present”.
If it ever becomes an issue where it is needed to “hide” encrypted data in a manner like this, the nature of the internet makes this certain:
Within months at the outside there will be 4 dozen apps, 2 dozen of which will be freeware, that present a handy, idiot-proof GUI to do exactly this.

There’s already many to “hide” encrypted data in other encrypted data if you want to and you can even do it for free using nice user-friendly step-by-step instructions if you want. What makes you think it would be any harder to do for Steganography? Right now no-one cares to write a mainstream one, change the law on encryption and that will change.

Anonymous Coward says:

‘Fighting against encryption is a game that can’t be won in the long term.’

the same thing has always been said about ‘file sharing’ but the entertainment industries have ignored it and are still trying to stop. add to that that a proxie was stopped from giving access to TPB in The Netherlands and a similar court case is on the cards between the BPI and The Pirate Party in the UK, the USA bitch country. i have said for a long time that eventually the can of worms opened by the US entertainment industries over their stupidity and selfishness would have farther reaching effects than they realised. the dangers of stopping encryption traffic are huge, but as long as those industries can stop their music and movies being shared is the main thing. the fact that, for example, banking could easily be drastically affected is irrelevant to them

DannyB (profile) says:

Allowing only traffic you understand

> the best that can be done is having the system
> block any traffic that it can’t understand.

Ah, but maybe I can construct traffic that you think you understand, yet it conceals a deeper meaning.

I send you pages full of Html and statistically valid text, even made up of real dictionary words.

You send me more Http requests with get/post parameters or path name elements.

This is just one example. We might conceal a two-way conversation as your connection to my SMTP server sending a single email.

The only real trick is the balance of how well concealed the real content is versus how efficient it is.

Then this technology could be used to avoid repressive regimes such as the RIAA / MPAA.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...