China's Solution To The VPN Quandary: Only Authorized, And Presumably Backdoored, Crypto Links Allowed
from the will-Russia-follow-suit? dept
Two of the most important developments in China’s clampdown on the digital world took place last year, when the country’s Ministry of Industry and Information Technology declared that all VPN providers needed prior government approval to operate, and then apps stores were forced to remove the many VPNs on offer there. In some parts of China, VPNs were banned completely, but such a total shutdown is not really an option for cities with many businesses that require secure overseas communication channels. That put the Chinese authorities in something of a quandary: how could they reconcile their desire to prevent VPNs being used to circumvent online controls, while ensuring that the country’s increasingly important corporate sector had access to the encryption tools it needed for operating globally? An article in the FT provides us with the answer (paywall). In recent months, international companies and organizations have found their VPNs blocked more frequently:
regulators have been pushing multinationals to buy and use state-approved VPNs. The state-approved versions can cost tens of thousands of dollars a month and expose users’ communications to Beijing’s scrutiny.
“China’s intention is to control the flow of information entirely, making people use only government-approved VPNs by making it difficult, if not impossible, to use alternatives,” said Lester Ross, partner at legal firm WilmerHale in Beijing.
The great thing about state-approved VPNs is that they can include backdoors for the government to use, and can be to shut down quickly if really serious problems arise that require even more stringent controls.
Backdoored crypto is inherently vulnerable to attacks against those built-in weaknesses, but the Chinese authorities are doubtless willing to let companies run that risk for the sake of maintaining overall control. Since Russia’s views on VPNs are closely aligned with those of China, it will be interesting to see if it decides to adopt Beijing’s solution to the VPN dilemma to tidy up its own rather clumsy approach.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: backdoors, china, encryption, vpn
Comments on “China's Solution To The VPN Quandary: Only Authorized, And Presumably Backdoored, Crypto Links Allowed”
Can we VPN from within a state sponsored VPN?
Re: (layered encryption)
Yes. Layered encryption is a real thing. Passing data that has already been encrypted by some other method within a VPN tunnel. Or chaining multiple VPN tunnels one inside another. But doing such in a oppressive regime like China probably isn’t a good idea… when you a found-out!
Re: Re:
That is exactly what I was thinking. I assume if you do that that you get into twice as much trouble.
Re: Can we VPN from within a state sponsored VPN?
There are techniques which can work–at least for now.
WHO wants a job...
Work for the Nation and get paid for reading english or other languages..
Get PAID by the corps not to interpret it PROPERLY..
Its the Corporate way..
Even If Their Encryption Is Backdoored ...
… at least you now have a hole through the Great Firewall. What would prevent you from adding your own extra layer of encryption on top?
Re: Even If Their Encryption Is Backdoored ...
How do you make that out, as the VPNs are inside the great firewall, and will have their access to the Internet controlled by the great firewall. Also, being a state controlled VPN, it is a man in the middle for HTTPS, and so can detect and block any added encryption..
Re: Re: Even If Their Encryption Is Backdoored ...
Because no serious country with a well thought out and funded spying system, is going to put all their eggs in one basket.
They almost certainly, have a number of different attack vectors in their arsenals, and this is just going to be one of many.
To answer your question the two ways are going to be:
1. Identifying those VPN’s who attempt to confuse or defeat deep packet inspection techniques.
2. compromise systems en-masses, using our own backdoors and exploits, we forced or encouraged manufacturers to build in themselves.
Most of which will either already have been stolen by the numerous spies working in the United States and/or by identifying reverse engineering those exploits.
And of course, their newest method, which is simply to copy us and force manufacturers to include backdoor not only in encryption but in literally numerous electronic devices and technologies.
No doubt the NSA won’t want to lag the field on this one, so here we go with multinational backdoor keys.
Re: Re:
You know that’s a great idea.
Why not just work out a royalties type deal whereby China can simply have access to all the NSA backdoored CPU’s, drives, and GPU’s…
Say, $100 per request.
Re: Re: Re:
You have it the wrong way round. By what country do you think most computer hardware is manufactured and exported, is in possession of most of the design schematics, and so is in the best position to take advantage of them?
This is probably more interesting for corporations running their own VPN, like they should. Or does anyone do that anymore?
Re: Or does anyone do that anymore?
I’m not a “corporation”, just a self-employed developer and sysadmin. And I currently have two VPN connections into my office. Does that count?
The Nigerians are drooling...
This will be interesting to watch. A test to see how much this gets abused by bad actors and the Chinese government over time.
How does this differ from our own?
I’m talking about our own governments destruction of privacy, which inconveniently has to take an incremental approach:
2018
FBI Says Device Encryption Is ‘Evil’ And A Threat To Public Safety
1997
FBI, Security Chiefs Ask SenateFor Keys to All Encrypted Data
https://partners.nytimes.com/library/cyber/week/071097encrypt.html
…and this is just the FBI, which clearly doesn’t have the black budget, like the NSA and CIA to sabotage so many different attack surfaces as to make encryption basically pointless for the majority of targets.
Yes. Layered encryption is a real thing. Passing data that has already been encrypted by some other method within a VPN tunnel. Or chaining multiple VPN tunnels one inside another. But doing such in a oppressive regime like China probably isn’t a good idea… when you a found-out!
<a href=”http://www.warung303.com/Promo”>PIALA DUNIA 2018</a>
comen
terimah kasih<a href=”http://dewa633.com/live-game”>PIALA DUNIA 2018</a>
Will someone use such VPN services approved by the government? There are still methods to use VPN in China. For example you may use VPN services that use StealthVPN protocol or Double VPN.
i like it
i like it”<a href=””http://dewa633.com/live-game””>POOL GAMES</a>
“
http://zilladesigns.net/ works great. No Ip bans and tunnelling issues
situs judi online terpercaya
Respect people’s feelings. Even if it doesn’t mean anything to you.