[WikiEN-l] Tearing down the Chinese Firewall
Anthony DiPierro
wikilegal at inbox.org
Sat May 13 00:43:45 UTC 2006
Thanks for the overview of your thoughts on this. It's my intuition
that there's gotta be a way to get around this, even without resorting
to any special client configuration. If enough people work together
maybe we can at least get it working some large percentage of the
time. I mean, short of going to a whitelist configuration I don't see
how the Chinese government can keep up (the insecurity of the DNS
system gives them a big advantage, though).
I have some other ideas, but someone must have thought of these
already, and this is really beyond the scope of this mailing list
anyway. Reading http://www.post-gazette.com/pg/06045/654754.stm, I
think I've found some places to look for more information.
Anthony
On 5/12/06, Tim Starling <t.starling at physics.unimelb.edu.au> wrote:
> Anthony DiPierro wrote:
> > If anyone has any ideas as to what we can do to help get the real
> > Wikipedia to the masses in China (no client-side setup required), I'd
> > love to help. Maybe some sort of network of distributed servers
> > providing https access through dynamically rotating IP addresses.
>
> I don't think there's any solution left which will work without client
> configuration, except for a number of loopholes that the Chinese Government
> hasn't gotten around to closing yet. The foremost among these is our own SSL
> gateway:
>
> https://secure.wikimedia.org/wikipedia/zh/wiki/
>
> There are various unblocked HTTP proxies, although all unencrypted traffic
> is sampled, so any popular proxy will be rapidly blocked.
>
> Traffic within China isn't subject to the Great Firewall, which is why a
> proxy like wikipedia.cnblog.org worked. More proxies like that could be set
> up, but our recent experience suggests that the Government is watching for
> such things, and you can fully expect a knock on your door if you set one up.
>
> Periodically changing the IPs returned by a specific DNS entry almost
> certainly won't work. They have the ability to poll DNS.
>
> So that leaves client configuration. The Tor network is still not blocked,
> but that might be only a matter of time. And the downside is that it has no
> system for dealing with abuse.
>
> Having numerous SSL tunnel servers would be useful, along the lines of
> Anthony's suggestion. However, you need to have some way to distribute the
> server IPs to the users without letting the Government find them out. I
> can't think of any way to do this with a public protocol without leading to
> a very high rate of compromise of IP addresses, assuming the authorities are
> on the ball. A simple HTTPS gateway like secure.wikimedia.org could be
> compromised automatically by simply connecting to it and downloading the
> index page.
>
> We can go on exploiting known holes in the firewall for the time being, but
> it will certainly become increasingly difficult for people inside China to
> access Wikipedia, especially for those who are non-technical or not
> especially motivated.
>
> If Baidupedia does take off, I hope they will license locally generated
> content under GFDL, to allow for a continuing exchange of content between
> Wikipedia and Baidupedia.
>
> -- Tim Starling
>
> _______________________________________________
> WikiEN-l mailing list
> WikiEN-l at Wikipedia.org
> To unsubscribe from this mailing list, visit:
> http://mail.wikipedia.org/mailman/listinfo/wikien-l
>
More information about the WikiEN-l
mailing list