Thursday, December 22, 2005

Chinese Firewall Workarounds

Note: I removed this post from my main site at the end of February 2006 and placed it here because I don't want my main site to be censored in China, which I suspect it already has been. Bummer, eh?

A lot of us in China can't read or access a large body of websites because they are blocked by our ISPs (presumably at the behest of the government), including news sites, blog hosts like blogspot.com, and the useful Wikipedia. So the more technical among us have a number of workarounds:


  1. For general web surfing, there is anonymouse.org, which is a free web proxy. It doesn't take any technical knowledge to use it, in fact. You just go to the site and enter the URL of the website you want to visit. The rest of the surfing is transparent. It has an unpublished upper limit on file sizes, however, so you can't use it to download media files, for example.

  2. For reading blogs and news sites, if you already know the URL of the site you want to read, you can use an online website aggregator such as Bloglines or Google Reader. Once you have it set up, it's very convenient because it remembers what you've already read on each site and hides the old stuff unless you want to see it.

  3. For general web surfing, and anything based on TCP like web publishing, instant messaging, IRC, SSH, email transport, BitTorrent, GnuPG, DNS queries, etc., you can use the Tor anonymous Internet communication system. This is a bit slow, not for the novice user, and sometimes you can't access Google through it, but it's very handy to have installed and running. In any case, the anonymization that Tor gives you is very good (but not completely secure). And you can even publish services (like a website, wiki, streaming radio station, or podcast) anonymously from any computer using Tor. Unlike the anonymouse.org solution above, Tor works for large file transfers, but you'd better have a decent download manager that robustly handles dropped connections and restarts.

  4. A better solution for large media files---like the podcasts I listen to---is the Coral Content Distribution Network (for files up to 50 MB in size, but perhaps more). You can use it by "coralizing" the file's URL. For example, if the file you want to download is available at http://example.com/largefile.mp3, then you can get it from the Coral network at this special URL: http://example.com.nyud.net:8090/largefile.mp3. Thus if example.com is blocked by your ISP, this routes around it. The cool thing is that, even though Coral is designed for content publishers, it can also be used by ordinary people like you, just by adding the magic .nyud.net:8090 string to the URL of the large file.



These are the solutions I've tried so far, and each of them works really well for different tasks at different levels of convenience. Please feel free to comment on these and offer other advice. I realize that all of the solutions in the above list are themselves vulnerable to attack because they are too centralized in their designs. But they're open for the moment.

Final Thoughts


In addition to the above, there are two very important political issues that everyone who uses the Internet should be aware of: (1) The Internet is not flat. It looks different depending on where you look at it from. For example, a hotel's website could show you two different room rates depending on where you are located. Google also does this with localized web searches. The latter could be viewed as a useful service, but generally the former is seen as very bad for users. Tor and some of these other services make us aware of this problem. (2) You are not anonymous on the Internet. That is, unless you take steps like Tor to protect yourself. Everything you do online can be traced to your IP address, and in most cases, this can be traced to you or your computer. Oh, and (3) The records are stored forever. Think about that the next time you surf or type something into Google.

Have a nice day. :) And use and support Tor.

Update: I've started a list of proxies and other similar tools in addition to the above ones here: http://del.icio.us/madphilosopher/proxies/