Listen to this article

Golden Shield Project

From Infogalactic: the planetary knowledge core
(Redirected from Golden Shield)
Jump to: navigation, search

Lua error in package.lua at line 80: module 'strict' not found.

The Golden Shield Project (Chinese: 金盾工程; pinyin: jīndùn gōngchéng), also known as the Great Firewall of China[1] (Chinese: 防火长城; pinyin: fánghuǒ chángchéng) which is a censorship and surveillance project that blocks potentially unfavorable incoming data from foreign countries, is operated by the Ministry of Public Security (MPS) of the government of China. The project was initiated in 1998 and began operations in November 2003.[2] It is now used to attack international web sites using Man-on-the-side DDoS, for example to attack GitHub on 2015/03/28.[3]

History

The political and ideological background of the Golden Shield Project is considered to be one of Deng Xiaoping’s favorite sayings in the early 1980s: "If you open the window for fresh air, you have to expect some flies to blow in." (Chinese: 打开窗户,新鲜空气和苍蝇就会一起进来。; pinyin: Dǎkāi chuānghù, xīnxiān kōngqì hé cāngying jiù huì yìqǐ jìnlái.[nb 1]) The saying is related to a period of the economic reform of China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Communist Party of China have had to be protected by "swatting flies" of other unwanted ideologies.[4]

The Internet in China arrived in 1994,[5] as the inevitable consequence of and supporting tool for the "socialist market economy". Gradually, while Internet availability has been increasing, the Internet has become a common communication platform and tool for trading information.

The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4-6, are:

<templatestyles src="Template:Blockquote/styles.css" />

Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promotes the overthrow of the government or socialist system; undermines national unification; distorts the truth, spreads rumors, or destroys social order; or provides sexually suggestive material or encourages gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.[6]

In 1998, the Communist Party of China feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control.[7] The CDP was immediately banned, followed by arrests and imprisonment.[8] That same year, the Golden Shield project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the Golden Shield project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System".[9] At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000-50,000 police are employed in this gigantic project.[10]

A subsystem of the Golden Shield has been nicknamed "the Great Firewall" (防火长城) (a term that first appeared in a Wired magazine article in 1997)[11] in reference to its role as a network firewall and to the ancient Great Wall of China. This part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers at the six[12] Internet gateways. The system also selectively engages in DNS cache poisoning when particular sites are requested. The government does not appear to be systematically examining Internet content, as this appears to be technically impractical.[13] Because of its disconnection from the larger world of IP routing protocols, the network contained within the Great Firewall has been described as "the Chinese autonomous routing domain".[14]

During the 2008 Summer Olympics, Chinese officials told Internet providers to prepare to unblock access from certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners were expected to work or stay.[15]

Purpose

In September 2002, Li Runsen, the technology director at Ministry of Public Security and member of the Golden Shield leadership, further explained this broad definition to thousands of police nationwide at a meeting in Beijing called "Information Technology for China’s Public Security".

In October 2001, Greg Walton of the International Centre for Human Rights and Democratic Development published a report; he wrote:

<templatestyles src="Template:Blockquote/styles.css" />

Old style censorship is being replaced with a massive, ubiquitous architecture of surveillance: the Golden Shield. Ultimately, the aim is to integrate a gigantic online database with an all-encompassing surveillance network – incorporating speech and face recognition, closed-circuit television, smart cards, credit records, and Internet surveillance technologies.[16]

The empirical study by the OpenNet Initiative (collaboration between Harvard Law School, University of Toronto Citizen Lab, and Cambridge Security Program) found that China has the most sophisticated content-filtering Internet regime in the world. Compared to similar efforts in other countries, CPC Government effectively filters content by employing multiple methods of regulation and technical controls. In contrast, the PRC-sponsored news agency, Xinhua, stated that censorship targets only "superstitious, pornographic, violence-related, gambling and other harmful information."[17]

In July 2007, authorities intensified the "monitoring and control" of The Great Firewall, causing email disruption, in anticipation of the Shanghai Cooperation Organisation meeting scheduled for August 2007.[18]

Blocking methods

Some commonly used technical methods for censoring are:[19]

Method Description
IP blocking The access to a certain IP address is denied. If the target Web site is hosted in a shared hosting server, all Web sites on the same server will be blocked. This affects all IP protocols (mostly TCP) such as HTTP, FTP or POP. A typical circumvention method is to find proxies that have access to the target Web sites, but proxies may be jammed or blocked. Some large Web sites allocated additional IP addresses to circumvent the block, but later the block was extended to cover the new addresses.[20]
DNS filtering and redirection Doesn't resolve domain names, or returns incorrect IP addresses. This affects all IP protocols such as HTTP, FTP or POP. A typical circumvention method is to find a domain name server that resolves domain names correctly, but domain name servers are subject to blockage as well, especially IP blocking. Another workaround is to bypass DNS if the IP address is obtainable from other sources and is not blocked. Examples are modifying the Hosts file or typing the IP address instead of the domain name in a Web browser.
URL filtering Scan the requested Uniform Resource Locator (URL) string for target keywords regardless of the domain name specified in the URL. This affects the Hypertext Transfer Protocol. Typical circumvention methods are to use escaped characters in the URL, or to use encrypted protocols such as VPN and SSL.[nb 2]
Packet filtering Terminate TCP packet transmissions when a certain number of controversial keywords are detected. This affects all TCP protocols such as HTTP, FTP or POP, but Search engine pages are more likely to be censored. Typical circumvention methods are to use encrypted protocols such as VPN and SSL, to escape the HTML content, or reducing the TCP/IP stack's MTU, thus reducing the amount of text contained in a given packet.
Connection reset If a previous TCP connection is blocked by the filter, future connection attempts from both sides will also be blocked for up to 30 minutes. Depending on the location of the block, other users or Web sites may be also blocked if the communications are routed to the location of the block. A circumvention method is to ignore the reset packet sent by the firewall.[21]
SSL man-in-the-middle attack makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.[22]Most browsers report these fake certificates.

Censored content

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Mainland Chinese Internet censorship programs have censored Web sites that include (among other things):

Blocked Web sites are indexed to a lesser degree, if at all, by some Chinese search engines. This sometimes has considerable impact on search results.[24]

According to The New York Times, Google has set up computer systems inside China that try to access Web sites outside the country. If a site is inaccessible, then it is added to Google China's blacklist.[25] However, once unblocked, the Web sites will be reindexed. Referring to Google's first-hand experience of the great firewall, there is some hope in the international community that it will reveal some of its secrets. Simon Davies, founder of London-based pressure group Privacy International, is now challenging Google to reveal the technology it once used at China's behest. "That way, we can understand the nature of the beast and, perhaps, develop circumvention measures so there can be an opening up of communications." "That would be a dossier of extraordinary importance to human rights," Davies says. Google has yet to respond to his call.[26]

Bypassing

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.[27]

  • Proxy servers outside China can be used, although using just a simple open proxy (HTTP or SOCKS) without also using an encrypted tunnel (such as HTTPS) does little to circumvent the sophisticated censors.[27]
  • Companies can establish regional Web sites within China. This prevents their content from going through the Great Firewall of China; however, it requires companies to apply for local ICP licenses.
  • Onion routing, such as I2P or Tor, can be used.[27]
  • Freegate, Ultrasurf, and Psiphon are free programs that circumvent the China firewall using multiple open proxies, but still behave as though the user is in China.[27]
  • VPNs (virtual private network) and SSH (secure shell) are the powerful and stable tools for bypassing surveillance technologies. They use the same basic approaches, proxies and encrypted channels, used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.[27]
  • Open application programming interface (API) used by Twitter which enables to post and retrieve tweets on sites other than Twitter. "The idea is that coders elsewhere get to Twitter, and offer up feeds at their own URLs—which the government has to chase down one by one." says Jonathan Zittrain, co-director of Harvard's Berkman Center for Internet and Society.[28]
  • Reconfiguration at the end points of communication, encryption, discarding reset packets according to the TTL value (time to live) by distinguishing those resets generated by the Firewall and those made by end user, not routing any further packets to sites that have triggered blocking behavior.[29]

Unblocking

Certain sites have begun to be partially unblocked, including:

  • The English-language BBC website (but not the Chinese language website).[30]
  • Wikipedia (wikipedia.org), HTTPS version is not blocked (As of December 2013, excluding Chinese Wikipedia). However, if one uses HTTP, many wikis are blocked.[31]
  • Social websites and free web hosting websites. However, these have also been re-blocked.[citation needed]
  • Some foreign news websites.[citation needed]

Exporting technology

Reporters Without Borders suspects that regimes such as Cuba, Zimbabwe and Belarus have obtained surveillance technology from China.[32]

Protest in China

Despite strict government regulations, the Chinese people are continuing to protest against their government’s attempt to censor the Internet. The more covert protesters will set up secure SSH and VPN connections using tools such as UltraSurf. They can also utilize the widely available proxies and virtual private networks to fanqiang(翻墙), or "climb the wall." Active protest is not absent. Chinese people will post their grievances online, and on some occasions, have been successful. In 2003, the death of Sun Zhigang, a young migrant worker, sparked an intense, widespread online response from the Chinese public, despite the risk of the government’s punishment. A few months later, Prime Minister Wen Jiabao abolished the Chinese law that led to the death of Sun. Ever since, dissent has regularly created turmoil on the Internet in China.[33] Also in January 2010, when Google announced that it will no longer censor its Web search results in China, even if this means it might have to shut down its Chinese operations altogether, many Chinese people went to the company’s Chinese offices to display their grievances and offer gifts, such as flowers, fruits and cigarettes.[34]

See also

Notes

  1. There are several variants of this saying in Chinese, including "如果你打开窗户换新鲜空气,就得想到苍蝇也会飞进来。" and "打开窗户,新鲜空气进来了,苍蝇也飞进来了。". Their meanings are the same.
  2. For an example, see Wikipedia:Advice to users using Tor to bypass the Great Firewall

References

  1. Lua error in package.lua at line 80: module 'strict' not found.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  7. Goldman, Merle Goldman. Gu, Edward X. [2004] (2004). Chinese Intellectuals between State and Market. Routledge publishing. ISBN 0415325978
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. 首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集 (Chinese)
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. http://www.economist.com/news/special-report/21574631-chinese-screening-online-material-abroad-becoming-ever-more-sophisticated
  12. http://www.nbcnews.com/technology/welcome-wyoming-how-chinas-great-firewall-could-have-sent-web-2D11970733
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. China and the Internet. International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. Lua error in package.lua at line 80: module 'strict' not found.
  26. Will Google's help breach the great firewall of China? By: Marks, Paul, New Scientist, 02624079, 4/3/2010, Vol. 205, Issue 2754
  27. 27.0 27.1 27.2 27.3 27.4 "Splinternet Behind the Great Firewall of China: The Fight Against GFW", Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
  28. "Leaping the Great Firewall of China ", Emily Parker, Wall Street Journal, 24 March 2010. Retrieved 11 October 2013.
  29. "Ignoring the Great Firewall of China", Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20-35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
  30. Lua error in package.lua at line 80: module 'strict' not found.
  31. (Chinese) 如何访问维基百科#当前情况
  32. Lua error in package.lua at line 80: module 'strict' not found.
  33. Lua error in package.lua at line 80: module 'strict' not found.
  34. Lua error in package.lua at line 80: module 'strict' not found.

External links