Monday, May 12, 2008

Understanding the Great Firewall of China...

When the Beijing Olympics get underway this summer will journalists have full unfettered internet access while they are in China?

The short answer is yes they will. China will be providing specific hotels and other locations expected to be frequented by foreigners with full access so journalists will not write home about their totalitarian censorship practices. But what's interesting is how they've figured out how to do this while still keeping the Great Firewall in place for the rest of the country.

James Fallows has a great article in The Atlantic on the so-called Great Firewall of China. After months of studying the firewall firsthand, he explains the underlying censorship technologies being deployed. When a user tries to reach a website, four things can be made to go wrong:

The first and bluntest is the “DNS block.” The DNS, or Domain Name System, is in effect the telephone directory of Internet sites. Each time you enter a Web address, or URL—www.yahoo.com, let’s say—the DNS looks up the IP address where the site can be found. IP addresses are numbers separated by dots—for example, TheAtlantic.com’s is 38.118.42.200. If the DNS is instructed to give back no address, or a bad address, the user can’t reach the site in question—as a phone user could not make a call if given a bad number...

Next is the perilous “connect” phase. If the DNS has looked up and provided the right IP address, your computer sends a signal requesting a connection with that remote site. While your signal is going out, and as the other system is sending a reply, the surveillance computers within China are looking over your request, which has been mirrored to them. They quickly check a list of forbidden IP sites. If you’re trying to reach one on that blacklist, the Chinese international-gateway servers will interrupt the transmission by sending an Internet “Reset” command both to your computer and to the one you’re trying to reach...

The third barrier comes with what Lih calls “URL keyword block.” The numerical Internet address you are trying to reach might not be on the blacklist. But if the words in its URL include forbidden terms, the connection will also be reset. (The Uniform Resource Locator is a site’s address in plain English—say, www.microsoft.com—rather than its all-numeric IP address.) The site FalunGong .com appears to have no active content, but even if it did, Internet users in China would not be able to see it. The forbidden list contains words in English, Chinese, and other languages, and is frequently revised—“like, with the name of the latest town with a coal mine disaster”...

The final step involves the newest and most sophisticated part of the GFW: scanning the actual contents of each page—which stories The New York Times is featuring, what a China-related blog carries in its latest update—to judge its page-by-page acceptability. This again is done with mirrors...


These techniques are more highly sophisticated than these simple explanations may imply. When I was in China for several weeks doing my own analysis of the Great Firewall, its most striking aspect was its subtlety. In fact, you hardly even knew a firewall was in effect. You had access to nearly every site you tried to visit, and for those that were blocked, you were never really told that was the case. Typically the page would just take too long to load, so you would go somewhere else out of impatience - just like you would here in the States, or anywhere else for that matter.

Ultimately, it will be through understanding exactly how the Chinese government is implementing is censoring technologies that will lead the rest of the world to figure out exactly how to undermine it.
  

0 Comments:

Post a Comment

<< Home