3/22/2010 12:03:00 PM

On January 12, we announced on this blog that Google and more than twenty other U.S. companies had been the victims of a sophisticated cyber attack originating from China, and that during our investigation into these attacks we had uncovered evidence to suggest that the Gmail accounts of dozens of human rights activists connected with China were being routinely accessed by third parties, most likely via phishing scams or malware placed on their computers. We also made clear that these attacks and the surveillance they uncovered—combined with attempts over the last year to further limit free speech on the web in China including the persistent blocking of websites such as Facebook, Twitter, YouTube, Google Docs and Blogger—had led us to conclude that we could no longer continue censoring our results on Google.cn.

So earlier today we stopped censoring our search services—Google Search, Google News, and Google Images—on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong. Users in Hong Kong will continue to receive their existing uncensored, traditional Chinese service, also from Google.com.hk. Due to the increased load on our Hong Kong servers and the complicated nature of these changes, users may see some slowdown in service or find some products temporarily inaccessible as we switch everything over.

Figuring out how to make good on our promise to stop censoring search on Google.cn has been hard. We want as many people in the world as possible to have access to our services, including users in mainland China, yet the Chinese government has been crystal clear throughout our discussions that self-censorship is a non-negotiable legal requirement. We believe this new approach of providing uncensored search in simplified Chinese from Google.com.hk is a sensible solution to the challenges we’ve faced—it’s entirely legal and will meaningfully increase access to information for people in China. We very much hope that the Chinese government respects our decision, though we are well aware that it could at any time block access to our services. We will therefore be carefully monitoring access issues, and have created this new web page, which we will update regularly each day, so that everyone can see which Google services are available in China.

In terms of Google’s wider business operations, we intend to continue R&D work in China and also to maintain a sales presence there, though the size of the sales team will obviously be partially dependent on the ability of mainland Chinese users to access Google.com.hk. Finally, we would like to make clear that all these decisions have been driven and implemented by our executives in the United States, and that none of our employees in China can, or should, be held responsible for them. Despite all the uncertainty and difficulties they have faced since we made our announcement in January, they have continued to focus on serving our Chinese users and customers. We are immensely proud of them.

God damned !

So we have to make it through. First, the Chrome browser does support the common proxy way — Http proxy. And then, if we can “translate” the socket connection into the http connection, then it works!

The solution is to set up a http proxy in our localhost and let it do the job to help those App. to talk to the remote socket proxy. Then comes to the next tool we need, the Privoxy. Yep, we always use this software to help our Tor proxy services smarter. So we can also do it in this way:

Find the configure file of Privoxy : /etc/privoxy/config (in Ubuntu)
And add this line at the end of the file:

forward-socks5 / 127.0.0.1:7070 .

(don’t miss the “.” at the end of line, that make this route complete)

Easy to see that all the date transfer through the 7070 port will “translate” into the SSH socket 5 proxy service
Save and exit.

Restart the Privoxy :

sudo /etc/init.d/privoxy restart

(in Ubuntu)

And finished…. All you have to do next is to set up your browser’s proxy as http proxy: 127.0.0.1:7070

And BTW, the DNS pollution problem is still needed to be considered.

SSH stands for “security Shell”, that’s to say it provides a security access to OS via a “SHELL” like interface. So before you wanna play SSH trick, you have to own a host as the remote host. Then we can use ssh to access our host safely and manage the machine just like you are in front of it(normally in TEXT mode, of course ). But there is another way to use SSH tool, let it make a “tunnel” for our applications in local host. That means our applications like browsers can connect to the remote host via encrypted messages and the remote host will help them communicate with the destination sites. The result is that our communications become safer and the GFW can’t block us anymore~

Let’s go to own a host first. Be careful, not all the host or VPS provide SSH access. Make sure you are going to own a host with SSH function! My friend tell me that host-blaster.com provide free VPS with SSH access, so I visited it and registered a VPS.

Then the second step is to make SSH to dig a tunnel for us.
Input such like command in our local shell terminal:

ssh -qTfnN -D 7070 yourname@yourname.host-blaster.com

Maybe you use the ssh command before, but those parameters would make you puzzled. Let’s make them clean first.

-q:    Quiet mode.  Causes most warning and diagnostic messages to be
suppressed.  Only fatal errors are displayed.  If a second -q is
given then even fatal errors are suppressed, except for those
produced due solely to bad arguments.

-T      Disable pseudo-tty allocation.

-f      Requests ssh to go to background just before command execution.
This is useful if ssh is going to ask for passwords or
passphrases, but the user wants it in the background.  This
implies -n.  The recommended way to start X11 programs at a
remote site is with something like ssh -f host xterm.

-n      Redirects stdin from /dev/null (actually, prevents reading from
stdin).  This must be used when ssh is run in the background.  A
common trick is to use this to run X11 programs on a remote
machine.  For example, ssh -n shadows.cs.hut.fi emacs & will
start an emacs on shadows.cs.hut.fi, and the X11 connection will
be automatically forwarded over an encrypted channel.  The ssh
program will be put in the background.  (This does not work if
ssh needs to ask for a password or passphrase; see also the -f
option.)

-N      Do not execute a remote command.  This is useful for just for‐
warding ports (protocol version 2 only).

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, optionally bound to the specified bind_address.  Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine.

After that, we have cleaned that mass, this command tell SSH to work in the background and served at 7070 port.

So we go to the final step, make our application work via SSH “tunnel” we made just now.

For example, we browse web with Firefox, that all we have to do is to set our proxy setting of FF use the SSH. Then we set the socket proxy setting as

IP: 127.0.0.1(you can use loaclhost too) port: 7070  and click the socket 5 option.

BTW, if the GFW block the sites by DNS pollution, you have to active the FF to use remote dns. Type about:config to active the network.proxy.socks_remote_dns option.

That’s all, happy SSH life

At the same day in 20 years ago,the Berlin Wall was torn down.Today,another higher invisible “Wall” is still standing in China.  ( tweeted by @icalcifer )

Today is the day that Berlin Wall crashed at 20 years ago. The fall of Berlin Wall is the symbol of democracy freedom. The West takes it as a great victory and the opposite side try to make it less attractive. However the fall of Berlin Wall takes the world into a new direction and will be remember forever.

Where there is a wall, there would be some mice hole on it. So the stories of the cat and the mouses will never stop until the day that wall crashed.

There are tricks  for the mice to dig holes on the Wall, such as VPN, SSH, Proxy and so on. Tor is my favorite trick cause its untraceable and free to use. But unlucky it got a VIP treatment from the Wall and we have to do something to make it work again.

There is a small trick note for myself below. You can take it if you need it too.

Step 1: Write a request letter to bridges@torproject.org via a reliable email service likes Gmail. (It’s especially important if you are behind the Wall) Then we would get a list likes ” bridge 123.123.123.123 ” .

Step 2: Edit the /etc/tor/torrc file as root. To add that list you have got to the “bridge relays” section at the bottom of the file. Save and exit.

Step 3: Restart the Tor and Privoxy(if you need) services by the commands:

sudo /etc/init.d/tor restart

sudo /etc/init.d/privoxy restart

BBC sources in China report they have been unable to open the Twitter messaging site in Shanghai and that message boards on Xinjiang on a number of websites were not taking posts.

Reports from Xinjiang suggest some internet and mobile phone services have been blocked.

Analysts say the government’s so-called Great Firewall of China, which it uses to block unwanted Internet material, will prevent large-scale dissemination of information but that dedicated Internet users can bypass it fairly easily.

From BBC news

Great Wall

Ok, as we know, because of some reasons, the Internet of the mainland area of China is in a state of emergency. Lots of foreign web sites are blocked and many of the internal web sites also stand by at once for the information strike. And this time, GFW can show its power again. First, I am not interesting about any political conflict or which side is right. Because the truth is hard to figure out. Second, many not related sites are blocked innocently maybe just because they are sharing the same IP or within the same IP range of the sites which have “problems”. So I think it’s necessary to find a way to make it.

Many friends are seeking ways to go through this “wall” and I was asked about this questions many times. So I want to share a “easy way” to build such ladder.

Tor

“Tor” is design to increase the anonymity of our activities on the Internet. It disguises your identity and protects your online activities from many forms of Internet surveillance. It can also be used to bypass Internet filtering.

To explain in a simple way, it’s a P2P software that makes the people to be the proxy hosts to those who are also using this softwares. So we are all proxy hosts and we can let our never seen “friend” to be our proxy hosts. This feature also bring an additional usage, to bypass the GFW

Installing tor is easy for everyone, but to make it work with other softwares, like the browser or IM maybe is a little difficult for them.

So I want to introduce a “tor suit” that give you a “one-stop” service.

Tor Browser:

tor with configured FF

and tor with configured FF & IM & more

After extracting the files, a new folder named Tor Browser will appear in the chosen location. All you need to do is open the “Star Tor Browser.exe” .

Wish you will like it

It is said that Internet can share any information to everyone in the world, but how can it possible to keep our people in main land away from anything about June Fourth Movement.Or what is blocking us from those information that CCP and gov. wanna ban. And that is the Great Firewall of China.
Crossing the Wall (or Bypassing) is a quite popular Internet new word for us. At first, I cross the GFW to fetch the English technology information that I need cause the damn slow connection from mainland to the abroad. But I discover that many sites that I couldn’t connect before can be visited after I use the cross-wall tool. So I am wondering what is building the “Wall” between China and those “sensitive” sites.
As we know, China has the famous Great Wall that was built for defend enemy at the ancient time. And a new type “Great Wall” is built to “defend” the somehow “dangerous” threat in the Internet nowadays.

There is an formal name of GFW actually, the Golden Shield Project. The Golden Shield Project (Chinese: 金盾工程) is a censorship and surveillance project operated by the Ministry of Public Security (MPS) of the People’s Republic of China. The project started in 1998 and began operations in November of 2003. Whatever, we are used to call it the Great Firewall and GFW in short.

The GFW uses many methods for censoring, such as IP blocking,DNS filtering and redirection, URL filtering, Packet filtering, Connection reset. That can make the people in main land only get the error message when they want to visit some web sites.

Excluding those political sensitive web sites, there are many famous new web 2.0 sites are blocked . Web 2.0 change the mode of web world. Anybody can post their idea on the web, such as the personal blog, micro blog, SNS sites like facebook and so on. Only because some users post some “sensitive” information at their own page or comments on some posts. That make the whole site to be on  the ban list at GFW database.

So when we want to vist those banned sites, we have to “cross” the GFW. There are also many ways to make it. You can use the proxy host that provide the tunnel, or to use the new P2P technic, such like Tor.

PS: Most of the photos on my blog are on the flickr. So they are GFWed too.

Thanks
Wikipedia for providing reference about Golden Shield Project