Not only that, it seems to be entirely unimpressive: The premise is that they would be able to allow everything except for what they want to censor, which isn't what they're doing.
If you allow connections to random websites outside of your jurisdiction then you're de facto allowing everything, because people can proxy arbitrary traffic that way. If you don't, you're effectively disconnecting your country from the global internet, which is not an impressive technological feat. Anybody with a backhoe can do a fiber cut.
You’re just ignorant of what it does. The GFW autodetects and blocks a truly impressive number of tunnel encapsulation schemes, VPN’s, etc. and blocks a wide variety of proxy attempts.
It really isn’t dumb at all, and is quite difficult to get past.
It also auto detects ‘problematic’ content in near realtime for a huge swath of things. It does deep packet and content inspection, including of a bunch of encrypted traffic that it really shouldn’t be able to.
At massive (national) level scale.
Don’t get me wrong. It’s evil. But it’s an impressive bit of evil kit.
> The GFW autodetects and blocks a truly impressive number of tunnel encapsulation schemes, VPN’s, etc. and blocks a wide variety of proxy attempts.
They made a list of tunnel systems that don't attempt to disguise themselves and then blocked them. That's not really that hard, and it meanwhile causes lots of innocuous things to be blocked. There are uses for a tunnel other than bypassing censorship.
The hard thing is to block the ones that actively attempt to look like something they're not, and release updates to change their profile whenever the authors notice it being blocked, while still allowing the thing they're attempting to look like.
> It also auto detects ‘problematic’ content in near realtime for a huge swath of things. It does deep packet and content inspection, including of a bunch of encrypted traffic that it really shouldn’t be able to.
All of this is assuming the content is being distributed unencrypted or is otherwise leaking its contents through e.g. having a specific data length, none of which an encapsulation method is required to expose.
So nuclear weapons were and are totally boring and unimpressive?
Not only that, it seems to be entirely unimpressive: The premise is that they would be able to allow everything except for what they want to censor, which isn't what they're doing.
If you allow connections to random websites outside of your jurisdiction then you're de facto allowing everything, because people can proxy arbitrary traffic that way. If you don't, you're effectively disconnecting your country from the global internet, which is not an impressive technological feat. Anybody with a backhoe can do a fiber cut.
You’re just ignorant of what it does. The GFW autodetects and blocks a truly impressive number of tunnel encapsulation schemes, VPN’s, etc. and blocks a wide variety of proxy attempts.
It really isn’t dumb at all, and is quite difficult to get past.
It also auto detects ‘problematic’ content in near realtime for a huge swath of things. It does deep packet and content inspection, including of a bunch of encrypted traffic that it really shouldn’t be able to.
At massive (national) level scale.
Don’t get me wrong. It’s evil. But it’s an impressive bit of evil kit.
> The GFW autodetects and blocks a truly impressive number of tunnel encapsulation schemes, VPN’s, etc. and blocks a wide variety of proxy attempts.
They made a list of tunnel systems that don't attempt to disguise themselves and then blocked them. That's not really that hard, and it meanwhile causes lots of innocuous things to be blocked. There are uses for a tunnel other than bypassing censorship.
The hard thing is to block the ones that actively attempt to look like something they're not, and release updates to change their profile whenever the authors notice it being blocked, while still allowing the thing they're attempting to look like.
> It also auto detects ‘problematic’ content in near realtime for a huge swath of things. It does deep packet and content inspection, including of a bunch of encrypted traffic that it really shouldn’t be able to.
All of this is assuming the content is being distributed unencrypted or is otherwise leaking its contents through e.g. having a specific data length, none of which an encapsulation method is required to expose.
2 replies →