> After its founding in 2018, one of Geedge's first clients was the government of Kazakhstan, to whom the company sold its flagship Tiangou Secure Gateway (TSG), which provides functions similar to China's own Great Firewall, monitoring and filtering all web traffic that passes through it, as well as attempts to bypass such censorship.
> The same tool has been rolled out in Ethiopia and Myanmar, where it has been instrumental in enabling that country's military junta to enforce a ban on VPNs. In many cases, Geedge works with other private companies, including internet service providers (ISPs) such as Safaricom in Ethiopia, or Frontiir and Ooredoo in Myanmar, to enact government censorship, the documents show. No ISPs that have partnered with Geedge responded to a request for comment.
> The leaks show employees at the company working to reverse-engineer many popular tools and find means of blocking them. One set of documents lists nine commercial VPNs as "resolved," and provides various means of identifying and filtering traffic to them. Similar capabilities have long been demonstrated by the Great Firewall, with most commercial VPNs inaccessible from within China and many dedicated anti-censorship tools also hard to access.
> At least one Jira support ticket shows evidence of plaintext capture of email
I bet that the recent wave of VPN bans implemented in Russia also uses this tech. For example the mechanism of how suspicious websocket endpoints are being "knocked" by the firewall itself or how suspiciously traffic heavy ssh connections are being dropped suggests that Russian govt simply bought the entire stack from China.
>The strategy is being developed in close cooperation with China after a string of high-level meetings in Beijing and Moscow this year. At their first cybersecurity forum, in April, top Chinese officials and their Russian counterparts gathered in Moscow for the talks. Delegates included Lu Wei, the head of China’s state internet information office, Fang Binxing, the so-called father of the Great Firewall and Igor Shchyogolev, President Vladimir Putin’s assistant on internet issues and former minister of communications.
>“The principal agreement to have a forum was reached by Igor Shchyogolev and Fang Binxing at a meeting in December 2015 in Beijing,” said Denis Davydov, the executive director of the misleadingly named League of Safe Internet, a government-affiliated group that has drafted internet-filtering legislation and recruited teams of volunteers to patrol the web for “harmful content”.
Russia tests it all in Belarus first. In 2020 they blocked almost all Internet, including VPNs, Tor etc (but left some areas connected, like banking). It's somewhat easier in Belarus, as they have a legal monopoly on cross-border Internet.
> "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;"
> "The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;"
In general none of the disclosures of what GFW is doing g should be seen as evidence that western governments do not do the same thing. Hope nobody is drawing that conclusion.
Western governments effectively control 99% of consumer technology, and hack whatever else they can't have. VPNs are a false sense of security going up against a nation-sized adversary like the US.
When a government feels the need to implement technical control measures against ordinary citizens, the tight leash that the people had on their government's authority is broken.
Mass censorship, surviellence, and erosion of privacy are incompatible with human dignity. Purely utilitarian stances advocating online censorship "for the greater good", exploiting the causes of "terrorism" and "child safety" fail to consider anything more than the first order consequences.
Once a government taste the powerful liquor of censorship, there's no way that bottle's ever getting corked again. You bet your ass when anything happens that threatens those in power, that they'll be using that censorship on more than just the evil porn websites and terrorists.
I hope that this GFW leak helps researchers and hobbyists alike find more ways to fight against government erosion of personal dignity.
>Once a government taste the powerful liquor of censorship, there's no way that bottle's ever getting corked again.
Seems the youth of Nepal managed to cork the bottle again earlier this month, when after the mass social media ban they burned down the government buildings and chased the parliamentarians out of the country.
if musk "buys" trump's untruth network and merge it with the remains or xitter, and then all the others are blocked to "save the children" nobody will say anything. maybe, just maybe, there will be a stockholders lawsuit on meta for the value dropping to zero. but hardly anything else.
I used to live in a country who is also a customer of GFW. Before v2ray came out, I had figured out devising any random protocol would defeat it. I would pass my SSH connecting used for socks5 through ROT13 or any ROTn, then the firewall won't gradually slow it down towards total stall after a few kilobytes. OpenSSH yells its name and version in plain text upon connection.
A few years later (still before v2ray) they got more aggressive: Unknown protocols were stalled after a few kilobytes. I then learned if I pretend I'm doing something legitimate (!) such as downloading favicon.ico within a proper HTTP channel, they won't touch my "packets" (the favicon content was my packet). I think there was also a Iodine project doing the same with ping packets but it was slower than favicon-as-packets for me. Today I see v2ray has taken it to the maximum extent, suggesting valid web page front for an IP, valid https certificates, etc.
When I started making money I was thinking about renting many IPs and send my traffic as round-robin to them as the detection relied heavily on IP consistency. That is, connections were fingerprinted by IP.
I don't live there anymore and don't get to verify this hypothesis, but given the leaked source codes it's an intersting weekend project.
What else is also interesting, I looked at traffic decoders in the list of leaked source files: TCP, HTTP, QUIC, ... but no mention of UDP, which made no difference in bypassing GFW. I guess the same IP rate limiter was at work with UDP at a lower level.
From my own personal experience with an outline server running on the same IP over 3 years, the GFW consistently ends up blocking it around 3 days after I first connect. Outline does use shadowsocks to obfuscate but I suspect the traffic detection is what triggers it after 3 days of observations. Running multiple servers and repeatedly cycling through them is an experiment I want to try the next time I'm there.
I've also observed similar behavior with the vpn I'm using as backup where the server I'm using tends to get blocked in around the same timeframe. It's using openvpn/wireguard as the underlying protocol which doesn't try to obfuscate itself so I suspect traffic pattern analysis plays a larger role in what gets blocked than the protocol itself. The exception was my recent trip week-long trip where I was mostly cycling between two servers without noticing either being blocked.
Makes sense; the "3 days" you mention reminds me of something sad ~10 years ago. At an expo, there was this company "Dowran" with a banner boasting about "adjustable internet disruption patterns on demand" and other corporate catch phrases. I can assume there's an operator who installs GWF and puts "3" as part of installer wizard.
> I would pass my SSH connecting used for socks5 through ROT13 or any ROTn, then the firewall won't gradually slow it down towards total stall after a few kilobytes. OpenSSH yells its name and version in plain text upon connection.
Could you elaborate on that more? I'd love to dig into an implementation that does this, in case you still have the tools/scripts/programs available.
I'm asking because for the last couple years I've been on and off working on my warps [1] soft router prototype which aims to hide in plain sight using exfil network protocols.
(Think of it like DNS/HTTP smuggling but with the idea to use similar techniques in other network protocols, too)
I have a similar program, which i call Relay, which effectively works exactly the same. Haven't worked on it in over 10 years but like OP i was in a similar situation, and it worked nicely, but really theres so much more that can be done in the obfuscation field. I eventually moved on to a more elaborate Java version, which worked very well when emulating, of all things, a TeamViewer connection, which had to be allowed on the network in question. So unless the firewall wanted to open up the ssl inside of it and examine in real time, i ended up not tipping it off.
I'll add a very basic version of it for educational value if you want. It might not be exactly functional the way i remember but at least it shows how to chain a socket connection in code.
Its a very minimal C program which was originally targeted for OpenWRT. But being C it should run easily most places.
One would run on a router on a final remote server and another on a travel router which you would tether to.
YourPC <---> Your Travel Router <----internet----> Stationary Router <---> Final Server
Setting up the ports accordingly you had something which basically 'patched' the bytestream in the middle without it even knowning or needing to be changed on either end. It could relay any TCP connection.
There were many dialects which I eventually came up with (especially per packet length obfs) which could be added to the old C program.
The original PoC I had was incredibly simple: Just a python script that read traffic on a port on localhost, rotate each byte by a hard-coded number like 13, and send it over the wire. The counter part would run on the target server, read the byte and undo the rotation. It has zero (minus?) cryptographic security, but that's not the purpose here anyway. The PoV forwarder was transparent and could only tunnel port 22 of target server to 22000 of localhost.
Later I made a more elaborate version where it implemented its own HTTP and SOCKS4/5 proxy servers; I think you won't like it :D I wrote it in Java using Netty more than a decade ago, and published to Github when I relocated. Using Java I could run it directly as an android app or on a PC more easily.
Using Netty's vocabulary: If you add one extra HTTP handler to the pipeline, you get what I initially implemented in various forms:
- An HTTP handler that reads a header, say `Cache-Control: max-age=N` where N is the rotN to rotate bytes.
- Next handler that starts rotating traffic bytes with the given `N`
For favicon-as-packet, my implementation was again with massrelay project but I forgot all the details. It shouldn't be hard: Netty keeps track of the connection state (packet number, etc...) and the handlers wrap/unwrap the traffic within favicon as transferred within HTTP channel.
Netty is a beautiful framework. I see you made your warps project in go, so the concepts might make more time to implement if you want to translate directly to a go project; Or you can just forget about massrelay and implement within your go project from scratch the way it makes sense, since the idea is pretty itself simple.
(That being said, I think GWF has advanced a lot, that's why something proper like v2ray works better now).
If you can make money from it, there will always be someone willing to do it. And/or there is always someone you can compel to do it. It sucks but you pretty much have to operate with that assumption for most things.
That's wishful thinking. If you pay enough, you will find talent without any problems in this world. Look at all the sophisticated zero day exploits used against journalist.
I doubt we disagree on ethics here, but I am empathetic to the influences at play for a developer in that situation. I would not demonize them without first knowing more.
There's a sort of mirror world of academic research happening, where on one side of the mirror, you have people building the tools to censor the internet (typically but not always in Asian venues), and on the other, the tools to circumvent that censorship (typically but not always in Western venues). I know far more people on the latter half of the equation, but have enough exposure to the other side of the mirror to know that most of them earnestly believe they're doing something good. They see massive megacorportaions pushing American interests as an unfair lever in a fight for national sovereignty, and what they do as simply leveling the playing field, and combating misinformation. While I would wholeheartedly agree that they are mistaken in their analysis (reifying systems for people, "The institution I'm supporting may sometimes do bad things, but what I do is supporting the good parts!") and should immediately stop, I wouldn't want to dehumanize them any more than I would someone who works for Palantir, or even Google, Amazon, etc.
It may even make those working there feel like a success of a human. For example, I work at a non faang company doing unsexy work. Although I disagree with Plantir's objectives, I would probably take a role there specifically so I can try to feel like I've succeeded. At present, I feel like a complete and utter failure, and this feeling is renewed literally every day.
As fucked up as it is, the virtue of individualism is often studied as a capitalist/western phenomenon that causes crime and internal conflict. Many of the people building this likely genuinely believe that they are working for the greater good and repressing a harmful social underclass.
If it was a three letter agency, surely they have little motivation to leak it publicly? I feel it would be more strategic for them to keep the information to themselves since presumably no one outside of GFW development knows the exact details (until now).
AFAIK QUIC traffic is impossible to attack using MITM techniques. So I wonder how the GFW handles it. Do they block it entirely or still filter it somehow?
You don't need QUIC, TLS and other encrypted channels have the same protection.
It's not hard to identify those channels and block them. A connection used to interact with websites has completely different traffic patterns compared to a user sending all of their traffic over one specific connection.
Add to that the fact that large video streaming services such as YouTube, where you may see large quantities of data being exchanged over persistent connections, are already blocked in China, and your VPN becomes quite obvious without seeing even a byte of plaintext.
Of course for common protocols like QUIC they have their own custom solution (linked in a sibling comment), but the point is that even with encrypted SNI you will need dedicated anti-GFW protocols to stand a chance against censorship. No protocol that works well for most consumers is going to protect against the analysis a dedicated firewall with decent funding can come up with.
...parsing SNI to find the server name is like the second-oldest trick in the book, after reverse DNS from the 80s? Maybe I'm not understanding the question
Why would QUIC be any more or less MITM attackable than say HTTP1.1 or 2?
AFAIK, the only thing that stops an MITM attack (where they respond as if they’re the remote server and then relay to the real remote server) are certificates.
If an authority requires you trust their root certificate so they can spy on you, QUIC will not make any difference.
If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.
Kazakhstan literally forced their own cert for lots of popular sites for a while, expecting users to click the through and accept them. It was made illegal to not accept government certificates.
Typically they rely on metadata like the IP you're connecting to, or downgrade attacks. Until every server supports QUIC they can just pretend the server doesn't support QUIC.
You might think IP checks are safe because everything's on Cloudflare and they can't block Cloudflare, but you'd be wrong. Even Spain blocks Cloudflare (yes, entirely) during football games.
It’s not particularly sudden - we in the west just perceive it as such thanks to recent drama. Majority of the world population wasn’t living in a democracy for a while now (not even sure it ever has)
My first thought was unfortunately whether the UK and other Western nations would copy this to build their own Firewalls. To be honest i still don't think it's a goal anyone is actively working towards and that's a bit of an hyperbolic take. But the truth is that we are moving more towards such a system then
we are moving away.
My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent. We are lucky to be living in such a free society. Internet seems to be losing the battle against government interference and censorship and that is more of a bad
thing then a good thing.
As I understand it the idea is not necessarily to stop all dissent / awareness, but that it's useful to be able to slow the spread of "rumours" / incendiary information when it is spreading virally. This gives authorities time to come up with a response if required.
While I personally wouldn't want to live in a country which does this, the flip side of unrestricted virality in countries that culturally might not be prepared for it are events like https://en.wikipedia.org/wiki/Indian_WhatsApp_lynchings
Given that the US controls much of what happens on the Internet, another issue for many countries (not China so much) is that without controls they become extremely vulnerable to US influence campaigns and "colour revolutions".
I predict that all countries will end up with something like the GFW eventually because there's basically no other way for governments to achieve "Internet sovereignty" (enforce laws regarding users and publishers on the web). The US might be last to do this because it is in the doubly privileged position of a) being able to exert significant pressure on other countries and b) being able to apply regulation to major US-based Internet companies using their own legal system.
The apparatus we call GFW is really a Chinese CDC for memes. The CDC expects novel strains of bird flu every year, it’s okay, they closely monitor the situation, research the novel strains, cull risky populations, and develop vaccines for worst case scenarios. GFW expects novel strains of anti-CCP viral memes every year, it’s okay, they closely monitor the situation, they analyze the meme for spreaders and origin, they use the new meme to gauge changes in public sentiment, they fine or jail or imprison particularly quarrelsome netizens, and in the worst case scenario they prepare narrative shifts or outright censorship to maintain a net that is deemed healthy. It’s meme epidemiology, with mind viruses instead of RNA viruses.
I think GFW is more of a fallback (hammer) in the overall system but yeah that does happen "in detail" on WeChat etc.
In the US, censorship is obviously a hot-button political topic (core values), but we are starting to see US concerns around things like troll farms, foreign influence, election misinformation etc and systems to quietly tamp that down. The sorts of things that appeared in the "Twitter Files".
The US doesn't usually need "big hammer" technical controls for this because they have legal control over the corporations involved and can ask them to moderate themselves in line with US law & natsec requirements.
Places like e.g. the UK are in an interesting pickle because while they are _largely_ culturally aligned with the US, their lawmakers don't have the same level of influence on platforms. They can either impotently "shake their fist at the sky"; or they can reach agreements so the major platforms co-operate with their governments; or they implement China-like technical controls.
UK and PRC need a censorship apparatus because they are one party states. UK is a monarchy based on a religious aristocracy. PRC is a socialist state with Chinese characteristics. Memes can destroy these countries because they can delegitimize the despot. But in America memes benefit the polity, because parties lose power all the time. We’re constantly switching who rules, and the baton passes frequently enough that we tacitly agree it’s better to just come back next election with better memes. A meme like “Trump shouldn’t be President” is not an existential threat to America, whereas “Charles shouldn’t be King” and “Xi shouldn’t be Chairman” are direct threats to the continuation of their respective systems of government.
It’s the definitive strength of the United States.
Having an overseas social media platform widely used in your country is basically giving foreign intelligence direct access to the brainstem of your citizens.
It's not even about speech necessarily, it's about what speech is amplified and what suppressed, and whether those perspectives are organic or manipulated. Also, who can read all the messages and analyse the trends.
If the US was as memetically robust as you say, foreign owned TikTok wouldn't be a problem. But even free speech cannot hold up under manipulation.
I think a lot of ppl in the US don't notice that this is the position that every other country is in with respect to US social media.
I disagree with your conclusion, but my argument is rather about why a strong censorship and surveillance apparatus exists in UK and PRC and why USA merely has mass surveillance apparatus without concomitant mass censorship. Another feature of American memetic ecosystem is some immunization against manipulation, in that memes such as “Russia is manipulating elections” or “university professors are indoctrinating students” are widespread if not universal. You will note that in nature the most effective rate of immunity in a population is never 100%.
I am a humble HN poster, and this is simply food for thought, and I appreciate your attention.
> Having an overseas social media platform widely used in your country is basically giving foreign intelligence direct access to the brainstem of your citizens.
Hot take: it works both ways, and could pressure feed brainrot contents straight into brainstems of intelligence agency officials at work with full attention to re-educate them up to your own standards, which can be nice.
> UK is a monarchy based on a religious aristocracy
Not really. The Monarch has no real power, only "influence", but they don't step in even in the face of disaster (Brexit).
It's pretty weird to have a developed country with a state religion, but in reality, it has no bearing on anything.
But the US has shown us that "tradition" and principles aren't enough to stop a hostile takeover of power. A Trump-like future monarch could do a lot of damage if they decided; so indeed the UK could do with lots of reforms to enforce proper separations and encode the purely ceremonial role of the monarch.
British tradition does have more teeth though. For example whilst the Monarch may not use that power normally they still have it. With support of the Privy council the King absolutely could remove a malicious but democratic government. They are perfectly placed to unify the people, politicians, civic society, judiciary, police and military. And they can do so legally. And this position is defended by the perfectly reasonable response that they would never do that or have any real power. But then who does? The PM can be replaced in an afternoon by a vote. Parliament would need substantial changes of law to do anything.
> With support of the Privy council the King absolutely could remove a malicious but democratic government.
The power of the Privy Council lies in it's executive committee, known as the "The Cabinet" that thing chaired by the Prime Minister we call the democratic government. The rest of the privy council membership is mostly a bauble for past cabinet ministers with some royal flunkies and bishops and the like. It's mostly vestigial, like knightly orders, but with weird exceptions like it includes the supreme court for overseas territories.
This isn't to say such things can't happen but it would not be through a recognised legitimate procedure "with teeth" but as a constitutional crisis where precedence, tradition and law has gone out of the window and whatever side wins is through primitive power/confidence dynamics. There might be rulings of lawfulness in one direction or another but as a postfacto figleaf downstream of victory rather than as a real judgement.
Sure but it's far from the exercise of an accepted power the OP refers to.
In a constitutional crisis, titles of the elected and inherited ultimately become a matter of opinion... but opinion is the path to victory up to the point it descends to military force. Any form of legitimacy becomes currency.
Back in the day we had constitutional crises that deposed the "rightful" monarch despite somewhat believing in the divine right of kings, the magic oils of coronation and weird blood theories around patrilinial descent. These days they have none of that magic and they are just some weirdos that appear in the papers now and again but still, in a moment of crisis, that whiff of history is a poker chip.
Parliament is ultimately where the power is. If there's a struggle for power, it would be between parliament and the monarch. I think the only situation where the monarch wins that is if parliament has clearly lost their democratic mandate somehow (like truly massive widespread protests from the population).
Ultimate power lies with people who can use violence. Its the military and police. Without continued compliance from those groups the status of politicians or royalty could become very tenuous.
And we are specifically talking about an emergency here.
That constitutional debate is long settled. The king rules by the consent of parliament and they are ultimately the highest authority in the land. In parliament, the commons has far more authority then the lords. While parliament delegates almost all their authority to the government and civil service it would take a lot to fundamentally change that. They still excercise their authority on occasion as several recent prime ministers found out. Their power also doesn't necessarily stem from the fact that they are voted in, but it's a key reason why they have all the power. I don't see any situation where the king wins. The only pathway to a constitutional crisis is between the government and parliament.
Eh, Trump is able to do what he does because he’s a populist and a bully in a society that hopes it can either get rich, or not be destroyed, if they just go along.
The odds of a monarch pushing those buttons is quite low - monarchs by definition don’t need to be populists, and are rarely able to pretend to make the rest of the population rich either.
Much more likely to the UK would end up with a PM doing it, and they’d nuke the last vestiges of the Monarchy in the process. The UK monarchy long ago lost the balls to survive a fight like that.
I listened to a British politics podcast the other day called Not Another One and they were discussing that among western governments there is some looking at the UK’s porn block because in general politicians think that things have gone too far in children being able to access to extreme content, and that if 20 years ago it had been suggested this had been where we’d be, it wouldn’t have been seen as acceptable. They used the example that if you want to publish a very explicit book in the U.K., the Obscene Publications Acts would put limits on you doing so, but putting it online would be allowed
> things have gone too far in children being able to access
Look, the reality is that kids will be kids ...
Remember the pre-internet days when the porn mags were on the top-shelf at the newsagent ?
I'm sure many of that generation will tell you stories of copies of Playboy being passed around in the school playground.
Or back in the VHS or DVD days .... someone in the playground would be passing around some porn.
Or, a UK-centric example would be the famous Page 3 of The Sun newspaper.... "giggle giggle...boobies...giggle"
Moving swiftly forward to the modern day. You can legislate about it all you like, but kids know their way around tech and will soon discover what you can do with a VPN or any of the other many workarounds.
I think the reality is more that the government is trying to legislate for things that could be resolved by good old-fashioned parenting and teaching.
Educating your child properly is better than doing the helicopter-parenting routine and trying to smother little Billy in cotton wool.
You say that but I’m sat at the cricket match today listening to another Dad talking about their 11 year old kid turning on their phone this week and watching a video they’ve been sent by another chile of Charlie Kirk being shot by another child. That’s not going looking for it right?
Are you going to not allow the kid access to mainstream radio or TV incase they watch/listen to the news where you have eye-witnesses being interviewed, often live with minimal/no editing ?
Or not allow the kid to visit mainstream media news websites, because most mainstream media outlets copied the same social media clip you referred to and just edited out the exact moment. But the kid can still use their imagination for that half-second moment.
Are you not going to take them on public transport incase some adults start chatting about it in detail ?
Don't get me wrong, I see your perspective.
But the point is there are so many moving parts to today's fast moving world that you can't put them all back in the box, wave a magic wand and revert to the pre-internet days where there were only four TV channels showing highly scripted content.
Yes modern parenting is tough. But thinking everything can be solved just by throwing more and more broadly (and badly) worded highly-intrusive kitchen-sink legislation at it is not the answer either.
“Think of the children” is a persistent nemesis of modern civil liberties precisely because people buy it so often! One of the easiest emotional arguments to make is “your children are in danger” because parents have extremely low risk tolerance for the safety of their children.
I take it you’ve never had a sick 18 month old before?
Or three under 5?
There is a legitimate interest, but subtlety and critical thinking are some of the first things to go out the window.
Personally, it completely redefined my concept of ‘exhausted’, though the military veteran family of mine seemed to consider it a not entirely uncommon level of suffering. They were all enlisted though.
Yes, especially lots of people with children are terrified that their little darlings will be able to access the best German BDSM content in 4K at an early age.
I’m not a parent, so it might be I completely do not understands some important aspects of this due to lack of expirience, but I hope I’ll be more smart than my parents. It was quite easy to google things my parents were silent about, but I still remeber that feeling of guiltiness. It affected me much more than knowing what the bdsm is
I was exaggerating a bit for comedic effect. I can completely sympathise with the sentiment.
If there was a way to prove one's identity/age online, double anonymously (so both the website doesn't know who you are, and the identity service doesn't know what website is asking) I'd be a 100% for it. It would prevent minors from accessing stuff they're not ready for (on average), and it would limit the amount of bots and foreign interference.
The dispute here is balancing people's human right to wank anonymously against the right of parents (and society's?) to limit access to (absurdly) age inappropriate material.
What does "ready for" even mean, when is anyone ready for 4k German BDSM.
There's also this slippery slope argument that preserving the former right is absolutely necessary to prevent creeping fascism. Which is absurd. Shouldn't it be the responsibility of the wankers to create some palatable solution to the conflict of interests, rather than demand the parents figure out how such wankers can preserve their anonymity?
Parenting is necessary for continuation and health of society. 4k German stuff is not.
Privacy is absolutely necessary for the continuation of western liberal society as we know it, and for society’s constant fight against authoritarianism
Maybe it'll die off in a generation or two, when cynical millennials and zoomers become the backbone of politics. But for now?
"Think of the children" is hilariously transparent to us, but it enjoys moderate support across population, and, much worse, it gets overwhelming support of geriatric politicians. Which is what makes fighting for liberties so hard.
The original GFW was literally built by Cisco. The west already has the technology. They only need an excuse to deploy it.
China relies heavily on export, so they can't just block everything. There are tons of proxy services to bypass GFW in China, and most of them have government background.
> My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent.
Well, OpenAI and other companies training AI models have shown that the architecture of the model matters less than the quality of data fed into it. Same applies for humans.
I understand that the Great Firewall is mostly about censoring dissent, but it's also to keep Chinese citizens away from junk food media sources. The type of videos you see on Douyin vs Tiktok is a great example of the difference.
Yes, the videos on Douyin are politically censored, but they're also a lot less brainrot than Tiktok videos. The Tiktok algo is optimized for ad impressions and profit, whereas the Douyin algo is more tuned to some nebulous concept of Confucian social harmony, for better or worse.
A more nuanced take is that I don't think it's useful to measure Chinese govt behavior just mapped to "amount of suppressing political dissent". I actually think the level of censorship is above the level required for that. It's more useful to recognize that "suppressing political dissent" is actually a subset of Confucian "promote social harmony"- which is not strongly valued in the USA but is at least important enough to be paid lip service in China- and I suspect a big chunk of educated members of government may truly believe in that ideal. It explains behaviors like "why the Douyin algo is so different from Tiktok" and other overreaches of the Chinese govt, because it's not solely about suppressing dissent.
Yeah, I think there may be a lot of wisdom in the Chinese approach.
Right now on the HN homepage, there's a link "The case against social media is stronger than you think", which argues that social media drives political dysfunction in the US and some other countries:
Even if you disagree with that link, and believe social media is a positive force, do we really need to subject all countries to unregulated social media? Seems like putting all of our eggs into one basket, as a species. Why?
Just about every company already uses some form of this on their network, especially those in highly regulated sectors like banking and other finance-related industries.
More usefully and perhaps "on the other side", I have a proxy on my network to block and modify requests for ads and other content I want to "censor".
> My first thought was unfortunately whether the UK and other Western nations would copy this to build their own Firewalls
Various western networking companies already sell such products to authoritarian regimes, such as Nokia[1], Blue Coat Systems[2] and Siemens[3]. China, for reasons that are well documented elsewhere, has always wanted to build it with "their tech", the only thing that's new to me is their export of such tech to Chinese-allied nations.
> My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent.
This is a very controversial opinion, but the overton window has shifted in this respect and many people often like censorship/DPI when done for "altruistic reasons", and it was sad to see Europeans (presumably) asking for blocking of social media sites since Nepal[4] had done the same, disregarding the second-order effects it would have.
Of course, we live in interesting times, with a major western world power embracing economic policies that prioritize government ownership of industries[5], which is typically closer to communism than anything we've seen in the past :)
I would like to block most popular social media as they stand today. Both Kirk and his killer are excellent examples of how our most popular social networks seem designed to drive people insane.
I for one can only access rt.com from a European country if I use a vpn. So that is step 1. The next steps will come. Our government has shown itself willing and (partly) able to block content from its citizens, regardless of their intent. Ie being pro-Putin, or wanting to study what opinions circulate in Russia to try and maintain some level human understanding for our fellow humans on the other side.
Moreover a large part of our government is willing to implement something as egregious as ChatControl. So they are not above animing extremely invasive spying tech at their own citizens.
1+1=2. All prerequisites have been met for a European “firewall”. Hate the word btw, a firewall is supposed to be a defense tool. But these censoring tools are an attack on our agency. Every time I try to access something I am not allowed to access by my overlords I hear in my head "You are not allowed to see this information citizen."
I‘m not sure if it‘s different in your country, but I only know about DNS-blocking mandated by the government to ISPs. And while I don’t like that in itself and the ChatControl plans are pretty invasive, I would argue that right now we’re still pretty far away from something like the great firewall (and knowing European bureaucracy I don‘t think they’re even ready to deploy something like that from a technical standpoint).
> My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent.
I don't quite understand why the first impulse is that it covers up government incompetence. There are other incentives for mass social control of discourse and information.
You don’t get the Chinese citizen experience by visiting as a tourist. Even as a fan of western individualist values, I think it would be nice to have some of the nice things China has, like low petty criminality, high speed rail, and a modern metro system. However, there are very real problems with authoritarianism, including the tail end of covid zero which almost incited a popular uprising, getting rid of covid zero without a plan or mRNA, internal mobility control that effectively creates castes, and the lack of full rule of law.
Some analysis and discussion here:
https://github.com/net4people/bbs/issues/519
> After its founding in 2018, one of Geedge's first clients was the government of Kazakhstan, to whom the company sold its flagship Tiangou Secure Gateway (TSG), which provides functions similar to China's own Great Firewall, monitoring and filtering all web traffic that passes through it, as well as attempts to bypass such censorship.
> The same tool has been rolled out in Ethiopia and Myanmar, where it has been instrumental in enabling that country's military junta to enforce a ban on VPNs. In many cases, Geedge works with other private companies, including internet service providers (ISPs) such as Safaricom in Ethiopia, or Frontiir and Ooredoo in Myanmar, to enact government censorship, the documents show. No ISPs that have partnered with Geedge responded to a request for comment.
> The leaks show employees at the company working to reverse-engineer many popular tools and find means of blocking them. One set of documents lists nine commercial VPNs as "resolved," and provides various means of identifying and filtering traffic to them. Similar capabilities have long been demonstrated by the Great Firewall, with most commercial VPNs inaccessible from within China and many dedicated anti-censorship tools also hard to access.
> At least one Jira support ticket shows evidence of plaintext capture of email
I bet that the recent wave of VPN bans implemented in Russia also uses this tech. For example the mechanism of how suspicious websocket endpoints are being "knocked" by the firewall itself or how suspiciously traffic heavy ssh connections are being dropped suggests that Russian govt simply bought the entire stack from China.
From 2016:
>The strategy is being developed in close cooperation with China after a string of high-level meetings in Beijing and Moscow this year. At their first cybersecurity forum, in April, top Chinese officials and their Russian counterparts gathered in Moscow for the talks. Delegates included Lu Wei, the head of China’s state internet information office, Fang Binxing, the so-called father of the Great Firewall and Igor Shchyogolev, President Vladimir Putin’s assistant on internet issues and former minister of communications.
>“The principal agreement to have a forum was reached by Igor Shchyogolev and Fang Binxing at a meeting in December 2015 in Beijing,” said Denis Davydov, the executive director of the misleadingly named League of Safe Internet, a government-affiliated group that has drafted internet-filtering legislation and recruited teams of volunteers to patrol the web for “harmful content”.
https://www.theguardian.com/world/2016/nov/29/putin-china-in...
the bans are probably a consequence of this leak.
they are in a better safe (from the people, heh) than sorry mode.
Russia tests it all in Belarus first. In 2020 they blocked almost all Internet, including VPNs, Tor etc (but left some areas connected, like banking). It's somewhat easier in Belarus, as they have a legal monopoly on cross-border Internet.
> At least one Jira support ticket shows evidence of plaintext capture of email
I would be surprised if western governments didn't do the same, and folks should act accordingly.
The NSA was storing bulk plaintext emails from (at least) Microsoft, as of the time of the Snowden leaks. Microsoft actively assisted them.
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-... ("Microsoft handed the NSA access to encrypted messages")
> "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;"
> "The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;"
In general none of the disclosures of what GFW is doing g should be seen as evidence that western governments do not do the same thing. Hope nobody is drawing that conclusion.
Western governments do not routinely block VPNs.
Western governments effectively control 99% of consumer technology, and hack whatever else they can't have. VPNs are a false sense of security going up against a nation-sized adversary like the US.
They also can correlate packet streams in and out of the tor network.
Different phylosophy: why block VPNs when you can monitor them. Most Root CAs are in US.
Certificate transparency is mandatory in browsers; interception certificates appear in certificate logs to be accepted. Have you found one?
Edit: OCSP has been ended.
He might be referring to OCSP. Browsers ping CAs by default, revealing to them the sites that are visited.
OCSP is very much on the way out, this is hardly true anymore; although some things still check OCSP, many things do not.
We don't need to guess, we know they do. That was one of Snowden's big reveals.
The US has been doing this for a long time (1997), on a targeted basis.
https://en.wikipedia.org/wiki/Carnivore_(software)
[dead]
When a government feels the need to implement technical control measures against ordinary citizens, the tight leash that the people had on their government's authority is broken.
Mass censorship, surviellence, and erosion of privacy are incompatible with human dignity. Purely utilitarian stances advocating online censorship "for the greater good", exploiting the causes of "terrorism" and "child safety" fail to consider anything more than the first order consequences.
Once a government taste the powerful liquor of censorship, there's no way that bottle's ever getting corked again. You bet your ass when anything happens that threatens those in power, that they'll be using that censorship on more than just the evil porn websites and terrorists.
I hope that this GFW leak helps researchers and hobbyists alike find more ways to fight against government erosion of personal dignity.
>Once a government taste the powerful liquor of censorship, there's no way that bottle's ever getting corked again.
Seems the youth of Nepal managed to cork the bottle again earlier this month, when after the mass social media ban they burned down the government buildings and chased the parliamentarians out of the country.
same won't happen on russia or usa.
if musk "buys" trump's untruth network and merge it with the remains or xitter, and then all the others are blocked to "save the children" nobody will say anything. maybe, just maybe, there will be a stockholders lawsuit on meta for the value dropping to zero. but hardly anything else.
Users can stop using it. Good luck to the gov banning any and all sites. People will migrate to drcentralized networks or deep web areas.
You fundamentally misunderstand the battlefield.
> I hope that this GFW leak helps researchers and hobbyists alike find more ways to fight against government erosion of personal dignity.
Dream on. Remember Germany ?
We at Amnesty looked at how the authorities there deployed it in Pakistan: https://www.amnesty.org/en/latest/news/2025/09/pakistan-mass...
I used to live in a country who is also a customer of GFW. Before v2ray came out, I had figured out devising any random protocol would defeat it. I would pass my SSH connecting used for socks5 through ROT13 or any ROTn, then the firewall won't gradually slow it down towards total stall after a few kilobytes. OpenSSH yells its name and version in plain text upon connection.
A few years later (still before v2ray) they got more aggressive: Unknown protocols were stalled after a few kilobytes. I then learned if I pretend I'm doing something legitimate (!) such as downloading favicon.ico within a proper HTTP channel, they won't touch my "packets" (the favicon content was my packet). I think there was also a Iodine project doing the same with ping packets but it was slower than favicon-as-packets for me. Today I see v2ray has taken it to the maximum extent, suggesting valid web page front for an IP, valid https certificates, etc.
When I started making money I was thinking about renting many IPs and send my traffic as round-robin to them as the detection relied heavily on IP consistency. That is, connections were fingerprinted by IP.
I don't live there anymore and don't get to verify this hypothesis, but given the leaked source codes it's an intersting weekend project.
What else is also interesting, I looked at traffic decoders in the list of leaked source files: TCP, HTTP, QUIC, ... but no mention of UDP, which made no difference in bypassing GFW. I guess the same IP rate limiter was at work with UDP at a lower level.
From my own personal experience with an outline server running on the same IP over 3 years, the GFW consistently ends up blocking it around 3 days after I first connect. Outline does use shadowsocks to obfuscate but I suspect the traffic detection is what triggers it after 3 days of observations. Running multiple servers and repeatedly cycling through them is an experiment I want to try the next time I'm there.
I've also observed similar behavior with the vpn I'm using as backup where the server I'm using tends to get blocked in around the same timeframe. It's using openvpn/wireguard as the underlying protocol which doesn't try to obfuscate itself so I suspect traffic pattern analysis plays a larger role in what gets blocked than the protocol itself. The exception was my recent trip week-long trip where I was mostly cycling between two servers without noticing either being blocked.
>GFW consistently ends up blocking it around 3 days after I first connect
I saw a lot of speculation years ago that the GFW used to flag connections for human review. 3 days sounds like support ticket turnaround.
Makes sense; the "3 days" you mention reminds me of something sad ~10 years ago. At an expo, there was this company "Dowran" with a banner boasting about "adjustable internet disruption patterns on demand" and other corporate catch phrases. I can assume there's an operator who installs GWF and puts "3" as part of installer wizard.
> I would pass my SSH connecting used for socks5 through ROT13 or any ROTn, then the firewall won't gradually slow it down towards total stall after a few kilobytes. OpenSSH yells its name and version in plain text upon connection.
Could you elaborate on that more? I'd love to dig into an implementation that does this, in case you still have the tools/scripts/programs available.
I'm asking because for the last couple years I've been on and off working on my warps [1] soft router prototype which aims to hide in plain sight using exfil network protocols.
(Think of it like DNS/HTTP smuggling but with the idea to use similar techniques in other network protocols, too)
[1] https://github.com/tholian-network/warps
I have a similar program, which i call Relay, which effectively works exactly the same. Haven't worked on it in over 10 years but like OP i was in a similar situation, and it worked nicely, but really theres so much more that can be done in the obfuscation field. I eventually moved on to a more elaborate Java version, which worked very well when emulating, of all things, a TeamViewer connection, which had to be allowed on the network in question. So unless the firewall wanted to open up the ssl inside of it and examine in real time, i ended up not tipping it off. I'll add a very basic version of it for educational value if you want. It might not be exactly functional the way i remember but at least it shows how to chain a socket connection in code.
http://www.jofla.net/C++__/OWRTRelay/
Its a very minimal C program which was originally targeted for OpenWRT. But being C it should run easily most places. One would run on a router on a final remote server and another on a travel router which you would tether to.
YourPC <---> Your Travel Router <----internet----> Stationary Router <---> Final Server
Setting up the ports accordingly you had something which basically 'patched' the bytestream in the middle without it even knowning or needing to be changed on either end. It could relay any TCP connection.
There were many dialects which I eventually came up with (especially per packet length obfs) which could be added to the old C program.
Happy Hunting.
The original PoC I had was incredibly simple: Just a python script that read traffic on a port on localhost, rotate each byte by a hard-coded number like 13, and send it over the wire. The counter part would run on the target server, read the byte and undo the rotation. It has zero (minus?) cryptographic security, but that's not the purpose here anyway. The PoV forwarder was transparent and could only tunnel port 22 of target server to 22000 of localhost.
Later I made a more elaborate version where it implemented its own HTTP and SOCKS4/5 proxy servers; I think you won't like it :D I wrote it in Java using Netty more than a decade ago, and published to Github when I relocated. Using Java I could run it directly as an android app or on a PC more easily.
This is the project: https://github.com/hkoosha/massrelay
Using Netty's vocabulary: If you add one extra HTTP handler to the pipeline, you get what I initially implemented in various forms:
- An HTTP handler that reads a header, say `Cache-Control: max-age=N` where N is the rotN to rotate bytes. - Next handler that starts rotating traffic bytes with the given `N`
For favicon-as-packet, my implementation was again with massrelay project but I forgot all the details. It shouldn't be hard: Netty keeps track of the connection state (packet number, etc...) and the handlers wrap/unwrap the traffic within favicon as transferred within HTTP channel.
Netty is a beautiful framework. I see you made your warps project in go, so the concepts might make more time to implement if you want to translate directly to a go project; Or you can just forget about massrelay and implement within your go project from scratch the way it makes sense, since the idea is pretty itself simple.
(That being said, I think GWF has advanced a lot, that's why something proper like v2ray works better now).
Gotta wonder what kind of failed excuse for a human being you have to be to devote your talents to building stuff like that...
One man's "affront to fundamental individual freedoms" is another's "essential for the collective good".
Also money. Don't disregard the impact dollars have on personal values.
The excuse is you are good at tech and there's a gun to your head.
If you can make money from it, there will always be someone willing to do it. And/or there is always someone you can compel to do it. It sucks but you pretty much have to operate with that assumption for most things.
Yes, but if you turn down the opportunity, statistically the person who takes it will be slightly worse at their job than you would have been.
If enough people apply some ethical line, it creates a genuine headwind for evildoers.
That's wishful thinking. If you pay enough, you will find talent without any problems in this world. Look at all the sophisticated zero day exploits used against journalist.
I doubt we disagree on ethics here, but I am empathetic to the influences at play for a developer in that situation. I would not demonize them without first knowing more.
There's a sort of mirror world of academic research happening, where on one side of the mirror, you have people building the tools to censor the internet (typically but not always in Asian venues), and on the other, the tools to circumvent that censorship (typically but not always in Western venues). I know far more people on the latter half of the equation, but have enough exposure to the other side of the mirror to know that most of them earnestly believe they're doing something good. They see massive megacorportaions pushing American interests as an unfair lever in a fight for national sovereignty, and what they do as simply leveling the playing field, and combating misinformation. While I would wholeheartedly agree that they are mistaken in their analysis (reifying systems for people, "The institution I'm supporting may sometimes do bad things, but what I do is supporting the good parts!") and should immediately stop, I wouldn't want to dehumanize them any more than I would someone who works for Palantir, or even Google, Amazon, etc.
It's not OK to work for Palantir either.
I agree, I just don't think it makes someone a "failed excuse for a human being".
It may even make those working there feel like a success of a human. For example, I work at a non faang company doing unsexy work. Although I disagree with Plantir's objectives, I would probably take a role there specifically so I can try to feel like I've succeeded. At present, I feel like a complete and utter failure, and this feeling is renewed literally every day.
"Failed", hah. If you fail, you never even touch stuff like that: https://en.wikipedia.org/wiki/Gaokao
As fucked up as it is, the virtue of individualism is often studied as a capitalist/western phenomenon that causes crime and internal conflict. Many of the people building this likely genuinely believe that they are working for the greater good and repressing a harmful social underclass.
I wonder who's the Chinese Snowden behind the leak.
Probably some guy called (C)hen (I)ao (A)n
If it was a three letter agency, surely they have little motivation to leak it publicly? I feel it would be more strategic for them to keep the information to themselves since presumably no one outside of GFW development knows the exact details (until now).
Yes … while hoping no one ever finds out
AFAIK QUIC traffic is impossible to attack using MITM techniques. So I wonder how the GFW handles it. Do they block it entirely or still filter it somehow?
You don't need QUIC, TLS and other encrypted channels have the same protection.
It's not hard to identify those channels and block them. A connection used to interact with websites has completely different traffic patterns compared to a user sending all of their traffic over one specific connection.
Add to that the fact that large video streaming services such as YouTube, where you may see large quantities of data being exchanged over persistent connections, are already blocked in China, and your VPN becomes quite obvious without seeing even a byte of plaintext.
Of course for common protocols like QUIC they have their own custom solution (linked in a sibling comment), but the point is that even with encrypted SNI you will need dedicated anti-GFW protocols to stand a chance against censorship. No protocol that works well for most consumers is going to protect against the analysis a dedicated firewall with decent funding can come up with.
According to https://gfw.report/publications/usenixsecurity25/en/#3 they sniff the SNI out of the handshake like for TLS.
Is that a new technique? Shouldn't this be mitigated?
...parsing SNI to find the server name is like the second-oldest trick in the book, after reverse DNS from the 80s? Maybe I'm not understanding the question
Why would QUIC be any more or less MITM attackable than say HTTP1.1 or 2?
AFAIK, the only thing that stops an MITM attack (where they respond as if they’re the remote server and then relay to the real remote server) are certificates.
If an authority requires you trust their root certificate so they can spy on you, QUIC will not make any difference.
That's not true. QUIC's encrypted traffic does not protect against MITM.
QUIC uses TLS1.2 (or higher), so the guarantees are the same as for HTTPS streams. That means it protects the data streams against MitM.
Not any different from TLS.1.2 over TCP.
https://en.wikipedia.org/wiki/File:HTTP-1.1_vs._HTTP-2_vs._H...
Here is good intro for you:
The Security Challenges of HTTP/3 and QUIC — What You Need to Know https://medium.com/@RocketMeUpCybersecurity/the-security-cha...
Not if they have a root cert.
That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM.
Pre-cert usage/issuance lists, it would take a keen eye to spot auto-mitm using root certs.
If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.
Kazakhstan literally forced their own cert for lots of popular sites for a while, expecting users to click the through and accept them. It was made illegal to not accept government certificates.
https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_a...
Typically they rely on metadata like the IP you're connecting to, or downgrade attacks. Until every server supports QUIC they can just pretend the server doesn't support QUIC.
You might think IP checks are safe because everything's on Cloudflare and they can't block Cloudflare, but you'd be wrong. Even Spain blocks Cloudflare (yes, entirely) during football games.
there is a controlled effort for this type of apparatus to exist everywhere
Suddenly all leaders are wannabe autocrats, even the great western democratic ones, they just like to pretend about still caring about democracy.
It’s not particularly sudden - we in the west just perceive it as such thanks to recent drama. Majority of the world population wasn’t living in a democracy for a while now (not even sure it ever has)
You could argue that some of them aren't bothering to pretend at this point.
My first thought was unfortunately whether the UK and other Western nations would copy this to build their own Firewalls. To be honest i still don't think it's a goal anyone is actively working towards and that's a bit of an hyperbolic take. But the truth is that we are moving more towards such a system then we are moving away.
My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent. We are lucky to be living in such a free society. Internet seems to be losing the battle against government interference and censorship and that is more of a bad thing then a good thing.
As I understand it the idea is not necessarily to stop all dissent / awareness, but that it's useful to be able to slow the spread of "rumours" / incendiary information when it is spreading virally. This gives authorities time to come up with a response if required.
While I personally wouldn't want to live in a country which does this, the flip side of unrestricted virality in countries that culturally might not be prepared for it are events like https://en.wikipedia.org/wiki/Indian_WhatsApp_lynchings
Given that the US controls much of what happens on the Internet, another issue for many countries (not China so much) is that without controls they become extremely vulnerable to US influence campaigns and "colour revolutions".
I predict that all countries will end up with something like the GFW eventually because there's basically no other way for governments to achieve "Internet sovereignty" (enforce laws regarding users and publishers on the web). The US might be last to do this because it is in the doubly privileged position of a) being able to exert significant pressure on other countries and b) being able to apply regulation to major US-based Internet companies using their own legal system.
The apparatus we call GFW is really a Chinese CDC for memes. The CDC expects novel strains of bird flu every year, it’s okay, they closely monitor the situation, research the novel strains, cull risky populations, and develop vaccines for worst case scenarios. GFW expects novel strains of anti-CCP viral memes every year, it’s okay, they closely monitor the situation, they analyze the meme for spreaders and origin, they use the new meme to gauge changes in public sentiment, they fine or jail or imprison particularly quarrelsome netizens, and in the worst case scenario they prepare narrative shifts or outright censorship to maintain a net that is deemed healthy. It’s meme epidemiology, with mind viruses instead of RNA viruses.
I think GFW is more of a fallback (hammer) in the overall system but yeah that does happen "in detail" on WeChat etc.
In the US, censorship is obviously a hot-button political topic (core values), but we are starting to see US concerns around things like troll farms, foreign influence, election misinformation etc and systems to quietly tamp that down. The sorts of things that appeared in the "Twitter Files".
The US doesn't usually need "big hammer" technical controls for this because they have legal control over the corporations involved and can ask them to moderate themselves in line with US law & natsec requirements.
Places like e.g. the UK are in an interesting pickle because while they are _largely_ culturally aligned with the US, their lawmakers don't have the same level of influence on platforms. They can either impotently "shake their fist at the sky"; or they can reach agreements so the major platforms co-operate with their governments; or they implement China-like technical controls.
UK and PRC need a censorship apparatus because they are one party states. UK is a monarchy based on a religious aristocracy. PRC is a socialist state with Chinese characteristics. Memes can destroy these countries because they can delegitimize the despot. But in America memes benefit the polity, because parties lose power all the time. We’re constantly switching who rules, and the baton passes frequently enough that we tacitly agree it’s better to just come back next election with better memes. A meme like “Trump shouldn’t be President” is not an existential threat to America, whereas “Charles shouldn’t be King” and “Xi shouldn’t be Chairman” are direct threats to the continuation of their respective systems of government.
It’s the definitive strength of the United States.
Having an overseas social media platform widely used in your country is basically giving foreign intelligence direct access to the brainstem of your citizens.
It's not even about speech necessarily, it's about what speech is amplified and what suppressed, and whether those perspectives are organic or manipulated. Also, who can read all the messages and analyse the trends.
If the US was as memetically robust as you say, foreign owned TikTok wouldn't be a problem. But even free speech cannot hold up under manipulation.
I think a lot of ppl in the US don't notice that this is the position that every other country is in with respect to US social media.
I disagree with your conclusion, but my argument is rather about why a strong censorship and surveillance apparatus exists in UK and PRC and why USA merely has mass surveillance apparatus without concomitant mass censorship. Another feature of American memetic ecosystem is some immunization against manipulation, in that memes such as “Russia is manipulating elections” or “university professors are indoctrinating students” are widespread if not universal. You will note that in nature the most effective rate of immunity in a population is never 100%.
I am a humble HN poster, and this is simply food for thought, and I appreciate your attention.
Likewise, thanks for the perspectives.
> Having an overseas social media platform widely used in your country is basically giving foreign intelligence direct access to the brainstem of your citizens.
Hot take: it works both ways, and could pressure feed brainrot contents straight into brainstems of intelligence agency officials at work with full attention to re-educate them up to your own standards, which can be nice.
The monarchy holds no executive power.
> UK is a monarchy based on a religious aristocracy
Not really. The Monarch has no real power, only "influence", but they don't step in even in the face of disaster (Brexit).
It's pretty weird to have a developed country with a state religion, but in reality, it has no bearing on anything.
But the US has shown us that "tradition" and principles aren't enough to stop a hostile takeover of power. A Trump-like future monarch could do a lot of damage if they decided; so indeed the UK could do with lots of reforms to enforce proper separations and encode the purely ceremonial role of the monarch.
British tradition does have more teeth though. For example whilst the Monarch may not use that power normally they still have it. With support of the Privy council the King absolutely could remove a malicious but democratic government. They are perfectly placed to unify the people, politicians, civic society, judiciary, police and military. And they can do so legally. And this position is defended by the perfectly reasonable response that they would never do that or have any real power. But then who does? The PM can be replaced in an afternoon by a vote. Parliament would need substantial changes of law to do anything.
> With support of the Privy council the King absolutely could remove a malicious but democratic government.
The power of the Privy Council lies in it's executive committee, known as the "The Cabinet" that thing chaired by the Prime Minister we call the democratic government. The rest of the privy council membership is mostly a bauble for past cabinet ministers with some royal flunkies and bishops and the like. It's mostly vestigial, like knightly orders, but with weird exceptions like it includes the supreme court for overseas territories.
This isn't to say such things can't happen but it would not be through a recognised legitimate procedure "with teeth" but as a constitutional crisis where precedence, tradition and law has gone out of the window and whatever side wins is through primitive power/confidence dynamics. There might be rulings of lawfulness in one direction or another but as a postfacto figleaf downstream of victory rather than as a real judgement.
But in that primitive power/confidence dynamics could a monarch be useful?
Sure but it's far from the exercise of an accepted power the OP refers to.
In a constitutional crisis, titles of the elected and inherited ultimately become a matter of opinion... but opinion is the path to victory up to the point it descends to military force. Any form of legitimacy becomes currency.
Back in the day we had constitutional crises that deposed the "rightful" monarch despite somewhat believing in the divine right of kings, the magic oils of coronation and weird blood theories around patrilinial descent. These days they have none of that magic and they are just some weirdos that appear in the papers now and again but still, in a moment of crisis, that whiff of history is a poker chip.
Parliament is ultimately where the power is. If there's a struggle for power, it would be between parliament and the monarch. I think the only situation where the monarch wins that is if parliament has clearly lost their democratic mandate somehow (like truly massive widespread protests from the population).
Ultimate power lies with people who can use violence. Its the military and police. Without continued compliance from those groups the status of politicians or royalty could become very tenuous.
And we are specifically talking about an emergency here.
That constitutional debate is long settled. The king rules by the consent of parliament and they are ultimately the highest authority in the land. In parliament, the commons has far more authority then the lords. While parliament delegates almost all their authority to the government and civil service it would take a lot to fundamentally change that. They still excercise their authority on occasion as several recent prime ministers found out. Their power also doesn't necessarily stem from the fact that they are voted in, but it's a key reason why they have all the power. I don't see any situation where the king wins. The only pathway to a constitutional crisis is between the government and parliament.
Eh, Trump is able to do what he does because he’s a populist and a bully in a society that hopes it can either get rich, or not be destroyed, if they just go along.
The odds of a monarch pushing those buttons is quite low - monarchs by definition don’t need to be populists, and are rarely able to pretend to make the rest of the population rich either.
Much more likely to the UK would end up with a PM doing it, and they’d nuke the last vestiges of the Monarchy in the process. The UK monarchy long ago lost the balls to survive a fight like that.
It's not meme epidemiology, it's outright fascism
I listened to a British politics podcast the other day called Not Another One and they were discussing that among western governments there is some looking at the UK’s porn block because in general politicians think that things have gone too far in children being able to access to extreme content, and that if 20 years ago it had been suggested this had been where we’d be, it wouldn’t have been seen as acceptable. They used the example that if you want to publish a very explicit book in the U.K., the Obscene Publications Acts would put limits on you doing so, but putting it online would be allowed
> things have gone too far in children being able to access
Look, the reality is that kids will be kids ...
Remember the pre-internet days when the porn mags were on the top-shelf at the newsagent ?
I'm sure many of that generation will tell you stories of copies of Playboy being passed around in the school playground.
Or back in the VHS or DVD days .... someone in the playground would be passing around some porn.
Or, a UK-centric example would be the famous Page 3 of The Sun newspaper.... "giggle giggle...boobies...giggle"
Moving swiftly forward to the modern day. You can legislate about it all you like, but kids know their way around tech and will soon discover what you can do with a VPN or any of the other many workarounds.
I think the reality is more that the government is trying to legislate for things that could be resolved by good old-fashioned parenting and teaching.
Educating your child properly is better than doing the helicopter-parenting routine and trying to smother little Billy in cotton wool.
You say that but I’m sat at the cricket match today listening to another Dad talking about their 11 year old kid turning on their phone this week and watching a video they’ve been sent by another chile of Charlie Kirk being shot by another child. That’s not going looking for it right?
The trouble is where are you going to stop ?
Are you going to not allow the kid access to mainstream radio or TV incase they watch/listen to the news where you have eye-witnesses being interviewed, often live with minimal/no editing ?
Or not allow the kid to visit mainstream media news websites, because most mainstream media outlets copied the same social media clip you referred to and just edited out the exact moment. But the kid can still use their imagination for that half-second moment.
Are you not going to take them on public transport incase some adults start chatting about it in detail ?
Don't get me wrong, I see your perspective.
But the point is there are so many moving parts to today's fast moving world that you can't put them all back in the box, wave a magic wand and revert to the pre-internet days where there were only four TV channels showing highly scripted content.
Yes modern parenting is tough. But thinking everything can be solved just by throwing more and more broadly (and badly) worded highly-intrusive kitchen-sink legislation at it is not the answer either.
> if 20 years ago it had been suggested this had been where we’d be, it wouldn’t have been seen as acceptable
20 years ago was 2005. We were "here".
Ah, the good old "think of the children" argument. Does anyone buy that?
“Think of the children” is a persistent nemesis of modern civil liberties precisely because people buy it so often! One of the easiest emotional arguments to make is “your children are in danger” because parents have extremely low risk tolerance for the safety of their children.
Also parents of young children are typically overwhelmed and freaked out, and easy to manipulate.
Don't the parents have a legitimate interest here though? Just being tired does not make them irrational or credulous as seems to be implied here.
I take it you’ve never had a sick 18 month old before?
Or three under 5?
There is a legitimate interest, but subtlety and critical thinking are some of the first things to go out the window.
Personally, it completely redefined my concept of ‘exhausted’, though the military veteran family of mine seemed to consider it a not entirely uncommon level of suffering. They were all enlisted though.
Perhaps the children who don’t have free access to information anymore.
Oh, right..
If those kids could read they would be very angry!
Yes, especially lots of people with children are terrified that their little darlings will be able to access the best German BDSM content in 4K at an early age.
I’m not a parent, so it might be I completely do not understands some important aspects of this due to lack of expirience, but I hope I’ll be more smart than my parents. It was quite easy to google things my parents were silent about, but I still remeber that feeling of guiltiness. It affected me much more than knowing what the bdsm is
Terrified? Maybe they just calmly rationally don't want them to have access to the best German BDSM content in 4K at an early age?
I was exaggerating a bit for comedic effect. I can completely sympathise with the sentiment.
If there was a way to prove one's identity/age online, double anonymously (so both the website doesn't know who you are, and the identity service doesn't know what website is asking) I'd be a 100% for it. It would prevent minors from accessing stuff they're not ready for (on average), and it would limit the amount of bots and foreign interference.
If and only if?
The dispute here is balancing people's human right to wank anonymously against the right of parents (and society's?) to limit access to (absurdly) age inappropriate material.
What does "ready for" even mean, when is anyone ready for 4k German BDSM.
There's also this slippery slope argument that preserving the former right is absolutely necessary to prevent creeping fascism. Which is absurd. Shouldn't it be the responsibility of the wankers to create some palatable solution to the conflict of interests, rather than demand the parents figure out how such wankers can preserve their anonymity?
Parenting is necessary for continuation and health of society. 4k German stuff is not.
Privacy is absolutely necessary for the continuation of western liberal society as we know it, and for society’s constant fight against authoritarianism
Unfortunately, yes.
Maybe it'll die off in a generation or two, when cynical millennials and zoomers become the backbone of politics. But for now?
"Think of the children" is hilariously transparent to us, but it enjoys moderate support across population, and, much worse, it gets overwhelming support of geriatric politicians. Which is what makes fighting for liberties so hard.
The original GFW was literally built by Cisco. The west already has the technology. They only need an excuse to deploy it.
China relies heavily on export, so they can't just block everything. There are tons of proxy services to bypass GFW in China, and most of them have government background.
> My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent.
Well, OpenAI and other companies training AI models have shown that the architecture of the model matters less than the quality of data fed into it. Same applies for humans.
I understand that the Great Firewall is mostly about censoring dissent, but it's also to keep Chinese citizens away from junk food media sources. The type of videos you see on Douyin vs Tiktok is a great example of the difference.
Yes, the videos on Douyin are politically censored, but they're also a lot less brainrot than Tiktok videos. The Tiktok algo is optimized for ad impressions and profit, whereas the Douyin algo is more tuned to some nebulous concept of Confucian social harmony, for better or worse.
A more nuanced take is that I don't think it's useful to measure Chinese govt behavior just mapped to "amount of suppressing political dissent". I actually think the level of censorship is above the level required for that. It's more useful to recognize that "suppressing political dissent" is actually a subset of Confucian "promote social harmony"- which is not strongly valued in the USA but is at least important enough to be paid lip service in China- and I suspect a big chunk of educated members of government may truly believe in that ideal. It explains behaviors like "why the Douyin algo is so different from Tiktok" and other overreaches of the Chinese govt, because it's not solely about suppressing dissent.
Yeah, I think there may be a lot of wisdom in the Chinese approach.
Right now on the HN homepage, there's a link "The case against social media is stronger than you think", which argues that social media drives political dysfunction in the US and some other countries:
https://news.ycombinator.com/item?id=45234323
Even if you disagree with that link, and believe social media is a positive force, do we really need to subject all countries to unregulated social media? Seems like putting all of our eggs into one basket, as a species. Why?
would copy this to build their own Firewalls.
Just about every company already uses some form of this on their network, especially those in highly regulated sectors like banking and other finance-related industries.
More usefully and perhaps "on the other side", I have a proxy on my network to block and modify requests for ads and other content I want to "censor".
There is a big difference between a firewall on a private network and another on an entire country's traffic.
In the US, we reject tyranny everywhere but where we spend our days.
It's tyranny for my employer to not want me watching porn or downloading malware while using their network?
The workplace in general is not a place where you have any say. It's not difficult to imagine a better world.
> i still don't think it's a goal anyone is actively working towards and that's a bit of an hyperbolic take
now this is what Pink Floyd meant by "comfortably numb". mass cognitive dissonance and denial
> My first thought was unfortunately whether the UK and other Western nations would copy this to build their own Firewalls
Various western networking companies already sell such products to authoritarian regimes, such as Nokia[1], Blue Coat Systems[2] and Siemens[3]. China, for reasons that are well documented elsewhere, has always wanted to build it with "their tech", the only thing that's new to me is their export of such tech to Chinese-allied nations.
> My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent.
This is a very controversial opinion, but the overton window has shifted in this respect and many people often like censorship/DPI when done for "altruistic reasons", and it was sad to see Europeans (presumably) asking for blocking of social media sites since Nepal[4] had done the same, disregarding the second-order effects it would have.
Of course, we live in interesting times, with a major western world power embracing economic policies that prioritize government ownership of industries[5], which is typically closer to communism than anything we've seen in the past :)
[1] https://www.wired.com/2011/08/nokia-siemens-spy-systems
[2] https://www.bis.doc.gov/index.php/about-bis/102-about-bis/ne...
[3] https://www.spiegel.de/international/business/ard-reports-si...
[4] https://news.ycombinator.com/item?id=45137363
[5] https://www.intc.com/news-events/press-releases/detail/1748/...
I would like to block most popular social media as they stand today. Both Kirk and his killer are excellent examples of how our most popular social networks seem designed to drive people insane.
I for one can only access rt.com from a European country if I use a vpn. So that is step 1. The next steps will come. Our government has shown itself willing and (partly) able to block content from its citizens, regardless of their intent. Ie being pro-Putin, or wanting to study what opinions circulate in Russia to try and maintain some level human understanding for our fellow humans on the other side.
Moreover a large part of our government is willing to implement something as egregious as ChatControl. So they are not above animing extremely invasive spying tech at their own citizens.
1+1=2. All prerequisites have been met for a European “firewall”. Hate the word btw, a firewall is supposed to be a defense tool. But these censoring tools are an attack on our agency. Every time I try to access something I am not allowed to access by my overlords I hear in my head "You are not allowed to see this information citizen."
I‘m not sure if it‘s different in your country, but I only know about DNS-blocking mandated by the government to ISPs. And while I don’t like that in itself and the ChatControl plans are pretty invasive, I would argue that right now we’re still pretty far away from something like the great firewall (and knowing European bureaucracy I don‘t think they’re even ready to deploy something like that from a technical standpoint).
> My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to prevent their citizens from accessing information and voicing dissent.
I don't quite understand why the first impulse is that it covers up government incompetence. There are other incentives for mass social control of discourse and information.
"My second thought is how badly Chinese communism must be doing that they need such a massive effort in order to ..."
China have visa-free visit policy for many countries, you could actually go there to see how "bad" it is
https://www.china-briefing.com/news/china-visa-free-travel-p...
You don’t get the Chinese citizen experience by visiting as a tourist. Even as a fan of western individualist values, I think it would be nice to have some of the nice things China has, like low petty criminality, high speed rail, and a modern metro system. However, there are very real problems with authoritarianism, including the tail end of covid zero which almost incited a popular uprising, getting rid of covid zero without a plan or mRNA, internal mobility control that effectively creates castes, and the lack of full rule of law.
This whole discussion is full of devil's advocates. The society is fucked
Lolz
All i need is a simple firewall to block advertisements