Louwai Wrote:Hey Evil, A question you may be able to answer. The above bit of your post prompted me on it. I may be way of the basis here. If so just say so......
No problem, I made the claim, I better be able to back it up
Louwai Wrote:As a general rule, The Chinese Gov totally blocks approx 20% to 30% of all international internet coming into China.
So my question is, if the current technology is not suitable, how are they doing it???
How I wish they'd block one of the websites I'm responsible for. Maybe I should post some Falun Gong propaganda. A lot of Chinese use a program called Xunlei, and it hurts my poor servers
In short, they're not. At least not to those with the knowledge. Let me explain...
I don't know your level of IT expertise, so I'll try and write it for the layman who knows nothing (so others can follow along). I didn't say that parts of the web can't be blocked. In fact, that's incredibly trivial.
What I did (at least try to) say was that in the process of blocking off parts of the net, there's a lot of collateral damage and yet there's always a way around it.
One single Internet address (IP address) can potentially host thousands of websites, some pro, some anti the same topic. It's easy enough to block "www.something-they-dont-like.com" at a firewall. It's also easy to defeat that block by changing my domain name to something else. So then the blockers will do something like block the IP address of the server, or even the entire network that the server is hosted on. Problem being that potentially "www.something-they-really-like.com" has been taken off the air.
So we accept some collateral damage. Not that bad, so long as the contentious material is gone...
Instead, the person that hosts
www.something-they-dont-like.com changes to use SSL (encrypted web - like the bank). You can no longer see what traffic I'm doing (well, there are ways, but they're against the whole spirit of SSL/TLS and are a gross violation of any whiff of privacy). But once this is discovered, the firewall will block the IP address. Once again, thousands of websites gone.
So the perpetrator of the alleged immoral or illegal behaviour will switch to a peer-to-peer scheme, where the port (kind of like a post box at a post office) is random, along with what seems to be a random IP address. Bit like how BitTorrent, Kazaa, Limewire and others work. Throw in some cleverness like the Tor network (an anonymising encrypted network) where you can never really discover with accuracy who is requesting traffic, and any monitoring has just been circumvented. In fact, the protocol used to resolve
www.australian-hayabusa-club.com into the IP address 203.28.48.9 can be used to subvert filters and proxies. The firewall could also filter the incoming text off the website, except I'll just post the subversive material as a picture. Or a picture that has to be colour inverted, or a swirled picture that uses a de-swirling program to view.
So in the space of three paragraphs, I've just listed 8 ways to subvert certain types of filtering. If I were allowed to use a whiteboard, had a barista on hand, and the urge, I could undoubtedly brain storm hundreds if not thousands of ways to get data in and out under the eyes of the watchers without them being aware of what I'm doing. And this is exactly what those who have something to hide will be doing. Hiding illegal traffic amongst a sea of legitimate traffic. In fact, I can attest from my real experience (to the point of legal proceedings) the lengths people will go to hide what they're doing.
Ultimately the only way to stop this behaviour, as you mentioned the university was doing, is to simply block the whole Internet and instead make white-lists. White-lists in the sense of what you can look at, everything else is expressly forbidden.
My employer next year will carry somewhere more than 20 petabytes of traffic across cables under the Pacific and Indian oceans. That's 20,000,000 gigabytes. And that's ignoring domestic (i.e. inside Australia) traffic which is of a similar order of magnitude, and also ignoring the data that isn't carried directly on our Internet network. It's simply impossible to monitor that volume of data without either significantly degrading the performance of the network, or causing massive collateral damage to the usefulness of the Internet as a whole.
At which point we may as well give up on the Internet and deploy an Australia-Net, wholesome, pure and free of smut.
Except for those that managed to subvert the Australia-Net to ship around their illegal material, distributing content bought in on CDs from a trip to South East Asia. Give me a whiteboard and a cup of coffee...