[liberationtech] What could we at Liberationtech do to help pro-democracy HK activists protest China's new security law?

Fri May 29 06:36:46 CEST 2020

I also meant to mention that it’s been awhile since something not intended
specifically for China is likely to work for any reasonable length of time
in China. In our (Lantern’s) case, none of the protocols we knew of just a
week ago work today, and that’s not a particularly unusual sequence of
events. It’s pretty much been that way for the last year since the 30th
Anniversary of Tiananmen Square in June 4th and the following unrest in HK.

In our experience, we constantly have to come up with new ideas and/or
tweaks to old ideas to keep things running.

-Adam

On Thu, May 28, 2020 at 11:54 AM Adam Fisk <afisk at getlantern.org> wrote:

> I do think Martin's point, which I fully agree with, highlights a
> common misconception, namely that Tor is widely used as censorship
> circumvention tool. While the Tor team has done incredible work in
> this general area, particularly with the idea of pluggable transports
> and with David's great work furthering domain fronting with meek, the
> reality is that Tor is overwhelmingly used as a privacy tool and is
> quite rarely used for censorship circumvention, particularly when
> compared with other tools. This is certainly not a criticism of Tor,
> but rather an effort to clear up a widespread misunderstanding that's
> frequently repeated.
>
> Sina's perfectly correct point about meek in China actually
> illustrates this in a couple of ways. First, meek over Azure, were it
> were to have more funding, is one of the most expensive ways to bypass
> censorship because you have to pay Azure CDN rates. If that were to
> reach scale (like, say, over 10Gbps), you could theoretically
> negotiate better rates, but it would still be 2x or more the cost of
> other approaches because the CDN hop is just an additional cost.
> Beyond that, routing via CDNs with domain fronting is typically slower
> due to the extra hop and also, depending on the implementation, extra
> wrapping of messages to tunnel TLS end-to-end. If users require
> anonymity, that could be well worth the extra cost and slower speed,
> but it doesn't apply to most users for practical purposes.
>
> Regarding HK, I agree that providing access to citizens in mainland
> China so that they stay informed could theoretically be effective.
> With the current National People's Congress meetings, all widespread
> tools I'm aware of are under some form of attack, with many blocked.
> The only other piece that comes to mind as potentially useful is
> translations of tools into Cantonese. VPN use in HK has skyrocketed
> over the last week or so.
>
> -Adam
>
> On Thu, May 28, 2020 at 8:46 AM Richard Brooks <rrb at g.clemson.edu> wrote:
> >
> > Current crowdsourced rankings of GFW resilient VPNs:
> >
> > https://cc.greatfire.org/en
> >
> > Never heard of Torjan.
> >
> >
> > On 5/28/20 6:19 AM, Martin Johnson wrote:
> > > Tor does not work in China. There is a bridge available that is
> supposed to run over Microsoft
> > > Azure, but in my experience it doesn't work either. Tor has very few
> users in China.
> > >
> > > Psiphon does work but tends to perform at below-average speed.
> > >
> > > Lantern has a long record of performing quite well in China. In
> addition I would recommend our own
> > > circumvention tool - FreeBrowser - for Android users.
> > >
> > > On 5/27/20 2:55 PM, Sandy Harris wrote:
> > >> Anything that helps users bypass the Great Firewall will also help
> Hong Kong, certainly by letting
> > >> people on the mainland get uncensored info instead of just the Party
> Line & possibly by preventing
> > >> monitoring of HK communications. Tor & Psiphon are the best-known
> such projects, but there are lots
> > >> of others.
> > >> https://en.wikipedia.org/wiki/Psiphon
> > >>
> > >> Could we help out by getting Tor, Psiphon and/or other tools
> incorporated into Linux router projects
> > >> and/or Freedom Box?
> > >> https://freedomboxfoundation.org/
> > >>
> > >> Could we go further? One of the GFW's blocking methods is to send out
> bogus TCP reset packets in
> > >> both directions to break the connection. Should all routers
> connecting to China drop those packets?
> > >> Should end user systems like Linux distros have an easily set option
> to ignore them? Anyone want to
> > >> write a Best Current Practice RFC?
> > >
> > >
> >
> > --
> > Liberationtech is public & archives are searchable from any major
> commercial search engine. Violations of list guidelines will get you
> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> change to digest mode, or change password by emailing
> lt-owner at lists.liberationtech.org.
>
>
>
> --
> --
> Adam
> pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
>
> --
> --
> President
> Brave New Software Project, Inc.
> https://www.getlantern.org
> A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
>
-- 
--
President
Brave New Software Project, Inc.
https://www.getlantern.org
A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200528/39d0c793/attachment.html>