Major methods to “climb the wall” that have been introduced to Chinese netizens so far are using Tor and a VPN (virtual private network) service.

Tor:

As designed to for anonymity only, Tor absolutely became a good choice for netizens in China to circumvent the Great Firewall and for a period of time, the trend increased within the group.

The increasing popularity of Tor, along with what Tor is, has caught the eye of the Great Firewall which explains has been receiving special attention by the censors and treated differently ever since. There weren’t official records of when Tor first gain its visit from China that we could find during our research, but there have been reports and experiments on Tor being blocked, and how the Great Firewall worked its way up to enhance its ability on blocking Tor. The two major methods are blocking by protocol and blocking by endpoint (Winter P et al, 2012), which the development by time is to be discussed below.

2008 is when the attempt to block Tor started to appear on files. Netizens have reportedly noticed that they were not able to reach the official web site of the Tor Project (Winter P et al, 2012). It seemed that the Great Firewall was simply blocking Tor by IP:port filtering to stop netizens from downloading the Tor Browser Bundle from its official website, while the plenty of mirrors operated by volunteers are still accessible. There were report showing a user somehow managed to download a copy of the Tor client and use the network without interference (Winter P et al, 2012).

According to the Tor Project reported in September 2009, the Great Firewall blocked the public list of relays and directory authorities by simple IP address blocks. As stated in the research by Winter P et al, “The directory authorities serve the consensus, which is a directory containing all public Tor relays. The directory is downloaded by Tor clients during the bootstrapping phase, and blocking this step effectively blocked the public Tor network.” Up till then, about 80% of the public relays are blocked by IP address and TCP port combination. (The Tor Project, 2009).

As the functionality of the Great Firewall extended, the Tor developers had implemented the concept of connecting using unpublished relays, which are also called bridges, meant to provide specific hidden connection to the Tor network for censored netizens.

However, this solution wasn’t perfect to deal with the censors. According to Winter P’s research: “Along with bridges comes the bridge distribution problem: while in an ideal world, bridges should only be given to censored users, a censor can always mimic users and obtain—and then block—bridge addresses the same way. The current approach to the bridge distribution problem is to make it easy to get some of them but hard to get all of them, because then a censor could simply block them all.” After all, this method was heavily used to pinpoint the Great Firewall during the time it was functional (Winter P et al, 2012).

The popular use of bridges once again won a place in the radar of the Great Firewall. As of March 2010, the usage of Tor dropped to the lowest as shown in Figure 3(Winter P et al, 2012). The explanation for this situation is clear enough: the Great Firewall started to filter some of the more popular bridges (Winter P et al, 2012). Here is something about bridges: “Bridges can be configured to be either public or private. A public bridge announces its existence to the public bridge database operated by the Tor developers so that it can be distributed automatically to people who need a bridge. A private bridge remains silent and hence only known to its operator.” (Winter P et al, 2012). 

 

Figure 3) bridge users connecting from China between 2009 and 2010. Source: Winter P et al, 2012.

 

Here is an analysis on how bridges were being blocked according to an experiment conducted by Winter and Lindskog:

“How Are Bridges and Relays Blocked?

The first step in bootstrapping a Tor connection requires connecting to the directory authorities to download the consensus which contains all public relays.

Using our Russian relay, we found out that when a client in China connects to a relay, the GFC lets the TCP SYN pass through but drops the SYN/ACK sent by the bridge to the client. The same happens when a client tries to connect to a blocked bridge. However, clients are still able to connect to different TCP ports as well as ping the bridge. We believe that the reason for the GFC blocking relays and bridges by IP:port tuples rather than by IPs is to minimise collateral damage.

How Long Do Bridges Remain Blocked?

To answer this question, we started two Tor bridges on our machine in Singapore. Both Tor processes were private bridges and listening on TCP port 27418 and 23941, respectively. Both ports were chosen randomly.

In the next step, we made the GFC block both IP:port tuples by initiating Tor connections to them from our VPS in China. After both tuples were blocked, we set up iptables rules on our machine in Singapore to whitelist our VPS in China to port 23941 and drop all other connections to the same port. That way, the tuple appeared unreachable to the GFC but not to our Chinese VPS. Port 27418 remained unchanged and hence reachable to the GFC. We then started monitoring the reachability of both Tor processes by continuously trying to connect to them using telnet from our VPS.

After approximately 12 hours, the Tor process behind port 23941 (which appeared to be unreachable to the GFC) became reachable again whereas connections to port 27418 still timed out and continued to do so. In our iptables logs we could find numerous connection attempts originating from Chinese scanners. This observation shows that once a Tor bridge has been blocked, it only remains blocked if Chinese scanners are able to continuously connect to the bridge. If they cannot, the block is removed.”

 

According to users in China, they had to instantly change their bridges in order to use Tor frequently (The Tor Project, 2010). They received private bridges that were manually given to them via emails, and this act has kept them under the radar for months, even though this way was never ideal. But things changed in late 2011, when the again raise of the Great Firewall was not predicted.  

On October 4, 2011 a user reported to the Tor bug tracker that unpublished bridges appeared to get blocked within only minutes of their first use within China (Winter. P et al 2010, Winter. P et al 2012). Again, bridges were designed and aimed to be used by censored netizens to enter the Tor network from its back door when the front gate is permanently closed. “While the GFC’s above-mentioned blocking attempts consisted mostly of simple IP blocks and Web site crawling, the next section outlines a drastic increase in sophistication and complexity.” according to Winter P (2012).

Tor continues its way around the Great Firewall after four years’ time of hitting the wall, but reports shows that the access can be circumvented easily by using HTTPS instead of plain HTTP, as the Great Firewall has its limitation: an encrypted traffic can keep the substring undetected by the DPI boxes. (Winter P et al, 2012).

 

VPN:

A virtual private network (VPN) extends a private network across the Internet, at the simplest understanding for censored netizens, it changes the IP from the source devices. This way is used to penetrate the Great Firewall aiming at the most basic way of its operation: filtering by IP address. And as VPN service providers are much more easier to approach, and there are more and more VPN applications for Chinese smartphone users, this method is widely accepted in China during the fall of Tor.

These services were originally introduced and often used by people who practice Falun Gong in China and/or overseas to communicate and share messages  (The Congressional-Executive Commission on China, retrieved 2015). As the number of Chinese international students and migrants raise in recent years, these applications and service providers became aware in much larger groups of Chinese netizens in China and overseas. It is also widely used by foreign companies and organisations having their practices in China to keep their communication and trades with their head office and clients, partners in other countries.

Apart from FreeGate, Fire Phoenix etc which have been established for years, newly developed apps such as GreenVPN, StrongVPN and TX APP are widely used in China and users can simply change their IPs to foreign countries with a one simple click.