Chinese censors interfered with the nation’s robust VPN network this week. So how did they do it? Here are some common strategies
For those living in mainland China, the temporary but excruciatingly widespread blockage of VPN (virtual private network) services is the most tangible sign that something political is happening domestically.
The annual meeting of the National People’s Congress (NPC) has triggered a crackdown on VPN providers, which allow customers to bypass China’s internet censorship, or the Great Firewall (GFW).
Many organizations, including non-profits, startups, academics, and corporations, rely on VPN to access services and resources such as news articles, Google’s search engine, and social media.
The meeting concluded yesterday (Wednesday as of publishing on e27), hopefully returning internet censorship in China to “normal” levels.
In many ways, the Great Firewall is associated more with slow internet and lowered productivity, not thwarted dissent. In countries where the internet is not as broadly censored as China’s, VPNs have a more niche audience who care about browsing privacy or need a secure connection to a remote network, such as a corporate intranet.
“Chinese users tend to focus on accessing censored websites, whereas our non-China users focus on enhancing their privacy,” said a spokesperson from a VPN service provider, who requested that the company remain anonymous.
“This doesn’t always have to be a trade-off, but it can be in some cases,” he said. “For example, there have been periods where the PPTP VPN protocol worked well in China and many of our China-based users did not hesitate to use it, despite well-known security flaws inherent to this VPN protocol.”
The popular appeal of VPNs in China speaks to the even more massive scale of the GFW, which has blocked 63,950 websites so far, according to GreatFire.org, a non-profit that collects data about the GFW.
That’s why crackdowns on VPNs matter to so many people – without VPNs, many businesses in China, particularly those with a global focus, would see losses in productivity and revenue.
In the context of the recent crackdown, TechNode spoke with a few VPN providers that cater to customers in China, and learned more about how the GFW takes down VPN services in China. Here are five things that can stop or slow your VPN connection:
ISP (Internet Service Provider) throttling
“Last year was absolutely hectic for getting the VPN to stay stable because [Chinese ISPs] pretty much slowed all the traffic to outside of China – you couldn’t get on any cloud internet sites. No one was getting any traffic,” says James Cox, a spokesperson for VPNinja, a Shanghai-based VPN provider that targets expats in China.
“Everyone assumes it’s the VPN but you can’t even get outside of the country in the first place,” he says. “Chinese New Year, every single year, it cuts. Actually, every public holiday, they limit the internet, slow it down. Inside of the country, [the internet connection] is amazing.”
ISP or bandwidth throttling is when internet service providers intentionally slow down internet services. State-owned Chinese ISPs, which have been known to aid government censorship, can employ ISP throttling to discourage users from accessing overseas websites. Last August, China Unicom was accused of deliberately slowing down connections to overseas websites so they could charge extra for premium services, an allegation they denied.
IP (internet protocol) address blocking
According to GreatFire.org, 8,056 IP addresses are currently blocked by the GFW. IP addresses refer to devices, such as servers, in a computer network. The GFW can block the IP addresses of VPN servers in order to take them down.
This can result in a temporary lapse in VPN connection. While the VPN provider is busy changing the IP address of the server, most users take this time to try other servers, which works if their IP addresses haven’t been targeted as well. According to Mr. Cox, it’s rumored that the Chinese government has people who sign up for VPN services with the purpose of retrieving server IP addresses to block.
“Something to be aware of: the ‘world’ has run out of IPv4 addresses,” said a spokesperson from a VPN service provider, who requested that the company remain anonymous. “As long as the Chinese Internet is predominantly an IPv4 network, replacing IP addresses will become increasingly expensive.”
According to Akamai’s Q3 2015 “State of the Internet” report, the American Registry for Internet Numbers (ARIN) had to waitlist a request for an IPv4 address for the first time last July. The internet registry for Africa, AFRINIC, handed out almost 5 million IPv4 addresses in Q3 2015, or about 11% of its available pool. According to Akamai’s report, AFRINIC is the only regional internet registry with a substantial pool of IPv4 addresses remaining.
Like phone numbers, IPv4 addresses can be reused and resold. However, if the address has already been blocked by the GFW, it’s essentially useless to VPN providers who need to readdress targeted servers. Some VPN providers give multiple IP addresses to a single server, which allows them to connect to clients when one or several other IP addresses have been blocked.
DNS (Domain Name Server) poisoning or hijacking is when the GFW intercepts requests for a certain domain name, say “www.facebook.com”, and redirects you to an incorrect IP address. This means that instead of serving you the right webpage, the DNS sends you elsewhere.
Sometimes VPN providers will have their domain name “poisoned” by the GFW. Similar to IP address blocking, VPN circumvent DNS poisoning by getting a new domain name.
Deep packet inspection
The GFW can use deep packet inspection (DPI) to identify VPN protocols in its network and cut VPN connections. However, according to one VPN provider, modifying protocols to get around is easy, while implementing DPI on a large scale is not, due to the volume of traffic.
“This is relatively easy to work around, simply by making small modifications to the protocol so that it goes unrecognized,” said a spokesperson from a VPN service provider, who requested that the company remain anonymous.
“They’re probably aware of this, as they haven’t used this technique to block the many other VPN protocols that exist,” he said. “It’s technically possible for them to improve these techniques, but extremely expensive to do so because of the amount of traffic involved.”
DPI can also be used to scan for more specific information like keywords. If someone is trying to search for something politically sensitive the GFW can block the connection.
Similar to ISP throttling, bandwidth limitations can affect internet speed and thus VPN connections. The more people who are sharing the same network, the slower the internet connection. In China, internet connections have to filter through the GFW as well. The more people using the internet, the more data the firewall has to process.
“There is a way that you can make it better,” says Mr. Cox. “If you switch servers in the same country, it’s not going to do much. For example, if you have a slow connection in the US, if you try switching to South Korea or something like that. You might go through a different section of the firewall that has different usage and you might get a faster connection.”
Bandwidth limitations can also apply to VPN connections, which slow down when users crowd on a single server. Using VPN at a less popular time of the day, such as early morning, may help.
The original article Behind The Scenes: Here’s Why Your VPN Is Down In China first appeared on Technode.
The post Behind the scenes: Here’s why your VPN is down in China appeared first on e27.