World Library  
Flag as Inappropriate
Email this Article

Golden Shield Project

 

Golden Shield Project

The Golden Shield Project (Chinese: 金盾工程; pinyin: jīndùn gōngchéng), also known as the Great Firewall of China[1] (Chinese: 防火长城; pinyin: fánghuǒ chángchéng) which is a censorship and surveillance project that blocks potentially unfavorable incoming data from foreign countries, is operated by the Ministry of Public Security (MPS) of the government of China. The project was initiated in 1998 and began operations in November 2003.[2] It is now used to attack international web sites using Man-on-the-side DDoS, for example to attack GitHub on 2015/03/28.[3]

Contents

  • History 1
  • Purpose 2
    • Blocking methods 2.1
  • Censored content 3
  • Bypassing 4
  • Unblocking 5
  • Exporting technology 6
  • Protest in China 7
  • See also 8
  • Notes 9
  • References 10
  • External links 11

History

The political and ideological background of the Golden Shield Project is considered to be one of Deng Xiaoping’s favorite sayings in the early 1980s: "If you open the window for fresh air, you have to expect some flies to blow in." (Chinese: 打开窗户,新鲜空气和苍蝇就会一起进来。; pinyin: Dǎkāi chuānghù, xīnxiān kōngqì hé cāngying jiù huì yìqǐ jìnlái.[nb 1]) The saying is related to a period of the economic reform of China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values, and political ideas of the Communist Party of China have had to be protected by "swatting flies" of other unwanted ideologies.[4]

The Internet in China arrived in 1994,[5] as the inevitable consequence of and supporting tool for the "socialist market economy". Gradually, while Internet availability has been increasing, the Internet has become a common communication platform and tool for trading information.

The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4-6, are: "Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promotes the overthrow of the government or socialist system; undermines national unification; distorts the truth, spreads rumors, or destroys social order; or provides sexually suggestive material or encourages gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval."[6]

In 1998, the Communist Party of China feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control.[7] The CDP was immediately banned, followed by arrests and imprisonment.[8] That same year, the Golden Shield project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the Golden Shield project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System".[9] At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000-50,000 police are employed in this gigantic project.[10]

A subsystem of the Golden Shield has been nicknamed "the Great Firewall" (防火长城) (a term that first appeared in a Wired magazine article in 1997)[11] in reference to its role as a network firewall and to the ancient Great Wall of China. This part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers at the six[12] Internet gateways. The system also selectively engages in DNS cache poisoning when particular sites are requested. The government does not appear to be systematically examining Internet content, as this appears to be technically impractical.[13] Because of its disconnection from the larger world of IP routing protocols, the network contained within the Great Firewall has been described as "the Chinese autonomous routing domain".[14]

During the 2008 Summer Olympics, Chinese officials told Internet providers to prepare to unblock access from certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners were expected to work or stay.[15]

Purpose

In September 2002, Li Runsen, the technology director at Ministry of Public Security and member of the Golden Shield leadership, further explained this broad definition to thousands of police nationwide at a meeting in Beijing called "Information Technology for China’s Public Security".

In October 2001, Greg Walton of the International Centre for Human Rights and Democratic Development published a report; he wrote:

Old style censorship is being replaced with a massive, ubiquitous architecture of surveillance: the Golden Shield. Ultimately, the aim is to integrate a gigantic online database with an all-encompassing surveillance network – incorporating speech and face recognition, closed-circuit television, smart cards, credit records, and Internet surveillance technologies.[16]

The empirical study by the OpenNet Initiative (collaboration between Harvard Law School, University of Toronto Citizen Lab, and Cambridge Security Program) found that China has the most sophisticated content-filtering Internet regime in the world. Compared to similar efforts in other countries, CPC Government effectively filters content by employing multiple methods of regulation and technical controls. In contrast, the PRC-sponsored news agency, Xinhua, stated that censorship targets only "superstitious, pornographic, violence-related, gambling and other harmful information."[17]

In July 2007, authorities intensified the "monitoring and control" of The Great Firewall, causing

  • China Digital Times: Internet Control
  • Breaking Through the "Golden Shield"
  • ViewDNS.info - Chinese Firewall Test - Tests if Golden Shield is performing DNS filtering/redirection on your domain within mainland China.
  • Dotcom-Monitor- Tests if a website (or third-party hosts to a website) is filtered from within Great Firewall of China using an actual Internet Explorer browser
  • Website Test behind the Great Firewall of China

function Protection.new(args, cfg, title) local obj = {} obj._cfg = cfg obj.title = title or mw.title.getCurrentTitle() -- Set action if not args.action then obj.action = 'edit' elseif Protection.supportedActions[args.action] then obj.action = args.action else error(string.format( 'invalid action ("%s")', tostring(args.action) ), 3) end -- Set level obj.level = args.demolevel or effectiveProtectionLevel(obj.action, obj.title) if not obj.level or (obj.action == 'move' and obj.level == 'autoconfirmed') then -- Users need to be autoconfirmed to move pages anyway, so treat -- semi-move-protected pages as unprotected. obj.level = '*' end -- Set expiry if args.expiry then if cfg.indefStrings[args.expiry] then obj.expiry = 'indef' elseif type(args.expiry) == 'number' then obj.expiry = args.expiry else obj.expiry = validateDate(args.expiry, 'expiry date') end end -- Set reason if args[1] then obj.reason = mw.ustring.lower(args[1]) if obj.reason:find('|') then error('reasons cannot contain the pipe character ("|")', 3)

Protection.bannerConfigFields = { 'text', 'explanation', 'tooltip', 'alt', 'link', 'image' }

Protection.supportedActions = { edit = true, move = true, autoreview = true }

local Protection = {} Protection.__index = Protection


-- Protection class


local function walkHierarchy(hierarchy, start) local toWalk, retval = {[start] = true}, {} while true do -- Can't use pairs() since we're adding and removing things as we're iterating local k = next(toWalk) if k == nil then break end toWalk[k] = nil retval[k] = true for _,v in ipairs(hierarchy[k]) do if not retval[v] then toWalk[v] = true end end end return retval end

local function toTableEnd(t, pos) -- Sends the value at position pos to the end of array t, and shifts the -- other items down accordingly. return table.insert(t, table.remove(t, pos)) end

local function makeFullUrl(page, query, display) return string.format( '[%s %s]', tostring(mw.uri.fullUrl(page, query)), display ) end

-- Validation function for the expiry and the protection date local function validateDate(dateString, dateType) lang = lang or mw.language.getContentLanguage() local success, result = pcall(lang.formatDate, lang, 'U', dateString) if success then result = tonumber(result) if result then return result end end error(string.format( 'invalid %s ("%s")', dateType, tostring(dateString) ), 4) end

local function makeCategoryLink(cat, sort) local nsText = mw.site.namespaces[14].name if cat and sort then return string.format( '%s', nsText, cat, sort ) elseif cat then return string.format( '%s:%s', nsText, cat ) else return end end


-- Helper functions


-- Set constants. local CONFIG_MODULE = 'Module:Protection banner/config'

-- Lazily initialise modules and objects we don't always need. local getArgs, makeMessageBox, lang

-- Initialise necessary modules. require('Module:No globals') local makeFileLink = require('Module:File link')._main local effectiveProtectionLevel = require('Module:Effective protection level')._main local yesno = require('Module:Yesno')

-- This module implements and its daughter templates such as -- , and .

External links

  1. ^
  2. ^
  3. ^
  4. ^ R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
  5. ^
  6. ^ "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  7. ^ Goldman, Merle Goldman. Gu, Edward X. [2004] (2004). Chinese Intellectuals between State and Market. Routledge publishing. ISBN 0415325978
  8. ^
  9. ^ 首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集 (Chinese)
  10. ^
  11. ^ http://www.economist.com/news/special-report/21574631-chinese-screening-online-material-abroad-becoming-ever-more-sophisticated
  12. ^ http://www.nbcnews.com/technology/welcome-wyoming-how-chinas-great-firewall-could-have-sent-web-2D11970733
  13. ^
  14. ^
  15. ^
  16. ^
  17. ^ China and the Internet. International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  18. ^
  19. ^
  20. ^
  21. ^
  22. ^
  23. ^
  24. ^
  25. ^
  26. ^ Will Google's help breach the great firewall of China? By: Marks, Paul, New Scientist, 02624079, 4/3/2010, Vol. 205, Issue 2754
  27. ^ a b c d e "Splinternet Behind the Great Firewall of China: The Fight Against GFW", Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
  28. ^ "Leaping the Great Firewall of China ", Emily Parker, Wall Street Journal, 24 March 2010. Retrieved 11 October 2013.
  29. ^ "Ignoring the Great Firewall of China", Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20-35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
  30. ^
  31. ^ (Chinese) 如何访问维基百科#当前情况
  32. ^
  33. ^
  34. ^

References

  1. ^ There are several variants of this saying in Chinese, including "如果你打开窗户换新鲜空气,就得想到苍蝇也会飞进来。" and "打开窗户,新鲜空气进来了,苍蝇也飞进来了。". Their meanings are the same.
  2. ^ For an example, see

Notes

See also

Despite strict government regulations, the Chinese people are continuing to protest against their government’s attempt to censor the Internet. The more covert protesters will set up secure SSH and VPN connections using tools such as UltraSurf. They can also utilize the widely available proxies and virtual private networks to fanqiang(翻墙), or "climb the wall." Active protest is not absent. Chinese people will post their grievances online, and on some occasions, have been successful. In 2003, the death of Sun Zhigang, a young migrant worker, sparked an intense, widespread online response from the Chinese public, despite the risk of the government’s punishment. A few months later, Prime Minister Wen Jiabao abolished the Chinese law that led to the death of Sun. Ever since, dissent has regularly created turmoil on the Internet in China.[33] Also in January 2010, when Google announced that it will no longer censor its Web search results in China, even if this means it might have to shut down its Chinese operations altogether, many Chinese people went to the company’s Chinese offices to display their grievances and offer gifts, such as flowers, fruits and cigarettes.[34]

Protest in China

Reporters Without Borders suspects that regimes such as Cuba, Zimbabwe and Belarus have obtained surveillance technology from China.[32]

Exporting technology

  • The English-language BBC website (but not the Chinese language website).[30]
  • [31]
  • Social websites and free web hosting websites. However, these have also been re-blocked.
  • Some foreign news websites.

Certain sites have begun to be partially unblocked, including:

Unblocking

  • Proxy servers outside China can be used, although using just a simple open proxy (HTTP or SOCKS) without also using an encrypted tunnel (such as HTTPS) does little to circumvent the sophisticated censors.[27]
  • Companies can establish regional Web sites within China. This prevents their content from going through the Great Firewall of China; however, it requires companies to apply for local ICP licenses.
  • Onion routing, such as I2P or Tor, can be used.[27]
  • Freegate, Ultrasurf, and Psiphon are free programs that circumvent the China firewall using multiple open proxies, but still behave as though the user is in China.[27]
  • VPNs (virtual private network) and SSH (secure shell) are the powerful and stable tools for bypassing surveillance technologies. They use the same basic approaches, proxies and encrypted channels, used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.[27]
  • Open application programming interface (API) used by Twitter which enables to post and retrieve tweets on sites other than Twitter. "The idea is that coders elsewhere get to Twitter, and offer up feeds at their own URLs—which the government has to chase down one by one." says Jonathan Zittrain, co-director of Harvard's Berkman Center for Internet and Society.[28]
  • Reconfiguration at the end points of communication, encryption, discarding reset packets according to the TTL value (time to live) by distinguishing those resets generated by the Firewall and those made by end user, not routing any further packets to sites that have triggered blocking behavior.[29]

Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.[27]

Bypassing

According to The New York Times, Google has set up computer systems inside China that try to access Web sites outside the country. If a site is inaccessible, then it is added to Google China's blacklist.[25] However, once unblocked, the Web sites will be reindexed. Referring to Google's first-hand experience of the great firewall, there is some hope in the international community that it will reveal some of its secrets. Simon Davies, founder of London-based pressure group Privacy International, is now challenging Google to reveal the technology it once used at China's behest. "That way, we can understand the nature of the beast and, perhaps, develop circumvention measures so there can be an opening up of communications." "That would be a dossier of extraordinary importance to human rights," Davies says. Google has yet to respond to his call.[26]

Blocked Web sites are indexed to a lesser degree, if at all, by some Chinese search engines. This sometimes has considerable impact on search results.[24]

Mainland Chinese Internet censorship programs have censored Web sites that include (among other things):

Censored content

Method Description
IP blocking The access to a certain IP address is denied. If the target Web site is hosted in a shared hosting server, all Web sites on the same server will be blocked. This affects all IP protocols (mostly TCP) such as HTTP, FTP or POP. A typical circumvention method is to find proxies that have access to the target Web sites, but proxies may be jammed or blocked. Some large Web sites allocated additional IP addresses to circumvent the block, but later the block was extended to cover the new addresses.[20]
DNS filtering and redirection Doesn't resolve domain names, or returns incorrect IP addresses. This affects all IP protocols such as HTTP, FTP or POP. A typical circumvention method is to find a domain name server that resolves domain names correctly, but domain name servers are subject to blockage as well, especially IP blocking. Another workaround is to bypass DNS if the IP address is obtainable from other sources and is not blocked. Examples are modifying the Hosts file or typing the IP address instead of the domain name in a Web browser.
URL filtering Scan the requested Uniform Resource Locator (URL) string for target keywords regardless of the domain name specified in the URL. This affects the Hypertext Transfer Protocol. Typical circumvention methods are to use escaped characters in the URL, or to use encrypted protocols such as VPN and SSL.[nb 2]
Packet filtering Terminate TCP packet transmissions when a certain number of controversial keywords are detected. This affects all TCP protocols such as HTTP, FTP or POP, but Search engine pages are more likely to be censored. Typical circumvention methods are to use encrypted protocols such as VPN and SSL, to escape the HTML content, or reducing the TCP/IP stack's MTU, thus reducing the amount of text contained in a given packet.
Connection reset If a previous TCP connection is blocked by the filter, future connection attempts from both sides will also be blocked for up to 30 minutes. Depending on the location of the block, other users or Web sites may be also blocked if the communications are routed to the location of the block. A circumvention method is to ignore the reset packet sent by the firewall.[21]
SSL man-in-the-middle attack makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.[22]
Active IP probing makes active probing and distinguish content of CDNs and large computer farms when victims access unknown website, such as non-public Google IP. Future connection attempts blocked with IP blocking or DNS filting.
VPN/SSH traffic recognition recognize VPN/SSH traffic

Some commonly used technical methods for censoring are:[19]

Blocking methods

[18]

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 



Copyright © World Library Foundation. All rights reserved. eBooks from Hawaii eBook Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.