Golden Shield project

The Golden Shield Project ( Chinese 金盾工程 , Pinyin jindun Gongcheng , English Golden Shield Project ), sometimes called the Great Firewall of China based on the Great Wall of China ( English Great Wall of China ), is a project of the Chinese Ministry of State Security to monitor and censor internet traffic in China. Development started in 1998 and the project went into operation across the country in 2003. According to the Ministry of State Security, the project represents a communication and information network that is intended to increase the potential and efficiency of the executive branch.

history

In 1998 the Democratic Party of China (CDP) was founded as one of the first opposition parties, which focused, among other things, on the possibilities and use of technical means of communication such as the Internet, e-mail and pager systems with which a large number of people and thus the electorate , can be achieved. The Chinese Communist Party feared a digital revolution, caused by the Democratic Party of China, through the emergence of a new and powerful network that the existing parties in power could not control.

The CDP was immediately banned, followed by rigorous arrests. In the same year the Golden Shield Project was launched. The first phase of the project was completed eight years later, in 2006, followed by phase 2. According to China Central Television (CCTV), the upfront costs of the project amounted to 800 million US dollars by 2002, the equivalent of around 505 million euros.

On December 6, 2002, 300 project employees from 31 provinces and cities in China went on a four-day “shopping tour” , on which many “Western” high-tech products from the areas of Internet security, video surveillance technology and biometrics were purchased. It is estimated that around 30,000 executive bodies were involved in this gigantic project at the time.

The project deals, among other things, with blocking unwanted content and information. This is achieved by preventing the routing of certain IP addresses - a function made available by standard firewalls and proxy servers. The system also uses selective DNS poisoning when trying to reach undesired IP addresses. The government does not appear to be systematically analyzing the information made available on the Internet, as this would not be manageable from a technical point of view.

Shortly before the 20th anniversary of the Tian'anmen massacre , internet censorship was massively expanded in the People's Republic of China . The blocks affected Twitter , Flickr , YouTube and numerous blogs , among others .

At the first World Internet Conference in November 2014 in Wuzhen, China, the Chinese government is promoting global Internet supervision. China must set its own rules in cyberspace, said Prime Minister Li Keqiang. China's government wants to strengthen the administration of the Internet according to its laws. Internet censorship behind the “Great Firewall” has increased steadily since party leader Xi Jinping came to power in March 2013. Even tunnel services (VPN), with which users can bypass the blockages, are massively disrupted; some of them are blocked in real time.

Since the beginning of 2017, all VPN providers have required state approval. Apple has been asked to remove VPN apps in China that do not comply with the new regulations. From February 2018, private individuals will be prohibited from accessing VPN services.

Use

In September 2002, Li Runsen, technical director and board member, introduced the project to thousands of members of the executive branch at an information event in Beijing called "Information Technology for China's National Security".

In October 2001, Greg Walton of the International Center for Human Rights and Democratic Development published the following report:

“Old style censorship is being replaced with a massive, ubiquitous architecture of surveillance: the Golden Shield. Ultimately, the aim is to integrate a gigantic online database with an all-encompassing surveillance network - incorporating speech and face recognition, closed-circuit television, smart cards, credit records, and Internet surveillance technologies. "

“The old-fashioned censorship has been replaced by a massive, ubiquitous surveillance machinery: the golden shield. Without a doubt, the aim of the project is to create a gigantic online database of data such as voice and face recognition, video surveillance, smart cards, money transactions and internet surveillance technologies for the purpose of an all-encompassing surveillance network. "

- Greg Walton

The Chinese government sees the Golden Shield as the most important project for securing and maintaining political power. In July 2007, the authorities intensified the use of the monitoring and control options of the "great firewall" and interrupted e-mail traffic on the occasion of the Shanghai Cooperation Organization Meeting in August 2007.

Technical information

Some common methods of censoring content are:

Blocking IP addresses: Access to a specific IP address or even complete subnets is prevented. If the target information, for example a website, is on the same system with other websites (shared hosting), all pages on this system are blocked. This applies to all TCP and UDP protocols such as HTTP , FTP , SMTP or POP . A typical method for subverting this blockage is to use a proxy server that has access to the inaccessible system. However, proxies can also be blocked or manipulated; websites such as Wikipedia partially block proxies in order to protect themselves against vandalism. Some large content providers like Google started using additional IP address spaces to bypass these measures. However, these address spaces were later also included in the blockade.

DNS filtering and redirection: Inquiries regarding an undesired domain name in the DNS are rejected or answered with an incorrect IP address. This applies to all TCP and UDP protocols such as HTTP, FTP, SMTP or even POP. A typical method for infiltration is the use of a DNS server that answers the requests correctly. Normally, however, these are blocked by one or more of the methods listed here, usually IP blocking. Another way to bypass this technique is to bypass the use of DNS if the IP address for the name in question can also be obtained via other means. Examples of this are changing the local hosts file or using IP addresses instead of names in the web browser. Websites that are identified via virtual hosts on the server cannot be reached in a targeted manner using the latter method.

Url filter

Packet filter: TCP connections are terminated when there are a certain number of controversial keywords in a TCP packet. This applies to all TCP protocols that transmit the data part unencrypted, such as HTTP, FTP and POP. The packet filters are mainly used to check queries to search engines and to check them if necessary. Typical methods for infiltration are the use of encrypted transmission methods such as VPN and SSL, the encoding ( escaping ) of HTML content or the reduction of the packet size of the TCP / IP stack, which means that any censored words are distributed over as many independent packets as possible .

Connection reset: If a previous TCP connection was terminated by a filter, further connection attempts between the two hosts are prevented for the next 30 minutes. Of course, this can also lead to "collateral blocking", as websites that are not subject to censorship but are made available on the same host can no longer be accessed through this procedure. The same applies to NAT routers , since any blockages caused by individual NAT users behind the router affect the router itself and thus the entire network it supplies. In order to bypass connection resets, both hosts have to ignore the TCP RESET packet, which is sent by the firewall using spoofing .

Research into how it works

At the 32nd Chaos Communication Congress (32C3) of the Chaos Computer Club in 2015, the topic of the Chinese firewall and its research was taken up. The research team and computer scientist Philipp Winter showed how the firewall is structured and how it manages to block attempts at infiltration.

As soon as the firewall determines via deep packet inspection that a connection looks suspicious, it tries to connect itself to the foreign server. If the server abroad is, for example, a Tor server, the connection is immediately terminated and the destination blocked. But SSH or VPN connections can also be recognized and filtered in this way. A solution to this process, called "Active Probing" by the team, appears complex, especially given the performance of the firewall. When looking through the Tor logs, the researchers noticed that the firewall appears to have well over 16,000 IP addresses. This suggests a corresponding size of the firewall server.

Censored content

Research on internet censorship in the People's Republic of China has shown that website censorship relates to, among other things:

Websites of outlawed or oppressed groups such as Falun Gong and democratic activists.

News sources dealing with taboo topics such as police brutality, free speech, democracy and Marxism. The best known of these sources include Voice of America , the Chinese pages of BBC News, and Yahoo! Hong Kong .

Sites related to Taiwan, its government, the media, or other organizations.

Sites that offer religious content.

Websites with obscene, pornographic and criminal content.

Pages related to the 14th Dalai Lama Tendzin Gyatsho and spreading his teachings, as well as pages related to the International Tibet Independence Movement .

Sites classified as "subversive" by the government.

Blogging portals such as blogger.com, wordpress.com are repeatedly inaccessible for long periods of time.

Social networks like Facebook , Twitter and YouTube .

Some sites that offer communication via e-mail , e . a. Gmail .

Censored websites are indexed with very poor ratings in Chinese search engines like Baidu and are therefore listed far behind in the search results.

Infiltration

Web hosts can host websites in China and thus offer them regionally. This prevents the content from having to pass through the Great Firewall of China; however, this requires that the operators hold a state “ICP” license.

VPN connections prevent the methods used by the Golden Shield Project, as the filters are not able to check encrypted data traffic - however, the speed of encrypted connections using QoS is severely limited or interrupted by the firewalls.

Using an anonymity-promoting network such as Tor . Thanks to new technology, the firewall is now able to recognize and block many Tor connections.

Obtaining information in a format unsuitable for filters, for example as an image file.

Web links

Spiegel.de - Topic "China's Internet Censorship"
Breaking Through the “Golden Shield” (EN) ( Memento from December 3, 2010 in the Internet Archive )

Individual evidence

↑ Michael Metzger: Web 0.0 in China , Zeit online , June 3, 2009.
↑ Markus Ackeret, Beijing: The new Chinese wall. In: nzz.ch. Neue Zürcher Zeitung, November 12, 2014, accessed on August 23, 2017 .
↑ dpa-Newskanal: China continues to pull up the wall of internet censorship. In: sueddeutsche.de. Süddeutsche Zeitung, January 26, 2015, accessed on August 23, 2017 .
↑ Eike Kühl: Apple is not a human rights organization. In: zeit.de. ZEIT ONLINE, July 31, 2017, accessed on August 23, 2017 .
^ Rights & Democracy: China's Golden Shield ( Memento July 19, 2011 in the Internet Archive ). October 2001.
↑ zdnetasia.com
↑ Heise Online: 32C3: How China's Great Firewall is sabotaging Tor connections , December 31, 2015
↑ Video: How the Great Firewall discovers hidden circumvention servers , December 28, 2015

[1] Michael Metzger: Web 0.0 in China , Zeit online , June 3, 2009.

[2] Markus Ackeret, Beijing: The new Chinese wall. In: nzz.ch. Neue Zürcher Zeitung, November 12, 2014, accessed on August 23, 2017 .

[3] -Newskanal: China continues to pull up the wall of internet censorship. In: sueddeutsche.de. Süddeutsche Zeitung, January 26, 2015, accessed on August 23, 2017 .

[4] Eike Kühl: Apple is not a human rights organization. In: zeit.de. ZEIT ONLINE, July 31, 2017, accessed on August 23, 2017 .

[5] Rights & Democracy: China's Golden Shield ( Memento July 19, 2011 in the Internet Archive ). October 2001.

[6] zdnetasia.com

[7] Heise Online: 32C3: How China's Great Firewall is sabotaging Tor connections , December 31, 2015

[8] Video: How the Great Firewall discovers hidden circumvention servers , December 28, 2015