A solution that Tor has been using with china is to host bridges on something like AWS. In order for china to block the bridges, they must also block all of AWS IP space.
Roskomnadzor can block whole AWS and there will be neither rioting not even a significant outrage. They can even turn to whitelisting. The only reason they don't do it is that it is still considered unnecessary.
The reason it is considered unnecessary is that the existing blocks work enough to cover the most of the population, who aren't technically savvy enough and would not bother to take the special effort. This is enough to lower the reach of sources that contain information not approved by the government to where it doesn't pose any danger to the regime. The same concept as "kitchen talks" in the USSR, only on the Internet - you can have VPN in your own "kitchen", as long as it stays there it will be ignored.
So, if Tor browsing becomes easy enough for a common citizen to use, they will disrupt it just enough so that common citizen won't be able to use it, and would stop there.
The reason it’s unnecessary is because current mechanisms are enough to stop Google and FB from making money on Chinese citizens, which makes it unprofitable to spy and manipulate them.
They've already got their hands on ProtonVPN, Nord VPN, Opera VPN and a number (about 8-10, I think?) of others.
Their system analyzes all the traffic and tries to identify VPN packets, so I don't really see why wouldn't they block all the providers should they need to.
There are still ways to mask the traffic, but a regular user can only be bothered so much.
Yes, many businesses rely on VPN, but I can imagine that RKN might just come up with some great white-list idea.
"Rubber hose key extraction" is a USA idiom representing a beating with a rubber hose with is supposed to be a way to inflict pain without leaving lasting marks so it can be used by the authorities to extract information without leaving evidence of the beating - IIRC there are recorded past cases of some sheriff's departments doing this.
Other cultures don't bother as much with the aspect of leaving lasting marks. The equivalent Russian language idiom is 'thermorectal cryptanalysis' which involves a soldering iron inserted into the anus and is expected to reveal passwords of any length within a minute.
There are plenty of VPS providers in Russia, and many users have already been forced to move there because Visa and Mastercard made impossible paying for foreign services. (It is very difficult to find some action more harmful to anti-Putin dissidents and beneficial to Putin than this ban!)
And large subnets were blocked back then, blocking many unrelated websites/services at once. IIRC even some of RKN's own services were temporarily disrupted by that, but generally they don't shy away from inflicting collateral damage. There's no shortage of cases of blocking large websites for humorous or silly pictures and texts (not even political), too.
Seems like very elaborate pr stunt and what exactly did they stand to gain from this? I’d hesitate to explain something with a great conspiracy what is much simply explained with incompetence
They gain a lot of coverage as an unbendable brave service that does not bow to the requests of Russian government. So all the dissidents start using it for communication.
And the only downside is that RKN will have an even worse reputation... Which already was beyond worse of the worse, so nothing is really lost.
Telegram is already shady, it has no clear funding source while having the highest operating cost of any of the main stream chat apps due to it storing everything you send with no limits.
There is no e2e encryption, it has access to everything you do, its often said to be an alternative to WhatsApp, but its mostly worse in privacy, WhatsApp has proven encryption at least, and encrypted backups on android, while on apple its basically a back door.
And the explanation up to now is that durov is paying for everything for the faint of heart, which I really don't believe.
Matrix on paper is a good alternative, but its clients are not even close, and I speak as a daily matrix user.
Technically telegram does have optional e2e but group chats weren’t supported last i checked. Source on operational costs? Dont they have “telegram premium” thing to earn money now?
> Technically telegram does have optional e2e but group chats weren’t supported last i checked.
And aren't supported on desktop either, no body uses them, they are severely limited on purpose.
> Source on operational costs?
Telegram saves everything you do on the platform, every message, every picture, every video, every file with no limit.
They market it as a feature, on their twitter they often say you can use it as cloud storage.
This absolutely costs more than WhatsApp or signal, which only use servers as relays.
> Dont they have “telegram premium” thing to earn money now?
Its a very recent thing, and it has a very minimal effect, and the previous years didn't just pay for themselves.
> Telegram is already shady, it has no clear funding source while having the highest operating cost of any of the main stream chat apps due to it storing everything you send with no limits.
It's founder, Durov, is a billionaire and he has quite clearly stated he's bankrolling it but looking for monetisation avenues for Telegram to become self-sufficient - first it was some token scheme that was shutdown by the SEC, now there's Telegram Premium.
Durov is also known to lie a lot. He claimed that Telegram developer's were moved abroad from Russia, while in reality they were working out of old VK office, just a floor below.
And that VK was a company supposedly taken away from Durov. Also, Telegram's early versions bear the striking similarities with VK own products. As if Telegram was developed internally in VK and then spun away as an independent company.
1. Allegedly, Telegram was created when Durov was fired from Vkontakte and has to flee Russia. In reality, Telegram office was colocated with Vkontakte office on same building (famous Zinger's house in center of St. Petersburg) for years after alleged split. It was revealed in former employee vs Telegram court case.
2. Telegram had won over RKN by support of Google/Apple. RKN could not ban appstores and push notifications, so Telegram could constantly change IP addresses of proxy servers and send them to applications using push notifications.
RKN allegedly failed to pressure Apple/Google to ban Telegram app in Russia, despite trying for years.
When Navalny's team tried to employ same tactics, RKN was able to ban their app in both appstores in week or so. Same for LinkedIn.
It is known that Google and Apple did accept the demands to block apps both before and after the Telegram affair. What we don't know, is did they even receive that demand? Every new sources that the demand was sent sources to RKN press release on their own website (I checked about 50 news reports, that all referenced each other and RKN). When asked about blocks (of LinkedIn), Google's spokesperson said that they follow the regulations on the local markers.
We need Apple/Google to confirm, if they did ever receive the demands to remove Telegram from their app stores. If not, it is a big big red flag.
Tor is not really comparable to telegram. check out that link I posted, that talk goes over a lot of details that I am currently at a loss of words for.
China also does not seem to be willing to burn all the bridges to the rest of the world just yet, so it has to accept some kind of interconnection to services like AWS that aren't under its control.
“Just yet”? China is number one industrial superpower, you can’t have that with bridges burned. In fact China is going the exact opposite way, see the Belt and Road.
I believe it’s mostly those in Russia, because it become useless from both commercial (embargoes on everything make Russian transport worthless) and political (don’t want your problematic vassal control something crucial to your economy) point or view. Funds have been shifted to countries like Kazakhstan.
Didn't Signal do something like this and get in trouble?[0] I honestly don't know much about domain fronting so if this is something completely different than I'd appreciate an explanation. I do know that my friends in China are unable to use Signal, so I figure something is up.
Domain fronting was (and to a lesser extent still is) mainly about using CDN infrastructure so that clients appear (to a network censor) to be connecting to one CDN customer, but then ask the CDN to actually let them talk to a different CDN customer. (There are various protocol-layering tricks that may enable this either by accident or on purpose.)
This is a little different than using VPS services because with the VPS services you're actually connecting to the customer you appear to be connecting to, it's just very unclear who that is, because it's just one random VPS customer among a huge number of servers hosted on that same service.
Ah, thanks for the explanation. I do have a followup though. If this method is successful for Tor, why isn't it for Signal? I was under the impression that they used AWS and other servers. Or are they just not doing this and leaving an (easy?) censorship mitigation opportunity unsolved?
I believe Tor has a more active anti-censorship project than Signal does. While I don't think Signal is in any sense OK with governments blocking it, the Tor folks have something along the lines of a whole anti-censorship team (part paid and part volunteer). I don't believe Signal has a direct equivalent to that.
There could also be an element of luck or differences in how strongly particular governments are trying to block particular apps and circumvention methods at a given moment. I know that varies a lot from country to country.
Edit: However, Signal does have a "Censorship circumvention" feature under "Advanced" options. So there is some level of official work on that from Signal. Have your friends tried this feature?
Thank you for trying it! Maybe I need to donate to Signal in the hope that they'll eventually have more resources to work on improving their anti-censorship technology.
I don't think the privacy/anonymity proposals are exactly identical to anticensorship, even if they tend to appeal to the same people. (In the thread you linked, they're advocated by the same person.) After all, you can have a highly centralized service that knows personal data about its users but that also tries to prevent governments from blocking it.
Well I should correct this slightly. They have been fine if they connect to a VPN first. I'm not sure if they have tried the proxy option, though I was under the impression that this wasn't as actively supported. This is something I wish Signal would do better.
I also have the impression it's not as actively supported, but when I first replied to you, I had the impression it no longer existed at all as an organized effort, so it looks like the situation is probably better than I first thought. :-)
There are a number of countries gearing up to actively regulate instant messaging, including with potential encryption restrictions and app-blocking remedies for noncompliance, so I imagine this functionality will become more and more relevant over time. :-(
If you are stating that AWS is required to provide all data flowing in and out of datacenters to the USA Government, but not the Chinese government, then you are 100% wrong.
This is why Chinese regions have to replicate nearly all services in their own regions. No intermingling with other regions.
The difference here is that American companies are forced to cooperate with their government with any data, it doesn’t matter where that data is located. That’s why China decided they want their own infrastructure, and other governments, like EU, are taking similar steps.
https://media.ccc.de/v/26c3-3554-de-tor_and_censorship_lesso...