Server access from China
-
From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?
Edit:
To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or somethingIt depends.
Very much. And this is the main problem: There isn't "one" solution, you will need a few.The thing with the PRC is: Their great firewall isn't "one big uniform block". It's fairly "variable".
For example: In Beijing,even 10 years ago, I could access google maps and Facebook without any issues(back then highly blocked) as long as my mobile phone was roaming.
The second I was on wifi of course it was blocked. But even the cheapo VPN my colleague had did work out fine.
Until the day the police started to prepare for the party convention - then suddenly my colleague couldn't get out, neither could I with our company wifi and even my carefully crafted wire guard over HTTPs didn't work - unless I was in the wifi of the hotel or our host company. There it did.
Party congress over? Back to normal operations.If you travel through the country you will find that in one place solution A works, in another solution B. Generally the more rural (or closer to Tibet/Xinjiang/Myanmar) you get, the more restrictive it seems to be.
Personally I would simply get there different commercial VPNs to make sure you have a choice to get out at all - there are various ones with a good PRC reputation. Most providers have trials as well.
And then double tunnel through that if you can't directly reach your usual VPN at home -
You realize not only Google is blocked, but also Brave search, duckduckgo, everything but Russian and Chinese search engines? You can't find anything on them except scams and SEO spam
Yes, I do know and realize that.
Why it’s probably not a good idea to try connecting to your homelab lol -
Is it illegal to backup my photos to the NAS in my house? I’m not even attempting to access banned services
Bypassing the GFW is illegal
-
From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?
Edit:
To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or somethingtailscale worked some times, but seemed to depend on the location of the moon relative to the air speed of a nearby sparrow and it was really slow.
-
Normal VPN doesn't work because they don't mask themselves. Even Tor bridges don't work because they are blocked.
Shadowsocks is like 2018 advice, go directly to xray and forget about legacy software
Yes, xray is better. Forgot about that. I think there had been a couple newer ones.
The thing with gfw circumvention is that even older approaches work surprisingly often, as detection methods change and often detection depends on the amount of suspicious traffic. I had most success with a more conventional setup on a vps, but that was more for testing out stuff. Found commericial providers to be more reliable.
VPNs work surprisingly often from what others tell me. They only block these occasionally. I think astrill and express often work. Just know that the ones that work, probably have chinese govt access.
Yes, tor never works.
-
From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?
Edit:
To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or somethingI wouldn't access anything nor would I take any tech with you.
Don't risk it
-
From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?
Edit:
To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or somethingPeople posting here don't realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.
Don't bring in any tech, don't access your personal net back home, don't expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.
-
People posting here don't realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.
Don't bring in any tech, don't access your personal net back home, don't expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.
they likely have the capability to trivially decrypt TLS
Whoa. Anywhere to read more about this? Had not been paying close attention, didn't realise that was so starkly the case.
-
they likely have the capability to trivially decrypt TLS
Whoa. Anywhere to read more about this? Had not been paying close attention, didn't realise that was so starkly the case.
China blocks newer TLS and forces a TLS downgrade of a version they have decryption capabilities of - https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report
More info - https://gfw.report/publications/usenixsecurity23/en/
Chinese cryptography law mandates packet inspection and supervison of all foreign telemetry - https://link.springer.com/chapter/10.1007/978-3-031-11252-2_4
https://en.m.wikipedia.org/wiki/Cryptography_lawIf you are truly skeptical of one of the world's largest cyber threat actors with an enormous economy and large population of cyber security experts is or isnt capable of trivially decrypting TLS, I don't know how else I can convince you that they are capable.
-
They worked for me most of the time. They cut off after like an hour of use. So I just switch between them.
So why not just use that just works all the time? I don't want my internet voice call to cut in the middle and have to switch VPNs
-
Yes, I do know and realize that.
Why it’s probably not a good idea to try connecting to your homelab lolJust connect, they don't block random IPs for no reason. You need to transfer a lot of traffic to trigger something
-
China blocks newer TLS and forces a TLS downgrade of a version they have decryption capabilities of - https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report
More info - https://gfw.report/publications/usenixsecurity23/en/
Chinese cryptography law mandates packet inspection and supervison of all foreign telemetry - https://link.springer.com/chapter/10.1007/978-3-031-11252-2_4
https://en.m.wikipedia.org/wiki/Cryptography_lawIf you are truly skeptical of one of the world's largest cyber threat actors with an enormous economy and large population of cyber security experts is or isnt capable of trivially decrypting TLS, I don't know how else I can convince you that they are capable.
Except they didn’t say they were skeptical, and they even asked for more information. I don’t know why you got hostile in your reply to them. Because they didn’t just accept what you said as truth without needing sources?
-
Is it illegal to backup my photos to the NAS in my house? I’m not even attempting to access banned services
Unauthorized VPNs (non government approved) are illegal in China. If a business needs their own they can get approval but they have to apply for those exceptions.
It isn't really enforced, probably especially so for non citizens, but if you do something they don't like it is something they could use against you.
You would probably be less breaking the law to just directly open up SSH and access that instead of tunneling through a VPN. Even though SSH can do tunneling of its own.
-
People posting here don't realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.
Don't bring in any tech, don't access your personal net back home, don't expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.
wrote last edited by [email protected]Case against you for doing what exactly? Just don't break the law. It's not hard. They're hardly going to care much about an average American going on holiday unless he intends on causing problems, a disruption, or potentially has useful information
-
I wouldn't access anything nor would I take any tech with you.
Don't risk it
What are the risks, if you aren't intending on doing anything illegal?
-
What are the risks, if you aren't intending on doing anything illegal?
wrote last edited by [email protected]They can load in spyware that follows you outside the country. Also the whole "if you aren't intending to do anything illegal" bit really reads like all the piece of shit bootlicking conservatives after George Floyd.
-
Case against you for doing what exactly? Just don't break the law. It's not hard. They're hardly going to care much about an average American going on holiday unless he intends on causing problems, a disruption, or potentially has useful information
Extremely privileged of you to think that one can simply live a routine life thinking they are safe, while immigrants in the US aren't breaking the law and still getting rounded up into concentration camps.
China doesn't have laws enshrined in its constitution to protect immigrants like the US does (yet the Executive Branch barely give a fuck about the law), so they (China) can do whatever they fuck they want. Not defending anyone, just illuminating it since I am ignorant af
-
They can load in spyware that follows you outside the country. Also the whole "if you aren't intending to do anything illegal" bit really reads like all the piece of shit bootlicking conservatives after George Floyd.
wrote last edited by [email protected]They can't do that unless they take your devices, gain admin access and install stuff onto it. You don't just get spyware installed your phone simply by entering a country.
Also the whole "if you aren't intending to do anything illegal" bit really reads like all the piece of shit bootlicking conservatives after George Floyd.
Except that is a whole different context. The argument doesn't work if you're a citizen of a country and granting your government more and more powers. It would apply maybe if you were a Chinese citizen. OP isn't talking about moving to China or installing a similar government in their home country. They are going on holiday. You can behave yourself and cooperate with their requirements for a few weeks. If you are really against a country having powers to check your phone and devices and such as a matter of principle, not because you've got anything to hide, then don't go.
George Floyd was an American citizen murdered in his own country by the powers that were supposed to protect him. Big difference.
Although I did take precautions myself, such as deleting my memes/downloads folder just in case I saved anything that could be offensive. But it didn't matter because they didn't check my phone anyway for simply being there.
China itself cares the most about public disorder and foreign influence. As long as you aren't intending on causing foreign interference in how they do things and are just going for purposes of tourism/adventure/meeting people, then you'll be absolutely fine. They don't really care enough about you to give you special treatment unless you are seen as a threat like that.
-
What are the risks, if you aren't intending on doing anything illegal?
*What aren't
-
Case against you for doing what exactly? Just don't break the law. It's not hard. They're hardly going to care much about an average American going on holiday unless he intends on causing problems, a disruption, or potentially has useful information
Or would be a useful hostage to trade for a Chinese person held in OP's country.
https://en.wikipedia.org/wiki/Detention_of_Michael_Spavor_and_Michael_Kovrig
