I’ve done so much experimentation with GFW pre pandemic while staying in China for extended period of times. I was always amazed at how quickly they would catch up on my shadowsocks, random ssh tunnels…etc. 48 hours top before I had to rotate IPs. This report seems to indicate this is now instant?
Fwiw My most reliable trick ended up piggie-backing off of a physical line going into Hong Kong from Shenzhen, and when roaming around China, using a vpn to get to that shenzhen gateway. As far as I can recall, that always worked. This led me to believe that most of the vpn traffic analysis (and blocking)was done at the edge of the GFW and not inside of it. Again, this could be outdated by now.
I tried to setup a shadowsocks server to bypass the GFW about 2 weeks ago. Server was hosted on my local network in Australia (with public IP), client was connecting from China (using the server IP).
It was blocked immediately and the client could not connect. I had several unknown IPs try to connect prior to the attempted connection.
I was stunned at how water tight the GFW is, it's really unfortunate as I would love to work/travel through China but cannot due to needing an active internet connection.
Yeah pdf of report says that blocking is instant as of 2021. Also completely agree with the need for an active connection to do work. A lot of the software/hacker devs I knew have left China all together in the last 3-4 years. Inability to look up stuff reliably (even on working VPN providers) was one of the reasons cited by a few.
A fellow Aussie currently in China, a Trojan [0] server has been working fine for the last week I've been here. I've got it hosted through a VPS (smaller provider) in LA. While it's a bit of a pain to setup, reliability has been pretty decent (with occasional? short breaks) and definitely useable - my laptop is connected 24/7 and I can access the unfiltered web, including video, just fine. V2ray also supposedly works quite well, but I haven't looked into it.
Last time I went to China (2018) you could simply get a China Unicom Hong Kong SIM card and then use that to roam in mainland China. With that you'd get the Hong Kong censorship level, which is much much less restrictive. No VPN or anything needed apart from the SIM card itself.
I'm in China right know with a Mainland/Macao/HK eSIM. My Chinese friend has to use a VPN to access Instagram as did I when I was connected via WiFi in mainland China. Using the eSIM connection I could access Instagram and Youtube without any issues, likewise here in Hongkong (with WiFi).
I didn't investigate how large the difference is, but Hongkong traffic is still treated more liberal.
There's a more straightforward way: roam with a foreign sim card. Roaming traffic is tunneled to your home telco and for whatever reason the tunnel isn't inspected at all. With the advent of esims you can buy a roaming sim and use it on your phone within minutes.
Can you activate it while abroad though? After I moved away from the UK I still had to have a UK mobile phone for various things. My UK sim would stop working after about a year away. When buying a new one I had to get someone in UK to put it in their phone to let it at least once connect to the home network. Without it the card would be useless. Is using foreign sim cards now easier?
eSIMs just need a data connection back to the SM-DP server and that can be done over Wi-Fi. I don't think that protocol is blocked that they talk to it, and the SM-DP vendors on the market are typically "global" providers that work with multiple operators.
EDIT: I checked myself to be sure. It's "RAM over HTTP(s)" -- "Remote Application Management" of the eSIM. GFW doesn't block HTTPS, so you should be able to get provisioned to any carrier worldwide while inside the firewall.
There are esims explicitly targeted to travelers. Those are the ones you want. In my experience they don't have any activation restrictions like the ones you describe
Many years back I was running a socks proxy for access while in China and I found that it worked great in Shanghai but was rapidly blocked (or degraded in some fashion) in Hangzhou. That seemed internal and not edge but I do no really know how they were interfering with it. Given Hangzhou's tech expertise it just may be the ISP there was more capable and up to date?
Was there an international event in Shanghai at that time? If they expected a large number of foreigners in a particular region they would relax the censorship in that particular region. They could even do it per hotel room where hotel rooms booked by foreigners automatically have lesser interference between GFW.
That might be it. I was there every year for about a 15 year period but this may have been around the time of the 2010 Expo. Though I was not in hotels, I was in apartments (ones owned and lived in by Chinese, not foreigners).
Yes but they are unfortunately targeted more than other censorship circumvention tools. Since everyone knows Tor/Obfs4/Snowflake it's easier to get your research published if you work on detecting that.
They certainly could, but I assume there’s an understanding among officials that to do so would cripple certain sectors of the economy. Certain kinds of work would grind to a halt. I’d wager that a majority of non-Chinese residents would leave the country.
Fwiw My most reliable trick ended up piggie-backing off of a physical line going into Hong Kong from Shenzhen, and when roaming around China, using a vpn to get to that shenzhen gateway. As far as I can recall, that always worked. This led me to believe that most of the vpn traffic analysis (and blocking)was done at the edge of the GFW and not inside of it. Again, this could be outdated by now.