Jillian C. York » Haystack and Media Irresponsibility

I have been reading about this “Haystack” anti-censorship tool for a while, but have withheld comment up to now. The above linked article seems to justify my reticence.

This tool has been a media darling, hyped in many different publications, but try as I might I have never been able to find out any solid information about what it actually does. Just a lot of marketing hype.

It now looks like the system was well intentioned snake oil. I still have not seen it, so this is all hearsay. Unfortunately it can be very difficult for the average person to tell the difference. One thing to look for is transparency in security systems. No security system should rely on assuming the enemy will not work out how it operates. It absolutely must be secure even if the opponent knows everything.

Other good signs are the experience and reputation of the author, the length of time the tool has been in use, and published analysis by other independent security experts.

As it turns out, media hype has a very poor correlation with real security.

Google Runs Into Chinas Great Firewall – WSJ.com

This article reports on an outage experienced by Google users in China. At first Google thought it was due to a technical issue, but now think that it was an intentional outage caused by the Great Firewall of China. It seems likely that this was a retaliation to punish Google for its statements and actions.

From the Official Google Blog (follow link for the whole post):

So earlier today we stopped censoring our search services—Google Search, Google News, and Google Images—on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong. Users in Hong Kong will continue to receive their existing uncensored, traditional Chinese service, also from Google.com.hk. Due to the increased load on our Hong Kong servers and the complicated nature of these changes, users may see some slowdown in service or find some products temporarily inaccessible as we switch everything over.

I would expect to see China censor Google.cn very quickly (which would prevent the re-direct to Google.hk). It will be interesting to see if China will then take the next step of censoring Google.hk and possibly other Google properties around the world. It would be easy for Google to set up any or all of them to return results in chinese if the browser is detected to be configured in that language.

Tor partially blocked in China | The Tor Blog

That last article lead me to this post on the TOR blog from September 15, 2009 (I am a bit late to this party). China is now blocking about 80% of the public TOR nodes.

This mostly ends a rather baffling situation where for some reason the Chinese were failing to block TOR even though it was being used effectively for censorship circumvention, the list of nodes is publicly available, and they are no more difficult to block than any other server.

Official Google Blog: A new approach to China

Google is officially stating that a number of email accounts hosted by Google were attacked from within China. The accounts seem to be mostly connected to Chinese human rights activists. They also state that this is part of a larger pattern extending over a number of other companies.

The most amazing thing about this is the very aggressive pro-privacy stance Google is taking in response to this. They are saying that they will stop censoring search results at Google.cn. That they will talk with the Chinese about how to do this, but are willing to completely pull out of operations in China if they can’t provide un-censored content from within.

The post is worth reading in full. Here are the concluding paragraphs:

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow. We shall see.