Swedish researchers have discovered that Chinese officials have updated the country's 'Great Firewall' to make it harder for citizens to use the Tor network that provides a means of surfing the web anonymously.
It has been long-known that the 'Great Firewall Wall of China' has attempted to block citizens from using the Tor network, by blocking access to some IP addresses or using HTTP header filters to weed out suspect traffic.
But Philipp Winter and Stefan Lindskog of Karlstad University in Sweden have discovered that Chinese authorities have recently increased the sophistication of their filtering tools, making it more difficult for citizens to browse the web freely, by blocking so-called Tor bridges.
Tor bridges serve as entry points to the Tor network – if these are unreachable, a user cannot access the Tor network. While many of these bridges were once published, making it relatively simple to block, users had started to use unpublished bridges.
Last December, Tim Wilde, of security group, Team Cymru, used virtual proxy servers in China to establish that these unpublished bridges were being blocked.
The Karlstad researchers have now established how that blocking is being done and suggested ways in which it may be circumvented.
They discovered that the firewall searches internet traffic that indicate a network connection as Tor and initiate a scan of the host. This scan effectively attempts to “speak Tor” to the host and if successful, the bridge is blocked.
"The scanners are mostly random IP addresses originating from address pools of ISPs. Therefore it is very hard for a bridge to differentiate between a legitimate user from China and a scanner," Winter told V3.
Tor fingerprinting and active scanning is effective for the firewall because Tor traffic can be distinguished from other forms of traffic, allowing the Chinese authorities to block Tor networks, the researchers said.
“Since Tor is being used more and more as censorship circumvention tool, it is crucial that this distinguishability is minimised,” added Winter.
Tools such as "obfsproxy" can help defeat the Great Firewall, he added. This obfuscates the Tor traffic between the user and the bridge, making it appear as Skype traffic, for example.
"Unfortunately, China is blocking the few publicly available obfsproxy bridges at the moment but non-public obfsproxy bridges work," said Winter.
The researchers were able to show that by using so-called packet fragmentation tools, which split TCP streams in to small segments, it is possible to disguise Tor traffic, making it harder to detect.
While Tor networks are commonly associated with hackers and groups such as Anonymous where internet users aim to mask their identity, the network has played a crucial role in promoting online freedoms in many countries.
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest
Supermassive black holes can suddenly 'switch on' to devour large amounts of gases in their surroundings
Scientists are unsure what causes this dramatic increase in black holes' mass