Some observation on China’s Great Firewall (GFW), and how to overcome it:
GFW’s main tricks:
1. It forces a HTTP plain text across the whole web, it forbids HTTPS, so GFW can filter the text with a keyword list. This trick can be overcome by forcing HTTPS connection to encrypt your text.
2. GFW can block a IP address, this can be overcome by frequently changing IPv4 address. And as we suggested, if you have a IPv6 address, you earn yourself the privilege to browse the free web.
3. DNS poisoning, or DNS pollution. GFW will parse the blacklisted domain name to an invalid IP address, it is the major method GFW implements its blocking. The way to unblock it, is to use a remote DNS server, such as Google’s DNS server 184.108.40.206 and 220.127.116.11
4. Protocol blocking, GFW is known to block almost all VPN protocols, PPTP, L2TP, OpenVPN etc. You can obfuscate the protocol message to unblock it.
5. Protocol scanning, GFW is known to use machine learning program to detect familiar protocol message, then auto connect to the suspicious server. If the known protocol, such as Open VPN is detected, GFW will label it as VPN server and block its IP address. To evade the scanning, you can wrap the true protocol with an outer shell, such as HTTPS, since GFW is yet insane to block HTTPS protocol.
6. Block port, this is not common. In case it happens, change the port to a mostly used one, such as 443 port.
GFW can arbitrarily use the state’s resource to do nasty things like:
7. Use the backdoor of desktop computer and mobile phone to collect users information.
9. Use mobile apps to collect information about users.
10. Use desktop cleaning tool or cell phone cleaning tool to monitor users and collect information.
The method to evade these massive info collection and surveillance, is to use foreign desktop computer, such as Dell’s, Mac computer, iPhone, iPad, as well as to use foreign software such as Google Chrome browser. Uninstall any Chinese domestic software and you will be much safer.
The next big thing to evade GFW’s surveillance, is to use secure proxy server. Never use plain text connection, use encrypted connection. Never expose your own IP address, always use an encrypted proxy server. This way you stay beyond the control of GFW, this is the value we provide for the site users.