Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
miohtama 3 days ago

Some analysis and discussion here:

https://github.com/net4people/bbs/issues/519

> After its founding in 2018, one of Geedge's first clients was the government of Kazakhstan, to whom the company sold its flagship Tiangou Secure Gateway (TSG), which provides functions similar to China's own Great Firewall, monitoring and filtering all web traffic that passes through it, as well as attempts to bypass such censorship.

> The same tool has been rolled out in Ethiopia and Myanmar, where it has been instrumental in enabling that country's military junta to enforce a ban on VPNs. In many cases, Geedge works with other private companies, including internet service providers (ISPs) such as Safaricom in Ethiopia, or Frontiir and Ooredoo in Myanmar, to enact government censorship, the documents show. No ISPs that have partnered with Geedge responded to a request for comment.

> The leaks show employees at the company working to reverse-engineer many popular tools and find means of blocking them. One set of documents lists nine commercial VPNs as "resolved," and provides various means of identifying and filtering traffic to them. Similar capabilities have long been demonstrated by the Great Firewall, with most commercial VPNs inaccessible from within China and many dedicated anti-censorship tools also hard to access.

> At least one Jira support ticket shows evidence of plaintext capture of email

bbminner 3 days ago | parent | next [-]

I bet that the recent wave of VPN bans implemented in Russia also uses this tech. For example the mechanism of how suspicious websocket endpoints are being "knocked" by the firewall itself or how suspiciously traffic heavy ssh connections are being dropped suggests that Russian govt simply bought the entire stack from China.

r721 2 days ago | parent | next [-]

From 2016:

>The strategy is being developed in close cooperation with China after a string of high-level meetings in Beijing and Moscow this year. At their first cybersecurity forum, in April, top Chinese officials and their Russian counterparts gathered in Moscow for the talks. Delegates included Lu Wei, the head of China’s state internet information office, Fang Binxing, the so-called father of the Great Firewall and Igor Shchyogolev, President Vladimir Putin’s assistant on internet issues and former minister of communications.

>“The principal agreement to have a forum was reached by Igor Shchyogolev and Fang Binxing at a meeting in December 2015 in Beijing,” said Denis Davydov, the executive director of the misleadingly named League of Safe Internet, a government-affiliated group that has drafted internet-filtering legislation and recruited teams of volunteers to patrol the web for “harmful content”.

https://www.theguardian.com/world/2016/nov/29/putin-china-in...

1oooqooq 2 days ago | parent | prev [-]

the bans are probably a consequence of this leak.

they are in a better safe (from the people, heh) than sorry mode.

deepsun 2 days ago | parent | prev | next [-]

Russia tests it all in Belarus first. In 2020 they blocked almost all Internet, including VPNs, Tor etc (but left some areas connected, like banking). It's somewhat easier in Belarus, as they have a legal monopoly on cross-border Internet.

MangoToupe 3 days ago | parent | prev | next [-]

> At least one Jira support ticket shows evidence of plaintext capture of email

I would be surprised if western governments didn't do the same, and folks should act accordingly.

perihelions 3 days ago | parent | next [-]

The NSA was storing bulk plaintext emails from (at least) Microsoft, as of the time of the Snowden leaks. Microsoft actively assisted them.

https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-... ("Microsoft handed the NSA access to encrypted messages")

> "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;"

> "The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;"

brookst 3 days ago | parent | prev | next [-]

In general none of the disclosures of what GFW is doing g should be seen as evidence that western governments do not do the same thing. Hope nobody is drawing that conclusion.

bjt 3 days ago | parent [-]

Western governments do not routinely block VPNs.

bigyabai 3 days ago | parent | next [-]

Western governments effectively control 99% of consumer technology, and hack whatever else they can't have. VPNs are a false sense of security going up against a nation-sized adversary like the US.

throwaway48476 2 days ago | parent [-]

They also can correlate packet streams in and out of the tor network.

hulitu 3 days ago | parent | prev [-]

Different phylosophy: why block VPNs when you can monitor them. Most Root CAs are in US.

immibis 2 days ago | parent [-]

Certificate transparency is mandatory in browsers; interception certificates appear in certificate logs to be accepted. Have you found one?

Edit: OCSP has been ended.

edgineer 2 days ago | parent [-]

He might be referring to OCSP. Browsers ping CAs by default, revealing to them the sites that are visited.

arcfour 2 days ago | parent [-]

OCSP is very much on the way out, this is hardly true anymore; although some things still check OCSP, many things do not.

nilamo 3 days ago | parent | prev | next [-]

We don't need to guess, we know they do. That was one of Snowden's big reveals.

oogali 3 days ago | parent | prev [-]

The US has been doing this for a long time (1997), on a targeted basis.

https://en.wikipedia.org/wiki/Carnivore_(software)

miohtama 3 days ago | parent | prev [-]

[dead]