On Friday Hal Roberts at the Berkman Center for Internet and Society wrote a blog post that has a lot of people rightly worried: Popular Chinese Filtering Circumvention Tools DynaWeb FreeGate, GPass, and FirePhoenix Sell User Data.
Hal has spent quite a lot of time analyzing various circumvention tools: software or systems created to help people get around Internet filtering, or blocking as it's more colloquially known. He has spent some time looking at this Edoors service, which aggregates the web-browsing data of people who use DynaWeb FreeGate, GPass, and FirePhoenix. These tools are all part of the Global Internet Freedom Consortium (GIFC). What many Chinese users of these tools don't seem to know is that the GIFC is an organization founded by Falun Gong practitioners. It is also no secret, but not well known for some reason, that members of the GIFC receive U.S. government funding. According to this 2005 report, "Since 2003, the IBB [International Broadcasting Bureau] has primarily funded Dynamic Internet Technology (DynaWeb) and UltraReach, which have each developed software to enable Chinese Internet users to access VOA and RFA websites." Human Rights in China and the FLG-affiliated Epoch Times are also clients of DynaWeb.
So the web-surfing activity of people using FLG-developed and operated tools promoted by the VOA, RFA, and HRIC is among the data being aggregated by Edoors. Hal noticed the following language in the service's FAQ:
Read Hal's blog post for his full reaction explaining how dangerous it is to users if these services are indeed selling "data that can be used to identify a specific user," even if only to people they like...Q: I am interested in more detailed and in-depth visit data. Are they available?
A: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Please contact us if you have such a need.
In response, Peter Li of the Global Internet Freedom Consortium posted this comment on Hal's blog:
We apologize for the confusion here. The anti-censorship ranking service is provided by one of the GIFC partners. It only publishes the popularity ranks of destination websites users visit through our anti-censorship tools. It is similar to alexa.com but is only limited to anti-censorship web traffic.
The ranking service is not authorized to access, nor can it access, the data users transmit on the wire. It is not authorized to release logs containing information on the websites any individual user visits either.
The FAQ for the ranking service was not written properly, as originally “user” there meant website owners who may be interested in getting detailed statistics on how their websites are visited through our anti-censorship tools. We apologize that we have overlooked the wording.
The GIFC partner who runs the ranking service, the World Gates’ Inc, has been notified, and that FAQ entry has been removed. Thank you for discovering the problem.
Peter Li
Global Information Freedom Consortium
As of this writing, the FAQ entry is still there, but perhaps it will be removed soon?
I got in touch with Bill Xia of Dynamic Internet Technology (DIT) which runs DynaWeb and Freegate. VOA, RFA, and Human Rights in China are DIT clients in addition to the FLG-affiliated newspaper Epoch Times. He said that regardless of what that Edoors FAQ says, "DIT never gives out "personal-identifying user data."
I also e-mailed with Peter Li and asked him, given that some GIFC members get U.S. government funding, whether special access to user data has been given to the U.S. government. His response:
Yes, in some cases FBI asked us to provide logs for certain websites or destination IPs in some particular time periods, for example, they would request something like the original IPs who visited xyz.com at Jan 12, 2007, 12:20-30 EST, and the visited web pages. We provided such information as we feel we are obligated to work with law enforcement agencies in the free world.So if you're using Freegate, etc. from China, your data could be shared with the FBI on request. Same as if you're using any U.S. information service provider.
Now that GIFC has denied selling user-identifying data, despite an FAQ that states that they do sell it, the problem is that users are left with no way to ascertain the absolute facts about usage of their data independently. They have to take GIFC's word for it. Or decide not to. Ethan Zuckerman reacted briefly to Hal's initial post on his blog, pointing out that this whole situation is a "powerful reminder of how much sensitive data circumvention sites end up holding about their users." Hal makes an important point that when using most circumvention tools - be it Freegate, or the Witopia VPN or any other tool that sends your data through a fairly centralized service - you are not safe from all snooping. You're just making a decision about who to trust more than whom, based on what your needs and concerns are:
This sort of thing demonstrates that there is no way to eliminate points of control from a network. You can only move them around so that you trust different people. In this case, Chinese users are replacing some of the trust in their local Chinese ISPs with trust in theThere are a few tools, however, which are designed in such a way that data linking an individual user's point of origin (IP address) with their destination website is un-collectible. Tor (albeit slower in China than a VPN or Freegate) is one of them. Perhaps not coincidentally, they pointed this out on their blog on Monday:
circumvention projects through which they are proxying their traffic. But those tools are acting as virtual ISPs themselves and so have all the potential for control (and abuse) that the local ISPs have. They can snoop on user activity; they can filter and otherwise tamper with connections; they can block P2P traffic.
Our architecture and design don't force the user to assume trust in us. One doesn't have to trust us. Our code is accessible and licensed under an open license. Our specifications are clearly detailed and published. Our packages follow a defined build process so the user can create the same binaries we do. Independent researchers can and do test the properties Tor provides [and help us to improve]. Moreover, The Tor software runs on a distributed network, where a single operator cannot capture or be forced to capture all users' traffic information, even under legal or coercive threat.
All of these should allow the user to trust The Tor Project as a non-for-profit company and to trust that Tor isn't surreptitiously watching the very information you're trying to protect and isn't gathering information we could be forced to disclose.
(Full disclosure: I used to be on Tor's board of directors.) It's very important to note, though, that while Tor will help you circumvent censorship, disguise your location from the websites you visit and disguse your destination from your ISP, it should not be used as a privacy solution: the exit nodes aren't secure and malicious people can capture unencrypted data going across them. The Tor people are very open about this and the reasons for it. They warn users to use end-to-end encryption for e-mail or any other sensitive communications, on top of Tor which helps to circumvent and anonymize (hide where you're coming from and where you're going).
The moral of this long story is important: when using circumvention tools, make sure you understand enough about how they work, what they're meant to be used for, and who runs them, so that you're not taking a leap of faith with people you would rather not trust.
The decision about who to trust is a personal one: I am more inclined to trust a VPN operating in the U.S. which is subject to FBI requests than a Beijing Telecom connection subject to Beijing public security bureau requests, but that's just me. Other people might feel very differently and make different choices. Some people may feel very comfortable trusting the Falun Gong... others, well, might not... It appears that the VOA, RFA, and HRIC have decided to trust them and to recommend these services to their users. Whether this concerns you or not depends on your opinion of the FLG... which is a debate beyond the scope of this post...
Wow, this is really something. Is there any discussion on this matter in Chinese?
Posted by: Portnoy | January 15, 2009 at 04:35 AM
Though FBI get Chinese users' data it doesn't matter.
It really matters is that Chinese govt get users' personal information,that is much more dangerous.
Posted by: TYSTREE | January 15, 2009 at 04:45 AM
Hi there Portnoy, no I haven't seen any discussion of this in Chinese anywhere. Please feel to translate, repost, or whatever you like... it's cc-licensed anyway :)
Posted by: Rebecca MacKinnon | January 15, 2009 at 05:26 AM
Great post.
I use Freegate for a long time.(CoDeen sometimes, how about that?) Besides their poorly-designed webpage and one-sided webjournalism, this product proves to be the best free webbreaking tool.(though i wonder exactly how many people are using it as they feel the need to charge)
So it's going to be: you pay for your local ISP and the people behind GFW to get a normal internet life, or you pay more for the people behind GFW-breaking tools to get an abnormal internet life if you are in China.
i feel so abnormal here.
Posted by: safarinew | January 15, 2009 at 11:13 AM
1. Who guards the guardian?
2. There is a market for everything.
Not surprised at all.
BTW, FLG is a legitimate subject for debates. But most Western media's coverage/description of it is so one-sided, just as Chinese media's coverage of it is.
Posted by: no free lunch | January 17, 2009 at 05:27 PM
Thinking that you are not being monitored when you are is far, far worse than knowing that you are being monitored. Giving people the expectation that they are not being monitored when they could be is also a bad, bad idea.
Also collecting any sort of log is a bad, bad idea. All it take is the Chinese government to arrest one dissident based on a log (maybe from an unsecured server or from a sleeper agent) and at that point its game over. Once there is a log, you not only have to trust that the people with access to the logs not only don't purposely give them over to the FBI, but that have the ability to keep that information safe from accidental disclosure.
All of this makes Chinese censorship quite effective. Yes, you can get around the censorship if you are a computer security expert, but most people aren't computer security experts. There is no need for the Chinese government to achieve 100% blockage to have effective censorship. All that it has to do is to have people think twice before posting at which point self-censorship kicks in. If you have to think about computer security before you post an article, then they have already won.
Something else that really bothers me is that looking over the moves and counter-moves is that I really get the sense that the Chinese government understands internet technology and security and what can and can't be done, more deeply than the people that are trying to get around the blocks.
Posted by: Twofish | January 18, 2009 at 05:16 AM
I used to use Tor but found it too slow to bear with. Now I am using Hotspot Shield. It works fine for me. The only annoyance is the ads, but I'd rather bear with the ads than the slow speed of Tor. Do you have any information as to whether Hotspot Shield is reliable? One unexpected nuisance of using such circumvention tools that has just occured to me was that I accidentally logged onto my paypal account while I was browsing banned webpages using Hotspot Shield and that made paypal think that my account had been illegally accessed and therefore suspended it. It was quite some trouble to have it restored...
Posted by: 楊佳 | January 18, 2009 at 05:18 AM
Hotspot shield is owned by an advertising marketing company called Anchor Free. Their own words in press releases indicate that they are monitoring your data for the purpose of selling the information. This is likely the worst choice as they pretty much admit your data is being monitored and sold. Below is a quote from one of their press releases.
AnchorFree provides an innovative media channel that allows advertisers to ncrease user engagement and brand interaction by
delivering unobtrusive, banner-like advertisements precisely targeted to users' particular interests, behavior and location. AnchorFree's broadband network guarantees 100% accurate location-based targeting, allowing marketers to reach and interact with out-of-home mobile consumers over the course of their entire online experience.
Posted by: Ryan | January 26, 2009 at 12:30 PM
I use one of the GIFC proxies such as UltraSurf, on top of HotSpot Shield. The former don't know my IP, and the latter don't know what site I'm visiting.
Posted by: Anomity | February 13, 2009 at 09:31 PM