From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?
Edit: To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or something
You must log in or # to comment.
I wouldn’t access anything nor would I take any tech with you.
Don’t risk it
What are the risks, if you aren’t intending on doing anything illegal?
They can load in spyware that follows you outside the country. Also the whole “if you aren’t intending to do anything illegal” bit really reads like all the piece of shit bootlicking conservatives after George Floyd.
China isn’t exactly know for rule of law. They could simply decide you are a criminal. When traveling international it is better to play it safe.
If you really need a service I would either bring a disk drive with you or setup limited remote access for yourself that has minimal access. Remember they can force you to hand over things like passwords.
Doesn’t the USA do the exact same thing?
I wouldn’t recommend travelling to the USA either
I unironically think the USA’s security might be worse than China. Everyone in China was quite friendly and patient.
Competent, too, I bet.
Yep. Pretty efficient most of the time
tailscale worked some times, but seemed to depend on the location of the moon relative to the air speed of a nearby sparrow and it was really slow.
It depends. Very much. And this is the main problem: There isn’t “one” solution, you will need a few.
The thing with the PRC is: Their great firewall isn’t “one big uniform block”. It’s fairly “variable”.
For example: In Beijing,even 10 years ago, I could access google maps and Facebook without any issues(back then highly blocked) as long as my mobile phone was roaming. The second I was on wifi of course it was blocked. But even the cheapo VPN my colleague had did work out fine. Until the day the police started to prepare for the party convention - then suddenly my colleague couldn’t get out, neither could I with our company wifi and even my carefully crafted wire guard over HTTPs didn’t work - unless I was in the wifi of the hotel or our host company. There it did. Party congress over? Back to normal operations.
If you travel through the country you will find that in one place solution A works, in another solution B. Generally the more rural (or closer to Tibet/Xinjiang/Myanmar) you get, the more restrictive it seems to be.
Personally I would simply get there different commercial VPNs to make sure you have a choice to get out at all - there are various ones with a good PRC reputation. Most providers have trials as well. And then double tunnel through that if you can’t directly reach your usual VPN at home
Bringing non-disposable technology to China is a mistake in most circumstances.
Look into shadowsocks, or just normal vpn.
Pandafan was quite reliable for me. You might also be able to diy with hk, sg or sk vps instances, but it was a lot of work and a misconfiguration will cut you off.
Normal VPN doesn’t work because they don’t mask themselves. Even Tor bridges don’t work because they are blocked.
Shadowsocks is like 2018 advice, go directly to xray and forget about legacy software
They worked for me most of the time. They cut off after like an hour of use. So I just switch between them.
So why not just use that just works all the time? I don’t want my internet voice call to cut in the middle and have to switch VPNs
What you’re asking is illegal where you’re going
Best of luck to you
Not really. It’s a grey area. They don’t care about foreigners using vpns at all. It’s kind of expected. Foreign SIMs don’t even face blocks on mobile networks. If you’re going to a sensitive province of China, I think they’ll care slightly more, but as long as you’re not using the VPN to do something illegal, you’ll be okay.
Is it illegal to backup my photos to the NAS in my house? I’m not even attempting to access banned services
Bypassing the GFW is illegal
You realize not only Google is blocked, but also Brave search, duckduckgo, everything but Russian and Chinese search engines? You can’t find anything on them except scams and SEO spam
Yes, I do know and realize that. Why it’s probably not a good idea to try connecting to your homelab lol
Just connect, they don’t block random IPs for no reason. You need to transfer a lot of traffic to trigger something
People posting here don’t realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.
Don’t bring in any tech, don’t access your personal net back home, don’t expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.
Case against you for doing what exactly? Just don’t break the law. It’s not hard. They’re hardly going to care much about an average American going on holiday unless he intends on causing problems, a disruption, or potentially has useful information
Extremely privileged of you to think that one can simply live a routine life thinking they are safe, while immigrants in the US aren’t breaking the law and still getting rounded up into concentration camps.
China doesn’t have laws enshrined in its constitution to protect immigrants like the US does (yet the Executive Branch barely give a fuck about the law), so they (China) can do whatever they fuck they want. Not defending anyone, just illuminating it since I am ignorant af
they likely have the capability to trivially decrypt TLS
Whoa. Anywhere to read more about this? Had not been paying close attention, didn’t realise that was so starkly the case.
China blocks newer TLS and forces a TLS downgrade of a version they have decryption capabilities of - https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report
More info - https://gfw.report/publications/usenixsecurity23/en/
Chinese cryptography law mandates packet inspection and supervison of all foreign telemetry - https://link.springer.com/chapter/10.1007/978-3-031-11252-2_4
https://en.m.wikipedia.org/wiki/Cryptography_lawIf you are truly skeptical of one of the world’s largest cyber threat actors with an enormous economy and large population of cyber security experts is or isnt capable of trivially decrypting TLS, I don’t know how else I can convince you that they are capable.
Except they didn’t say they were skeptical, and they even asked for more information. I don’t know why you got hostile in your reply to them. Because they didn’t just accept what you said as truth without needing sources?
