My ISP in China - Internet security in China - Surfing in China - Is it safe?

Just recently I have had reason enough to do a little research into my Internet connection, my ISP. In terms of speed, customer service, security and censorship.

Way back now more than a decade ago I gained my network systems engineer qualifications although I have never put them to any professional use except for a short spell of teaching back in the UK. They do sometimes come in handy when using computers, dealing with ISP's and dealing with telephone companies.

OK, my ISP and telephone provider here in Nanning is the much loved China Telecom.
The China telecom offices proudly display signs implying customer service is first and foremost. This is obviously something they have picked up from the west, sadly though, they didn't pick up the customer service substance bit.
Should you have a problem with your Internet connection or telephone it is a hit and miss affair as to whether or not your problem will ever be sorted - After all, Who cares? - You may well ask!

Our episode starts about 3 months back, basically intermittent Internet connection!
So I persuade my wife to call the china telecom number to report a fault. Yes the phone was ringing but sadly no answer, it must be midday!
Tried again at 3pm, still no answer.
Right, so off we traipse to the local office, luckily just around the corner from our apartment.
Often in these situations I feel the angst build inside of me so I have to consciously stay in control of my emotions. I tend to think nice thoughts, like that of tasting sour milk for the first time.
I just know that this is not going to be easy. How do I know? - I have been here over one year and these situations don't ever get any easier…

I've pre-programmed my wife to try and do this quickly with as little fuss as possible.
I have given her the cause of our Internet problem, the exact location where the problem exists and the simplest, easiest way to remedy it.
It's a line degradation issue pure and simple, maybe an actual line break that with movement rights itself, occasionally. Simple to rectify.

Right, now in fairness the my lovely wife, she is a woman and here in China, a woman is at an immediate disadvantage - a woman with a little perceived knowledge is on a tightrope to hell, especially if dealing with Mr China.
Just hope and pray it's not a man she speaks with.
From my observations here, the women with the attributes described above, firstly a woman and also a knowledgeable woman only carry it off if they go in, hard and firm and vociferously.
Now my wife ain't like that, she's a lovely, soft, smiling, quiet, caring and considerate lady.
We're in luck, it's a girl she speaks with and they both chat away quite happily for about 15 minutes, in Chinese! and in fairness to my wife, she pulled if off with charm and elegance.
At least, I thought she did, the 'girl' said, "someone will be out soon to fix it". "Soon" I said in my western manner. Yes, "soon, probably tomorrow". Right, I said whilst quietly murmuring to myself "I'll believe that when I see it". Me a Cynic?, never.

Anyway, I was getting intermittent Internet so I waited two days before saying rather sarcastically to my wife, "any sign of the engineers today, do you think?"

She knows me well enough now and she does actually see things a lot differently to her pre Andrew days.

So, once again, on the phone she gets, much loud talking this time and those ever so lovely glances at me that speak volumes about how her life was so much simpler before she met me.
She finally puts the phone down and say's, "someone will be here this afternoon" in a tone that made me think, "it was all my fault".

When it rains in Nanning, it can rain a lot and hard and wet.
At 2.30pm the phone rings, my wife answers it, talks for about 2/3 minutes then fairly angrily places the receiver down. She didn't throw it but I could sense it was not good news.
"What's the matter darling" - That’s Andrew being sympathetic.
"That was the telephone engineer, they are going to wait till it stops raining"
"Right, OK" - That's Andrew being understandable.
Did it stop raining? Yes about 5pm - Did we see an engineer, NO.

That night about 9pm the phone rang. It was a girl from China Telecom asking if the problem we had reported had been sorted out. No, was the answer.
I'll get someone to phone you first thing in the morning, she told my wife.
Did they?, NO.

It wasn't perfect, still intermittent, but sometimes it did work, so I didn't say much about it for about two or three days…
Then one day, it did not work at all.

"Wifey", you know the Internet is not working at all now?, Any chance we could let China Telecom know, maybe have an engineer out to look at it! - That’s Andrew being charming.

She looked at me, I thought my days were up, but she just laughed and said "We can try". That's all anyone can ask, I said.
I suppose at this point about two weeks had past since our first contact with China Telecom.
My wife went around to the office on her own this time. She soon returned, heated and happy. "someone will contact us within the hour" she said excitedly.
Mmmm, contact? I thought?

The phone rang 40 minutes later.
The engineer say's you have to open your computer and re enter your password.
"Why" I said.
Because that's probably what's wrong, he say's.
NO, it's not, I said.
It a line problem.
OK, he say's he will be here this afternoon to check the line.

After a couple of weeks of intermittent Internet usage you kinda get used to it.
You forget just how good it was, if good is the right term.

Did we ever see anyone, NO
So I wiggled the wires where I believed the problem to be and it was fine again - for a while.
Then one day, it stopped working again. So my wife was on the phone again.
Someone will be here this afternoon, she said.
Yeah right!, I said - That's Andrew showing interest.

I need to explain a little about this for your complete understanding.

We live on the 15th floor of a 15 floor apartment block.
Now, for some reason best known to the builders the phone line built in does not work to our apartment. So we have a wire taken from the 14th floor that goes around the building, through a window (not ours, a communal window) and then up to our apartment.
When this line was put in by the China telecom engineers they in there inevitable style fed the wire through the window opening, which means every time the window is opened closed and moved in any way, the wire gets a good beating. This is the problem. To fix it properly, the wire needs to be replaced and a hole drilled through the window frame to accommodate the wire. Simple...

To be continued, more practicalities...

The practicalities continued...
I know what your thinking, why didn't you fix it yourself?. Simply, I want the wire re-routed to prevent any future re occurrence. That's my wish...

About 2pm that same day as the phone call, two, yes two engineers turned up.
Luckily for us, we had arrived home just in time. As in each case of a promised visit we needed to be at home.
First things first, my wife explains the problem.
After all my briefings to her, she is now an expert on telegraphic line issues in China.
This time though, armed with knowledge she who would not normally say boo to a goose is now a somewhat different person.

She carefully explains the issue to them, the likely cause of the issue and the exact location of the issue. It was as much as I could do to stop myself from laughing whilst observing the look on their faces.
Did they listen? - Were they interested? - NO.
First they wanted me to turn on my laptop - NO, was my reply.
Somewhat taken aback and after my wife explained again, it is not necessary, this is a line issue and has nothing to do with the computer they muttered away between them selves and diverted their attentions to the modem.
I quickly told her in English that the modem has two important indicator lights, one is 'mains on' and the other is 'line', so if the line indicator is on then the line is connected from the modem to China Telecom base, meaning the line is OK. The line indicator light was NOT on. She in turn quickly explained this to the two engineers,…more muttering.

My wife, now strutting around like proudcock, I had to laugh, she was looking very knowledgeable, although on thin ice - she is a perceived knowledgeable Chinese woman, and they are Chinese men.
My wife dispatched me outside to wiggle the wires, at the window, to show it as 'on' and 'off'. This I did twice, now you would think at this point they might have a clue.

They still insisted on changing the modem - did it cure the issue, NO. Once again my wife said, "it’s a line problem", outside, at the window - my husband just wiggled it for you - did they listen, NO.

Next they turned their attention to the apartment junction box. Most apartments here in Nanning have one of these, ours is now located in one of our kitchen cupboards, we moved it there during renovations. Normally they are far more prominent and invariably unsightly.

So, under the cupboard they go, my wife still insisting, the problems not under there.
Out come all the wires for the apartment, telephone (two sets, one active, one not) television, some electric, intercom etc. A jumble.
After explaining, AGAIN, about the issue with the originally installed telephone cable not working, they managed to find the NEW line that has the intermittent problem. Much scratching of heads ensued, now they have the wire in their hands, how do they test it. Now, don't forget, this is an intermittent issue, at present, it is actually working. I suggest, via my wife, they could try connecting the modem at this point and I could then go out again and do the 'wiggling'.
Surprisingly, they agreed, probably because they could see that it was me that had suggested it and not the Chinese woman.
Did it work, NO, not at all now, probably because the wire, at the window, had been well and truly wiggled for the last time on my previous visit…intentionally.

So, I said, looking at them, scratching my head, "What now boys".
Of course, they didn't understand.
I took my wife by her hand, beckoned to them, too follow, which they did, and off we all trudged, outside, to the 'window'.
I pointed at the wire, flattened and in tatters between the sliding window and the frame and indicated that it might be here that they find a problem.

My wife translated and I'm pretty sure she got her point across because before I could say "told you so" out come the wire cutters, insulation tape and now, between the two of them, even more muttering and looking more than a little agitated, two minutes later, a greasy pair of fingers to twist the wires together and a little insulation tape, 'Hey Presto', it's working. No longer intermittent.
And it only took 3 weeks and about an hour or two, 'investigating' and 'they' had fixed the problem.
"Well done" I said.
Cowardly, I felt it unwise to suggest that perhaps next time they should listen to 'Chinese Woman' and in addition, do it properly and reroute the wire through the frame, being just thankful, after all this time to have my Internet, no longer intermittent - for now - I'll give it 6 months.

To be continued…The technicalities.



The Technicalities.

Pornography has it's uses. In moderation or for research.
Without it being the pioneer of mass image transfer, video transfer and Internet payment systems we would undoubtedly be at least 5 years backward at this point in time with regards to the Internet.
I'm not saying I support such illicit Internet sites but of late I have had good reason to use them.
My Internet connection is variable, I don’t mean in the intermittent practical sense as already spoken of but in the line speed, something is not right, is someone snooping on me here in China sense.
The line speed in itself is no real surprise, what with the resulting line degradation from poor working practises. Also it is very difficult to establish reliable information from China Telecom on contention ratios. Both these can cause considerable variation in line speed.

Back home, in the UK, my feeling is, I can trust my ISP, if I ask them a question, more often than not they answer honestly, in fact most surveys carried out in the west show, most users trust their ISP. Security is paramount. More on this later.

At present, I am here in China (although after this series of posts, how likely is it I will get my visa renewed?) and if you ask me whether or not I trust my ISP here in Nanning, the answer would be a resounding NO. Not the company or it's employees.

I've had my suspicions for some time, in fact several months. My line speed is considerably slower than that of my near neighbour, same ISP, same package.
Sometimes whilst surfing, I have had some peculiar redirects, nonsensical.
Some web pages are available to my neighbour on his PC using his connection but not me, on mine.

So, some weeks ago, I thought I would put some of my past training to the test and do my own monitoring, what better way, use some porn sites to test the system…Honest, I didn't look at any of the pictures and I did not search anything extreme, well, not intentionally.
Most sites of this nature are blocked here in China and certainly around a 5 or 6 weeks ago when I first tried many were blocked.
Of late as some loosening has occurred owing to Olympic fever, some, surprisingly are showing up.
My experience after first searching for, trying to connect and trying to download has produced some enlightening results.

In some cases I used a proxy and most were available but after a couple of attempts, suspiciously the proxy became unavailable.
Easy enough, find another proxy. But it raised a question, is this local interference or regional or national?
I tried some without a proxy, eventually as most are blocked you will stumble upon some that are available, normally new ones that the authorities have not managed to block, yet.
These, curiously threw up another strange occurrence, after maybe 30 seconds the page would sometimes lock, my browser would start showing, Internet Explorer has encountered a problem and will close.
This is not unusual when accessing undesirable sites as they often try to hijack the system and IE just closes it's doors, so I don't think this was in any way connected with the ISP, although to a novice it might appear so.
Sometimes an automatic redirect would kick in to a static colourful China Telecom page, in Chinese.
More alarmingly though, at any attempt to download, my Internet connection would 'break'. Now this is an ISP issue. Tried various sites and various downloads. As a benchmark, I went onto YouTube and tried downloading, OK except for a much slower than usual service.
After reconnecting, tried again, same result. This is not a coincidence, this is direct intervention.
End of pornography research…I promise.

Next I tried other less than acceptable sites here in China such as a search for Falun Gong, all of course blocked. If you try a Google search for this topic then invariably you get a Internet Explorer cannot display the web page error. This would more than likely be a national block. More on this later.
After all of these experiments, each time my Internet speed dropped considerably, (
easy to check) sometimes not back to normal until connecting the following day.

But my worst fears are now apparent to me, a local intervention is not out of the question.
Of course, this article may be construed as criticism but that would be unfair, it is my findings based on my experiences here in Nanning China.

Can your ISP see what you do online? - YES…to be continued.



Can your ISP see what you do online? - YES, they can.
I support Internet policing and censorship.
China does have a reputation for web censorship but to my mind, China is right.
It is my opinion that if more governments were to do more to censor, then the web would undoubtedly be a less deviant place but the issue as always will be, not enough will do enough!


In the main, your ISP can see your browsing habits, your journey map, in the surfing sense.
Most ISP's do not have the resources or the inclination to look into every users Internet usage.
Do not ever forget though, it's your ISP that routes any data you send or request, they are your connection to the world wide web, you are trusting them to deliver or supply your data in a proper manner.
Can they look at your unencrypted data while they route it? Yes, if they were of a mind too.


Now, firstly, the real question should be, would they look? Are they really that interested?
In the West, unless you are doing something illegal, the answer would most certainly be NO...

For the paranoid, I have listed simple options of additional security available to you, in all these cases, there are further, even more secure solutions available but normally at a cost and for the average user, not normally necessary:-

Secure connections (https)
A connection that begins with 'https' instead of 'http' is a secure connection. In later windows versions the locked padlock will show alongside the URL bar. Your ISP can still see which sites you are visiting but the data actually sent to or displayed is encrypted. It is wise to use an https connection to an Email service like Gmail or Yahoo, easily done, just insert an 's' immediately after 'http' at login. This will secure your email under normal conditions.

Anonymous Web Surfing (Proxies)
There are plenty of free proxy websites out there. A word of caution, not all are what they seem. Some are malicious and no more than a collection of advertisements used to profit the website owner and are no more secure than a normal website. Look for older established ones, check out a forum or two on Proxies, get recommendations, word of mouth even better.
This is a minefield, it is a strong case of 'user beware'.
I have added an IP and location widget on the right hand side for those wishing to test their chosen proxy. When you visit this page through a proxy then the proxy IP and location should show, and not your own.
A far better method is to use an application like 'Tor', an open source software solution, one drawback here in China, the URL is blocked.
Remember your ISP can see that you're using a proxy but they cannot see your final destination URL's. It will be slower, but it will be hidden.


Encrypted Email
There is plenty of software available to encrypt email.
The easy option for normal usage is to use a secure connection (https) as mentioned earlier in Gmail and Yahoo. This will not encrypt the actual message content. Another option it to 'zip' your message and password protect the zipped file, then send the file.


Web VPN Services (Virtual private network)
There are services available that will allow you to set up a VPN or Virtual Private Network via the web. Simply, you connect to the VPN service via the web and they connect you to the internet. All encrypted. Very secure, very popular with heavy Wi-Fi users, for obvious reason, security.
Your ISP will be able to see the URL of your VPN when you connect.


To be continued…China and the internet - how do they block?


China and the Internet - how do they block?
China has a reputation for Internet censorship - rightly or wrongly?
Firstly, my own take on this - I like censorship, I agree with it. If one thinks back maybe 40+ years in the UK, we had reasonably effective film (cinema) censorship. Television was still in it's infancy and the radio was mostly, easy listening. News reporting was obviously stifled.
As a young teenager I can remember going to the pictures (cinema) which then was the equivalent in technology terms of today's Internet and only being allowed in to see a 'U' certificate film or if accompanied by an adult (someone over 18 years of age) an 'A' certificate.
OK, I accept it was a bit hit and miss but overall, from my experience, it worked.
For instance, in most cases it was nigh on impossible to get into see an 'X' certificate film if under 18.
Yes, there were exceptions, yes there were unscrupulous cinema owners that couldn't careless and yes, if you were savvy enough to wait for the film to start then creep in through the rear fire exit (if it was unlocked) then you got in.
For how long? often, not long, as the cinema owner would patrol the aisles looking for anyone that should not be there and throw us out.
I, as a young teenager could not easily watch or see inappropriate content. It was censored and to this day, I still agree with it.
Overall it was effective and relatively easy to control, back then. Today, it is far more difficult.
I can see nothing wrong with any countries decision to make unavailable certain web offerings.
In my short spell of research in this area I have found much to be applauded here in China regarding its apparent 'blocking' and long may it continue.
Each country should set it's own web surfing etiquette and be allowed, without hindrance, to administer its own remedies.
If I am in a foreign land, I accept that I should obey the rules of that land, regardless of whether I agree with them or not.
My main concern here in China is one of ISP employee issues, that is, can individual employees of my ISP abuse the system for their own advantage.

If my latest sight of a news report is correct, with well over 220 million Internet users China now has more than any other country, including America and will continue to grow in Internet numbers.
So how does China even begin to 'block' some Internet content?
I believe that there are plenty of misconceptions over this issue.

First we need to look at the fundamentals.
The Internet from it very earliest beginnings was designed to be 'available' to all, all those that choose to use it. This has not changed and most likely never will.
No country, No government, No organisation, No individual can totally block any particular web offering from everyone, forever.
The only way that a web offering can be made totally unavailable from everyone, forever, is by removing it from the Web - forever. Then, tracking down and destroying all cached copies, all digital copies, all hard (paper) copies and physically stopping the same or another individual re-serving it.
Theoretically possible, I agree, but highly unlikely...

As long as it is served on the 'web', it is available.
OK, it might be difficult to access owing to an obstruction or two but is never, ever impossible to view by all and even the obstructions for some can be overcome and those that 'block' know this…

China has probably no more than 3 main fibre optic Internet connection pipelines. One in Beijing, one in Shanghai and the other most likely in Guangzhou. Conventional wired Internet channels are also relatively few in number.
Without going into the technicalities of Internet protocols and engineering, take it from me, that these limited connection channel options make it very easy to monitor what does come in and go out.

Technology marches on and although Internet traffic could always, from the very beginning, be 'sniffed', today, it is 'sniffed' more subtly and with sophistication often resulting in, for the unfortunate surfer, time outs or an apparent total block.

Should an authority choose to block, it has a variety of means at its disposal, some allowing blocking both in or out of a system:-

They could use the DNS (Domain Name Server) block.
For users to access a website they need to provide an address to reach, the URL, Uniform Resource Locator.
The URL is normally now in name/letter/word format, actually it is simply an IP address, a series of numbers separated by full stops. It was decided early on in Internet history to enable name to IP (number) conversion because humans find it easier to remember names and not numbers.
So when you enter a URL it goes off to the DNS and it is at this point it is possible to block, with a no address or bad address return, actually at this point it is possible to also re-direct traffic to another web location, this is sometimes the case.
This method is used to blanket block domain names, (bbc.com). It's easy and quick to implement and also reverse.

If a blanket block is not required then the following method is often used.
After the DNS lookup, if all is well, we enter the actual connection part of the operation, your requested URL is then signalled to connect to the remote server hosting the website. At this point messages are being exchanged between the two computers, yours and the issuing web page host. It is at this stage, whilst messages are going back and forth it is possible to redirect copies of the message packets to another computer that can assess the desirability of such a URL request.
Easy enough to have a list of undesirable web site URL's, a black list to 'check' against.
This method of blocking results in 'The connection has been reset window'.
It is this method that causes most aggravation because it is blocking on the 'fly'. One day available, another not.

Another clever ploy is to use a 'keyword' block. Simply, block a word or name in the URL that might be thought of as inappropriate. This too often results in a Connection reset. This method can be used to block recent event sites or sites that spring up after a particular happening.
The results for the surfer are once again frustrating to say the least.
This method can tie you up waiting for long periods only to eventually be given a page, 'unable to connect' or might throw up a redirect to a search engine, listing the very site your trying to reach…and you try again, and again...

The latest and by far most refined method of blocking involves actual page scanning techniques. It has now become an effective way to control viewing and either allow or block a page based on the content within the pages. The speed of the latest hardware means that all this can be done with little noticeable speed reduction to the surfer. This method will, I am sure, dominate.
As we know, the content on News sites changes all the time, with this method it is not essential to block the complete site anymore, only any pages that contain offending material.
It is this method that causes the surfer the most inconvenience as they will never know the resulting time out or what is not available, until they stumble on it.
How does it work?
Well, you request a particular web page, the issuing server sends the page as requested, at the same time as it is on route to your computer a copy of the page is also passing through a detecting server. A quick page content survey scan, very quick, milliseconds and any resulting bad words, bad content or anything else the detecting server has been set to pinpoint will result in the offending page being stopped by breaking the connection between the two computers, yours and the issuing server.
Also very quickly, the two offending IP's, yours and the issuing server will be prevented from communicating for a fixed period of time. This becomes a time-out and can be set to be any time period or series of time periods.
Now, what's really good about this method of blocking, the time outs, is this, if further attempts are made to get the web page then further reprisals may occur, a 30 minute block, an hour block or whatever the surveying server has been set to dish out.

0 comments:

Post a Comment

Anonymous comments have no credibility

Post a Comment