Jump to content

Recommended Posts

Posted

I will be traveling to China for a work-related assignment, and given that there's high level of surveillance in China, will a VPN protect me if I'm connected to a Public Wifi? I have FastestVPN subscription and the support guy said that the VPN only encrypts the data between two endpoints; I'm not tech savvy so i dont't know what that means. And if the Wifi asks for any permission to should I accept?  

Posted

Yes, no, possibly and maybe.

Yes, it will protect at least some of your network traffic as it goes from your device through to the FastestVPN server, at that point, the server decrypts the traffic and sends it on its way. That is what is mean by between the end points, you to them, what happens from them onwards depends on the type of traffic you are sending. This should at least get your traffic through the Chinese firewall.

No, the Chinese have some very strict rules in place and may block the VPN or mess with the traffic in order to be able to decrypt what they see, for example swapping out encryption certificates. When doing this, if the client has been written correctly, it should warn you that something bad is happening so you will be able to make a decision as to what to do.

Possibly, without knowing something about how FastestVPN works, it isn't possible to say how well they configure the service, done well and all your traffic should go across the VPN, done badly and all sorts could leak out around it.

Maybe, without fully testing it in an environment where you can monitor exactly what is going on then it isn't possible to know for sure.

Something to remember, if you are using public wifi and they have a captive portal (a web login page), then you'll probably need to have the VPN off to reach it meaning all your traffic is flowing in the clear till you've logged in. Also consider "Evil Maid" attacks and general surveillance. A VPN is good, but a camera pointed at your screen watching everything you do will defeat the protections to a degree.

  • Like 3
Posted

Like with a lot of things, it would probably depend on a cost/benefit analysis of you and your activities. If all you are doing is arranging to buy 100 biros from a Chinese firm, then they probably wouldn't get much from doing it so may not bother, if you are discussing arms details with some shady organisation, then they will probably do it and more.

Due to the cost of labour and the way their government works, I'd guess that they would have more coverage than somewhere like the UK, but don't know for sure, all organisations have their limits.

Posted

A solution could be to setup your own openVPN server. Isn't that hard to do and it could give you some time to confirm it works as it should.
I've testet a private VPN solution based on OpenVPN, from Linux workstations, and see no leaks from it. But, as with any kind of VPN solution, it's possible to sniff the traffik at the gateway, if not encrypted from that point forward. But it should get you through the Chinese firewall.

As for phones, hmm. Anything on a GSM network, could possibly be monitored by the government. Something like Jitsi IM and encrypted videochat through VPN comes to mind, depending on your situation.

But, as Digininja pointed out, it depends on what resources they want to spend on it, and would they bother for an ordinary bussinessman, conducting legal bussiness in China ?
I guess you would be fine, just with an ordinary VPN solution, combined with some kind of encrypted messenger / videocall.

  • 4 weeks later...
Posted

If you are worry about china government, then you should realized all network traffic include but not limited public WIFI or private WIFI, wired network, mobile network are all under the government surveillance, all ISP and network technology company need make a copy of all the data  (port Mirroring) to government server, which also including but limited to  call records, SMS, GPS records. They will also keep a real time record for every IP address matching to every people unless it is a NAT, in that case it will match to a place and it's owner.

That's why most of US or EU technology company will make china specific travel policy for their Key employee.

They will use a flash installed laptop and cellphone. They will do all their job on remote computer thought WebVPN and Citrix.

Which is actually not work well, since china also using BGP hijack very frequently.

 

  • 4 weeks later...
  • 4 weeks later...
Posted

做为一个地地道道的中国人给予你最标准的答案。你思考的太多了,中国政府根本懒得理会你。(As a local Chinese, give you the most standard answer. You think too much, the Chinese government is too lazy to pay attention to you.)

Posted

I'd agree for most people but it all depends on what he is worth to them. If he is a nuclear scientist at a conference on innovative research then they probably will care. Selling kids market stall plastic jewelry, they won't.

Every discussion on topics like this need to start by working out threat models and risk profiles, till you have those, you can't make any sensible decisions.

  • 5 months later...
  • 4 weeks later...
Posted

Yes, VPN protects you in public wifi. All your data is encrypted under the VPN. However, you need to select reliable vpn providers, also many vpns are now blocked in China

Be careful using vpn in China. It is better to use invisible vpn connections like ssl. And never use free vpns in China. This is so resque. 

 

Posted

A little but there a lot of issues with cookies and privacy. Easy for big brother to track you back just by your browsing history. If you are using a phone make sure your accounts do not automatically connect otherwise your info will leak before the VPN even connects. Usa a VPN that does not log your sessions.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...