This article was published on August 9, 2017

China’s VPN ban exposes its citizens to cyber-attacks


China’s VPN ban exposes its citizens to cyber-attacks

Apple last week removed all virtual private network apps (VPNs) from the iTunes store in China. The Chinese government made VPNs illegal this year, and now it’s forcing tech companies to choose between honoring its censorship demands or not doing business there.

China’s government has spent years trying to gain the upper hand against anti-state content. Officials blocked sites and banned content, they even built The Great Firewall. Citizens still found a way to access content the government censored. The easy way: using a VPN.

The government turned to technology for answers, employing methods such as IP blocking. The efforts were reactionary, and doomed to fail: any basic IT model is built on finding problems and overcoming them. The very soul of technology is the innovation cycle. See a need, fill a need. There’ll always be ways around the system.

A government blocks a website and someone is already working on a way to unblock it for you. Someone wants your data? There’s a company that wants to protect your privacy. But what about your security? Robert Knapp, CEO of CyberGhost, says:

In 2011, we felt, we started out as an unblocking service, that was before Julian Assange. Then after, we felt that what we did, actually, was protect privacy, in helping people keep their data private. By 2016 we realized what we’re doing is security. Data now tells everything about you, and if your data isn’t encrypted, it’s out there.

It’s true, a VPN is something many people think just lets you work around a firewall. If porn is blocked at your job a VPN can help you with that.

So China banned VPNs outright, making them illegal, to stop people from accessing censored content. On the one hand, you can’t completely stop people from finding a way around The Great Firewall. On the other hand, you can stop law-abiding citizens from doing so. When VPNs are outlawed, only outlaws will have VPNs.

Unfortunately, as TNW reported, this is causing difficulty for people who need access to the whole internet, like researchers, not just the pages approved by the Chinese government. Education, research, and the global dialogue all suffer when we can’t connect. There’s a larger picture though, it’s not just about being able to access porn. It’s never just about porn.

This also means that VPNs can no longer perform the other functions they serve: privacy and security. Knapp says this is a bigger problem than most people realize:

They’re making the lives of hundreds of millions less secure. It’s not just about privacy anymore. People used to believe it was okay to lose internet privacy because, as long as they weren’t doing anything wrong, they had nothing to fear. It’s not like that, our data tells everything about us. Without the ability to secure our data there’s no way for it to be safe.

Just how important is data safety? Knapp thinks the danger to citizens, whose data is not protected, is very real:

We did a little experiment, there is an apartment in Bucharest that is 100 percent smart. I asked the owner to run a protocol for one week. The protocol collected all of his data and we gave it to a friend of mine who is a journalist. We asked her to write a story about the data, as if it were a real person. The story she wrote was almost 100 percent accurate about this man.

At first glance it doesn’t sound so scary – give a person access to all your data and it makes sense the they could write a story about you. However, it gets a little darker when you realize that anyone can get that data. We are long removed from the days when hackers were computer specialists, according to Knapp:

It’s not getting better, it’s going to get worse. The reason is, the level of knowledge required to build an encryption system continues to go higher and higher. It’s hard to do, the difficulty keeps going up. Meanwhile it’s getting easier and easier to perpetrate the attacks. The necessary code is out there, it’s open-source. We’ve even seen that the recent attacks weren’t money-driven. It’s either politically motivated or they’re doing it just to because they can. Because, why not?

Countries like China and Russia have policies that put hundreds of millions of people’s data at risk, in order to enforce censorship laws. According to Knapp it’s more than just an online crack-down:

We’re seeing reports that people get stopped by police in the middle of the street, the police will go through their phones to confirm they don’t have a VPN installed. In Russia, they brutally enforce these laws. There’s no privacy at all. You either have privacy or you don’t, there’s no such thing as 80 percent private. Nothing is private, the FBI cannot keep a secret, we know this, so the data they have is not private. No-one, at this point, can guarantee you have privacy.

What happens now? Knapp says Russia’s censorship solution is as powerful, and dangerous as China’s. He also says Turkey, Venezuela, Iraq, and Iran are on similar paths. The internet is no longer a place where ideas are shared, he says:

Maybe, in the 80s, but now it’s a place where maybe you can share ideas. Maybe if you don’t connect through what is essentially an intranet – colleges’ Wi-Fi blocks certain sites. Entire countries have certain sites blocked. Maybe you have access to share your idea, but probably you don’t. Probably, you only have access to certain sites, and you don’t even realize that others have been blocked.

China and Russia don’t equate privacy with security: banning VPNs is just the rule-of-law in those countries.

As long as you trust your government to protect you from hackers, you’ve got nothing to worry about.

Get the TNW newsletter

Get the most important tech news in your inbox each week.