Hacker News new | past | comments | ask | show | jobs | submit login

As a Chinese user who regularly breaches the GFW, QUIC is a god send. Tunneling traffic over a QUIC instead of TLS to breach the GFW has much lower latency and higher throughput (if you change the congestion control). In addition, for those foreign websites not blocked by GFW, the latency difference between QUIC and TCP based protocol is also visible to the naked eye, as the RTT from China to the rest of the world is often high.



I want to visit China but am afraid I will not be able to breach the GFW (as other friends have not been able to).

Any resources you can point me to to help me be more successful?


You won't casually breach the GFW. I would treat any advice posted publicly on the internet about how to breach the GFW as probably-malicious. They are better at networking than you are.


You will casually breach the GFW if the VPN you pay for is not blocked yet.


Beware when using VPN to breach the GFW. Recently a Chinese netizen had to pay over 1 million yuan (>145K USD) for using VPN [1][2]. Before this incident, only VPN service sellers were prosecuted [3]. Beware when doing this casually.

[1]: https://news.ycombinator.com/item?id=37787205 "Chinese Netizen Fined Over 1 Million Yuan for Using VPN"

[2]: https://here.news/post/93c46bbd-ea0d-48e2-bba6-135e58887f81/... "Chinese Netizen Fined Over 1 Million Yuan for Using VPN"

[3]: https://www.zdnet.com/article/chinese-man-arrested-after-mak... "Chinese man arrested after making $1.6 million from selling VPN services"


A foreigner won’t be treated in the same way. The Chinese government is cruel to its own people but quite friendly to outsiders.


Foreigners need to worry about the new Chinese anti-espionage law instead [1]: at least 17 Japanese nationals have been recently accused of spying in China [2], and a US citizen jailed for life [3]. The German car industry is worried [4].

    The law broadens the scope beyond what it originally sought to prohibit – leaks of state secrets and intelligence – to include any “documents, data, materials, or items related to national security and interests.” [1]
Beware when bypassing the GFW.

[1]: https://theconversation.com/chinas-new-anti-espionage-law-is... " China’s new anti-espionage law is sending a chill through foreign corporations and citizens alike"

[2]: https://www.dw.com/en/japanese-companies-fear-chinas-draconi... "Japanese companies fear China's draconian espionage laws"

[3]: https://www.cnn.com/2023/09/11/china/china-john-leung-mms-sp... " Beijing claims US citizen jailed for life in China was decorated spy who worked undetected for decades"

[4]: https://www.reuters.com/business/autos-transportation/german... "German car industry urges Berlin to address anti-spy laws with Beijing"


If you're only visiting, maybe don't attempt to breach it? For two weeks I would just plan on not using the normal internet.


Your phone will be a brick for the entirety of your stay. A vpn is the only way to access google services in china.


There are other services than google though. Why would the phone be a brick?


I’d say when I travel I rely on Google maps. Without it, yes it is still possible to find your ways but it is so much easier using those maps on the phone especially in non-English areas.


Why would you want to use Google Maps in China? All the crowdsourced information wouldn't be available and the government is hostile to it. Wouldn't it be better to use whatever the Chinese competitor is?

Unless your goal is to read about Tiananmen Square in Tiananmen Square. Which just doesn't sound smart.

Obviously, it's different if you live there. But on a two-week vacation it doesn't seem worth it.


Its just not as easy as that. Most of the chinese services are tied to wechat or whatever and english support is patchy.


Does Google maps even work in China? I thought that China used a different coordinate system.


It does work. The "different" coordinate system is only a facade.


Without Google services your phone is a brick? You can use Apple services, Microsoft services, any number of other websites. People really like to dramatize the GFW.


On an android phone, 5 years ago, it turned into a brick when i stepped out of shenzhen airport. There is a surprising amount of chatty network stuff going on under the hood that stops working. I ended up using a vpn which fixed it. Even basic stuff like contacts no longer worked .

Plus without gmail, you can't recover a password or in some cases authorise yourself on 3rd party services.

It was a brick.


When you stepped out of the airport and swapped in a domestic SIM?


Probably using local Wi-Fi.


So he stepped out of the airport and connected to WiFi? Why not use cellular data?


Data roaming on a non-Chinese SIM card is the simplest approach, and perfectly sufficient if all you want to do is use Google search etc.


This may work https://github.com/trojan-gfw/trojan


I concur with your sibling commenter:

> I would treat any advice posted publicly on the internet about how to breach the GFW as probably-malicious. They are better at networking than you are.

https://news.ycombinator.com/item?id=37786214


I'm still experimenting and reading through the documentation, but I'm semi certain Project X is also compatible with Trojan:

https://github.com/XTLS


SSH tunneling always works for me.


Pay for an international roaming data plan if it's so important.


There are quite a few VPN providers I know that work reliably in China.


What do you need to change for congestion control?


The default congestion control is CUBIC, which is very slow for connections between China and the rest of the world. Google's BBR is a great improvement, and sometimes I use "brutal" congestion control, which is basically a constant speed.


Any specific tool you can recommend?


hysteria and tuic. Both are based on QUIC. But you need a server outside China though.


RTT?


Round-trip time.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: