The Chinese government has deployed an update to its national firewall, to block encrypted HTTPS connections that are being set up using the latest internet standards for encryption.
The ban has been in place since the end of July, according to a
joint report published this week by three organizations tracking Chinese censorship -- iYouPort , the University of Maryland , and the Great Firewall Report.
In particular China is now blocking HTTPS+TLS1.3+ESNI.
TLS 1.3 is the latest
encryption standard that can be used to implement https. Server Name Indication is used to specify which website is required when several websites are hosted using the same I address. By default it is unencrypted letting ISPs and snoopers know which
website is being accessed even when using https. ESNI (Encrypted Server Name Indication) closes this loophole.
Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols -- such as TLS 1.1 or 1.2,
or SNI (Server Name Indication). This rather suggests that these old encryption standards are now compromised.
Per the findings of the joint report, the Chinese government is currently dropping all HTTPS traffic where TLS 1.3 and ESNI are used, and
temporarily banning the IP addresses involved in the connection, for small intervals of time that can vary between two and three minutes.
Note also that this news about Chinese censorship probably informs us about snooping capabilities in the UK.
Presumably GCHQ and UK ISPs would be similarly blinded by HTTPS+TLS1.3+ESNI, whilst still being able to block and snoop on older standards.
TikTok and 53
other iOS apps still snoop your sensitive clipboard data Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.
The Government of India on Monday banned 59 Chinese apps including TikTok and UC Browser which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order, news agency ANI reported. Majority of these
apps were recently red-flagged by intelligence agencies over concerns that they were collecting user data and possibly also sending them outside of the country's borders.
Among the apps that have been banned are Tik Tok, Sharit, Kwai, UC Browser,
Baidu map, Shein, clash of Kings, DU battery saver, Helo, Likee, YouCam makeup, Mi Community, CM Browsers, Virus Cleaner, Apus Browser, among others.
A very technical, but very interesting article, about how ebay and 30,000 other website use very sneaky and well hidden scripts that can see through your VPN and obtain a fingerprint identification.
The Chinese government and the Chinese telecommunications companies such as Huawei under its control are proposing a New IP addressing system for the internet to replace TCP/IP. The New IP system includes top-down checks and balances and such features as
a shut up command that would allow a central controller to stop packets from being received or sent by a target New IP address. The China led proposal was first unveiled at the International Telecommunications Union (ITU) meeting in September 2019. The
associated power point presentation and formal proposal have been made available by Financial Times.
In it, the Chinese government and its state controlled telecommunications service and hardware providers (i.e. Huawei) make the
case that TCP/IP is broken and won't scale for use in the future internet which will include things like holographs and space-terrestrial communications. China argues that these new technologies on the old system would require complex translators and
increase the overall cost to society.
The New IP proposal admits that TCP/IP has achieved relatively good security. However, China feels that this is still far away from what we actually require in the future. If the security is
admittedly relatively good, what could possibly be missing? Apparently, the answer to that question is trust. The proposal reads:
As universal connectivity develops, a better security and trust model need to be
designed and deployed to provide a stable, trustworthy, and long-term environment for people to use.
Let's be clear: Trust should have no part in this. Especially this type of absolute trust in centralized
institutions -- that have repeatedly proven to be unworthy of such trust -- which is exactly what China is trying to force down the internet world's throat. Let's not forget that China is the same country that already forces real name and identification
to be tied to all internet or phone services and also runs a censorship campaign against the open internet so large that it's called the Great Firewall .
NATO report warns against China's New IP system and its proposed
Splinternet
Oxford Information Labs (Oxil) has prepared a research report for the North Atlantic Treaty Organization (NATO) that does not look kindly on the New IP proposal or the breakneck pace that it is being rushed through
the approval process. The report authors from Oxil spoke with and provided an advance copy of the NATO report to Infosecurity. Oxil summed up the problem with New IP concisely:
New IP would centralize control over the
network into the hands of telecoms operators, all of which are either state run or state-controlled in China. So, internet infrastructure would become an arm of the Chinese state.
The New IP model also takes pot shots
at current centralized parts of the internet, such as the Domain Name System (DNS), and offers Distributed Ledger Technology (DLT) solutions under the guise of promoting a Decentralized Internet Infrastructure (DII) to address them. While that may sound
like the holy grail of blockchain technology and true decentralization that real public blockchain technologies such as Handshake provide, what is being proposed by China is absolutely not that. Oxil notes that the proposed DLTs would undoubtedly be
under Chinese government control -- bringing about that call for trust again. Oxil explained to Infosecurity:
It is not uncommon for language of 'trust' to replace 'security' in Chinese DII-related discussions. This is
concerning because it indicates that the principle of 'security by design' -- at least in the Western context -- is not being adopted in DII's development. In the long-term this could negatively impact cybersecurity globally.
It doesn't matter how distributed or decentralized parts of a protocol seem on the surface, if there is a centralized command at the top that can issue shut up commands to devices supposedly connected to an open internet -- said
devices aren't actually connected to an open internet, are they.
China will move towards using New IP with or without ITU approval Huawei is apparently already building internet infrastructure that utilices New IP as opposed to
TCP/IP with partner countries, likely in Africa. Besides that, the Chinese proposal for a more top-down controlled internet has also seen support from Russia, Saudi Arabia, and Iran. While Huawei claims that this is an open process, and is open to
scientists and engineers worldwide to participate in and contribute to, the fact that nobody really knows what's going on besides those involved in the process is telling. Robert Clark writing for LightReading calls New IP Huawei's real threat to
networking and describes the situation aptly:
Huawei's important additional role here is as the major supplier to telcos in many developing countries. It is these governments that are likely the biggest enthusiasts for
a manageable Internet without being hectored by Western governments about openness and freedom. And Huawei staff are on hand to help them build it.
That is to say, Huawei is already going ahead and building New IP
systems with shut up commands and all -- in effect creating the very network islands that they want to use as a reason that TCP/IP won't work. In reality, those seeking to expand network functionality to new types of devices and services such as
holograms or satellite comms and more internet of things devices have all the incentive in the world to make something that works with the existing TCP/IP world. In contrast, China and other countries that do not want true freedom on the internet are all
too eager to create a form of the internet that gives them ultimate, centralized control. That China is proffering this New IP model to the free world as an improvement should be expected, and thoroughly ignored and lambasted.
Ripe is the Regional Internet Registry for Europe, the Middle East and parts of Central Asia. It allocates and registers blocks of Internet number resources to Internet service providers (ISPs) and other organisations. The RIPE NCC membership consists
mainly of Internet service providers, telecommunication organisations and large corporations.
RIPE is opposing a proposal to remodel core internet protocols, a proposal backed by the Chinese government, Chinese telecoms, and Chinese networking
equipment vendor Huawei.
Named New IP, this proposal consists of a revamped version of the TCP/IP standards to accommodate new technologies, a shutoff protocol to cut off misbehaving parts of the internet, and a new top-to-bottom governance model that
centralizes the internet and puts it into the hands of a few crucial node operators.
The proposal received immediate criticism from the general public and privacy advocates due to its obvious attempt to hide internet censorship features behind a
technical redesign of the TCP/IP protocol stack. Millions of eyebrows were raised when authoritarian countries like Iran, Russia, and Saudi Arabia expressed support for the proposal.
In a blog post this week, RIPE NCC, the regional Internet
registry for Europe, West Asia, and the former USSR, formally expressed a public opinion against China New IP proposal. Marco Hogewoning, the current acting Manager Public Policy and Internet Governance at the RIPE NCC said:
Do we need New IP? I don't think we do. Although certain technical challenges exist with the current Internet model, I do not believe that we need a whole new architecture to address them.
Any endeavors to
revamp internet protocols should be left to the Internet Engineering Task Force (IETF), the international body that has been in charge of defining internet standards for decades. Such issues should not be left to the ITU, which is the United Nation's
telecommunications body, and an agency where political influence rules, rather than technically-sound arguments.
In addition, RIPE is also concerned with the attempt to change the internet's current decentralized nature.
The Chinese government has deployed an update to its national firewall, to block encrypted HTTPS connections that are being set up using the latest internet standards for encryption. 
TikTok says it will stop accessing clipboard content on iOS devices 
The Chinese government and the Chinese telecommunications companies such as Huawei under its control are proposing a New IP addressing system for the internet to replace TCP/IP. The New IP system includes top-down checks and balances and such features as
a shut up command that would allow a central controller to stop packets from being received or sent by a target New IP address. The China led proposal was first unveiled at the International Telecommunications Union (ITU) meeting in September 2019. The
associated power point presentation and formal proposal have been made available by Financial Times. 
Ripe is the Regional Internet Registry for Europe, the Middle East and parts of Central Asia. It allocates and registers blocks of Internet number resources to Internet service providers (ISPs) and other organisations. The RIPE NCC membership consists
mainly of Internet service providers, telecommunication organisations and large corporations. 