[Tech] Would it be possible to effectively shutdown Freenet within the PRC?

[Michael Rogers]

Peter Rosenmai wrote:
> Chinese ISPs could simply look
> for and block the Freenet protocol, couldn't they?

Hi Peter,

It's certainly possible in theory, but I'm not sure whether it can be 
done with the technology they're currently using.

First, it might be difficult to detect the Freenet protocol reliably: as 
far as I know all parts of the protocol are encrypted or obfuscated, 
even the initial handshake.

Second, I don't think internet traffic within China passes through the 
same filters as international traffic.

Third, the international routers don't perform the filtering themselves, 
they send a copy of every packet to a separate piece of equipment that 
kills connections that match certain rules by sending forged TCP RST 
packets to both ends of the connection. Freenet uses UDP rather than 
TCP, so sending TCP RSTs wouldn't work, but perhaps they have another 
way of filtering UDP.

> 2. Would it be possible for the PRC to run Freenet nodes in order to
> determine the IP addresses of other nodes within China?

Yes. Freenet users can choose between 'darknet' mode, in which they only 
connect to their trusted friends, and 'opennet' mode, in which the node 
automatically finds other nodes to connect to. Opennet users can also 
have darknet friends. By running an opennet node the Chinese government 
could discover opennet users in China very easily. With additional 
effort it might be possible to follow the darknet connections of the 
opennet users to discover some or all of the darknet users too.

> 3. Is it true that the PRC has previously blocked Freenet? If so, how
> was this achieved?

The protocol was previously based on TCP and there were some plaintext 
bytes in the initial handshake that could be used to identify a Freenet 
connection. Nowadays the protocol's based on UDP and as far as I know 
there are no plaintext fields any more.

Cheers,
Michael