March 30 2023, VPN Community Gathering: Difference between revisions

From TCU Wiki
Erin (talk | contribs)
Erin (talk | contribs)
 
(2 intermediate revisions by the same user not shown)
Line 136: Line 136:


==China==
==China==
'''VPNs are integral for doing media work and important for any activist or HRD working in China'''


* The most important challenge is that safe VPNs don’t work in China.
** ProtonVPN for example doesn’t work in China


'''How do you verify the VPN / circumvention solution?'''
* There are tools that work in China, but are not safe.
** Most of the VPNs that say they are safe and work in China are cooperating with the government.
** Messaging platforms and social media will collaborate with the government.
* Tor is just slow in China if you use it.
* It’s good to create an independent solution and offer it to trusted contacts (an Outline server).
The GFW is really strong. It can detect the IP you use. The government can then block the IP. You have to regularly change servers, particularly around certain events.
* June 4, around the conference party, the GFW will be really strong.
'''Using a VPN in China'''
* If you want to be safe, then you must first educate yourself and have separate smartphones for VPN use.
* You cannot have VPN, circumvention and security apps on the same smartphone that you have for regular use.
* One of the VPN platforms used by some media and activists is Outline.
** Outline is also a stable app or platform to build up their VPN.


===Q&A===
===Q&A===

Latest revision as of 09:29, 19 April 2024

This month we are excited to welcome Kaia (Front Line Defenders) and Darika (Security Matters, Thai Netizen) to discuss emerging threats and challenges to users in Southeast Asia, Hong Kong and Taiwan. In an election year (Thailand, Cambodia, Myanmar and Malaysia) and with the backdrop of plans to implement GFW-style firewalls in Cambodia and Vietnam, organizations and digital security trainers regionally are searching for usable and affordable censorship-resilient tools and approaches to prepare users for election-related internet disruptions as well as the potential for more permanent censorship regionally.

Resources

Meeting Playlist

Presentation Slides

Thailand - Digital Rights Context (30-Mar-2023)

Notes

Thailand

Political Prosecution in Thailand

  • 1,895 people have been politically persecuted in 1,180 cases across Thailand.
  • Defamation of the monarchy (lèse-majese, Article 112) is one of the most popular charges.
  • The lawyer that produced the yellow duck calendar was imprisoned.
  • An activist was arrested on the 28th of March for graffiti of 112 and the Anarchist symbol on the Temple of the Emerald Buddha.
  • Will people get arrested even for the memes that are being shared online that are considered defamation of the monarchy?

Elections in Thailand

  • Elections will happen on the May 14, 2023
    • May 14 is also the day of university final exams.
      • Many won’t be able to go home to vote due to exams, a suppression of the youth vote.
  • Elections in Myanmar will also happen in August, and the results of the Thai elections will affect Myanmar.

National Internet Gateway

  • A “Single Gateway” like that proposed in Vietnam and Cambodia was also proposed in Thailand.
    • Gamers were really against it and it was postponed.
    • It’s possible the gamer protest had an effect, however the government may have also realized that it would be too hard to manage in terms of infrastructure.
    • The idea is still on the table.

Additional Censorship and Surveillance

  • Thailand also used Pegasus to target activists in the country.

VPN Support

Internet censorship in Thailand is not as critical compared to Indonesia and Malaysia, but surveillance is a primary concern.

VPN Challenges

  • Language barrier

What are people using for VPN solutions?

  • Activists use VPNs to hide their IP addresses.
    • TunnelBear is the most popular
    • Tor Browser as well.
      • Trainers regionally have partnered with TunnelBear in the past, increasing visibility and use.
  • Regular people use VPNs to access Kpop music and other cultural / entertainment content.
  • Awareness of VPNs and their limitations is the challenge. Individuals think that they can trust any VPN and that VPNs by default are free.

Support for Thailand Leading into the Elections Improving the Feedback Loop for Documentation and Users

    • What guiding questions would be helpful for developers to get answers to?
    • Do you have guidelines for user feedback?

Election in Thailand in May

  • Trainings will take place in May for journalists and different VPNs and relevant tools will be integrated into the trainings.
    • Talked to FLD, OONI, Tor...
    • What tools should be included in the trainings, especially related to the election?

Q&A

Is the telecommunications state-owned or government-owned?

  • This is a critical question. There were 3 major ISP actors: 2 major actors that were associated with the government, plus Telenor.
    • Since 2021 however, Telenor has merged with Charoen Pokphand Group which has relationships with the military party.
    • Now there are only two major ISPs in the country, and one is owned by the prior prime minister who was kicked out of Thailand after the former coup.

Is it a better/safer strategy to promote VPN apps or instead to build circumvention tech into browsers, chat/messaging apps, news apps, etc?

  • Part of it is to think about laws targeting "VPNs" specifically, vs a browser or chat app that integrates tor/lantern/psiphon - def some good examples out there.
  • I think both promoting VPN apps and building circumvention technology into various apps and platforms can be effective strategies for enhancing online privacy and security.
  • It seems a lot of the censorship is DNS-based. So using encrypted DNS may be good enough.
    • https://getintra.org makes it very easy to use DoH on Android. It's not a VPN: it does encrypted DNS and ClientHello splitting
    • There is some TLS interference in some ISPs too. But Intra should help in that case.
    • It's also possible to put sites like [no122.org no122.org] on AWS storage, so it's impossible to block.
  • It’s good to have circumvention technology in apps.
  • In a country where using a VPN is illegal, this could be a solution.
  • In SEA, pro-Chinese governments are learning cyber policies from China that may be implemented in the new cybercrime laws.
  • Another solution is better than only promoting VPNs and circumvention tools.

What are some of the best digital security resources available in Thai that you can recommend to human rights defenders?

Cambodia

National Internet Gateway Updates

  • The Cambodian government was planning to implement the national internet gateway last year, but due to COVID etc, it was postponed.
  • Since the postponement, there have not been any updates on the proposal.
  • The national internet gateway proposal is similar to China’s censorship policy.
    • All internet traffic from overseas would be trafficked through a single point, managed by a government auditor.
    • All internet users would have to be verified by the ISP.
      • If the ISP fails to authenticate user identities, the ISP would lose their license.

Cambodian Elections

  • Cambodian elections will be held in July.
  • There is some worry that the national internet gateway will be implemented before the elections.
    • Most speculate that the government is not ready to implement the gateway due to the pandemic and delays with building out the necessary infrastructure. However, the implementation being postponed might also be because of the huge push back from domestic and international civil society.

Draft Cambodia Cybercrime Law

  • A cybercrime law has already been drafted.
    • The draft law gives more power to authorities to tap and collect data on users.
    • It also gives power to take down online posts without a warrant.
  • There is an additional proposal for required national domain name registration in Cambodia.
  • SIM registration

Q&A

What is the risk if the government forces all of the CSOs to register with the org.ka domain?

  • Top level domain would be organized by the government.
  • They could do what they want with the DNS record.
  • The government could redirect people.
  • They could also pull data on who is pulling data on which domains.

Vietnam

Vietnam Censorship and Surveillance Updates

  • In 2018 Vietnam announced a new cybersecurity law.
  • Certain newspapers and content are censored in Vietnam.
  • Around certain events, the government has slowed bandwidth to inhibit access to information.
  • The government also implements keyword censorship.

VPNs in Vietnam

  • The reasons listed above are a few exemplifying the importance of VPNs for activists in Vietnam.
  • One worry is IP tracking and arrests based on where the activist is based.
    • If an IP from Vietnam can be traced to a post on Facebook related to Vietnamese elections etc, the poster is at risk of being found and arrested.

Popular VPNs

  • TunnelBear, ProtonVPN, and AvastVPN are popular among activists
    • Avast allows you to share licenses with about 10 people.

China

VPNs are integral for doing media work and important for any activist or HRD working in China

  • The most important challenge is that safe VPNs don’t work in China.
    • ProtonVPN for example doesn’t work in China

How do you verify the VPN / circumvention solution?

  • There are tools that work in China, but are not safe.
    • Most of the VPNs that say they are safe and work in China are cooperating with the government.
    • Messaging platforms and social media will collaborate with the government.
  • Tor is just slow in China if you use it.
  • It’s good to create an independent solution and offer it to trusted contacts (an Outline server).

The GFW is really strong. It can detect the IP you use. The government can then block the IP. You have to regularly change servers, particularly around certain events.

  • June 4, around the conference party, the GFW will be really strong.

Using a VPN in China

  • If you want to be safe, then you must first educate yourself and have separate smartphones for VPN use.
  • You cannot have VPN, circumvention and security apps on the same smartphone that you have for regular use.
  • One of the VPN platforms used by some media and activists is Outline.
    • Outline is also a stable app or platform to build up their VPN.

Q&A

Do you have any information about what VPNs are available (downloadable and stable) in China?

  • Lantern is available.
    • There are some worries about Lantern being safe.
    • It’s hard to access the Lantern website to update the application if the app is not working.
  • Outline can work.
  • The university will also offer VPNs to students doing research.
  • When the VPN is not working, the hard thing is accessing a new tool amid censorship.