Bruce Schneier recently wrote about the discovery that the firewall system being used by China could be circumvented by both ends of the connection ignoring the TCP reset sequence. The paper was presented at the 6th Workshop on Privacy Enhancing Technologies, which sounds like an interesting gathering. It’s refreshing to see people working towards more privacy in a world where minature cameras and tracking devices abound.

The discovery is interesting, but in my opinion not very practical since you need to get both ends of the connection to ignore resets. A better method would be to tunnel the traffic over ssh to a server outside China using techniques like those described on this blog — you setup a ssh tunnel to a system you have access to and forward a local port across the connection. You then direct your web browser, Firefox of course, to use the local side as a SOCKS proxy and presto! Your packets are encrypted up to the point where they leave the ssh system. It is a little easier to do under Linux, but using putty you can set it up under Windows as well.