Re: Foreign Student Dealing with China's Web Filtering of US Websites

[Tomo <tomo () LONDON EDU>]

Agree with other posters, you should not be enticing students to break the law and use unlicensed VPNs.
Also, the great firewall will seek out sustained and prolonged data connections going outside of China (it’s not just 
US websites) that are encrypted and either rate shape the return traffic to death or eventually drop the connection.
Note that apart from specific blocks based upon content that is a concern and social networks that are well known and 
documented, generally Microsoft Cloud/Services and Amazon Cloud are not filtered, but Google cloud/services are blocked 
– and importantly this will trip up google hosted recapthcas.

However, there is a completely legitimate and trouble free way of getting access to services when in China that would 
otherwise be blocked that end users can adopt, at a little cost.
Any Roaming SIM card with a data connection (which can be shared as a hotspot if needed).
All traffic is tunnelled back to your home mobile network, and it breaks out to the internet from there.
The user would need to be economical with the data they use over the SIM card data connection…. but it’s a bullet proof 
way of doing things.

If a user cannot sort out a contract with a sensibly-costed bundle of roaming data for China, then you can pick up 
pre-paid SIM cards from various mobile networks in SE Asia designed for shorter term visitors that include a bundle of 
roaming data to be used within a specific period of time.
You can pick them up from the usual ecommerce sites like eBay, but also Aliexpress and Taobao.
Look at options from Hong Kong (even ChinaMobile HK and ChinaUnicom HK are ok), Thailand, Malaysia, Singapore.
You need to get as sensible amount of data with the greatest validity time possible (the time is often more of the 
issue than data allowance)

In the UK we also have a China Mobile MVNO that has free roaming in HK and China – not sure if they have equivalents in 
North America.

YMMV but hope this is useful.

__________________________________________________________________

Tomo | Infrastructure Architect | Information Technology – Operations and Assurance
London Business School | Regent's Park | London NW1 4SA | UK
D: +44 (0)20 7000 7777  | T: +44 (0)20 7000 7000
E: tomo () london edu<mailto:tomo () london edu> | W: www.london.edu<http://www.london.edu/>
Connect with us: LinkedIn<https://www.linkedin.com/school/5954> | Twitter<https://twitter.com/LBS> | 
Facebook<http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> | 
Instagram<https://www.instagram.com/londonbschool/?hl=en>

PLEASE NOTE: Working days: Tuesday to Friday until end August 2020.
Advance notice of annual leave: two weeks in September
[cid:image001.jpg@01D67AF1.02485490]


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ayala, Daniel
Sent: 25 August 2020 14:58
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Foreign Student Dealing with China's Web Filtering of US Websites

Hi Bruce,

The most consistent thing when dealing with connectivity to western services in China is the inconsistency in 
connectivity to western services. The fact that VPN to your campus works one day from a country may not mean that it 
works the next, and maybe not from all regions in the country. Layer on this some new technology limits on TLS 1.3 
which makes it harder for national firewalls/filtering to limit specific destinations, so it has been summarily blocked 
in China which eliminates a number of technologies.

There is also the fact that care needs to be taken when giving recommendations on how to connect that may be illegal in 
a particular jurisdiction. While the goal is to connect students and keep them connected, we should not rely on or 
recommend solutions that we know to be illegal in their area (and there are more countries than just China where 
connectivity is a changing landscape). As such, our approach as been to establish a joint academic/technology approach 
to give instructors a suite of options that they can leverage and consider for international students, along with the 
up-front understanding that students in these areas will likely require some flexibility by the instructor to use these 
multiple paths, through the use of a suite of technologies perhaps used in creative, new ways.

https://tech.msu.edu/about/guidelines-policies/exploring-alternative-edtech-approaches-for-international-student-participation/

This document is to a stage where were are actively sharing and using it throughout Michigan State University as we 
lead up to the start of the fall semester. But if you have any feedback or ideas based upon it, please share them as we 
consider this topic a permenent work-in-progress..  Thank you!

Dan

Daniel Ayala
Interim CISO
Michigan State University
ayaladan () msu edu<mailto:ayaladan () msu edu>



On 25 Aug 2020, at 09:13, Bruce Heldman <heldmanb () QUEENS EDU<mailto:heldmanb () QUEENS EDU>> wrote:

We have a foreign student who’ll be returning to mainland China since our Fall semester is online only.   Prior 
experiences he’s had with the Chinese government’s Web filtering suggest he will be blocked from browsing various US 
sites required for his course work.

Are there any options that would help us with this situation?

We’ve considered:
1.      Granting him VPN access, but I believe non-university wouldn’t be tunneled.  It would go through his default 
gateway.
2.      Assigning him a VDI workstation.  He would then connect to this university VDI workstation (with or without 
VPN) and browse from that station.

Any suggestions or recommendations are appreciated



Bruce Heldman
Sr. Director of Technology Infrastructure & Support
Queens University of Charlotte
1900 Selwyn Avenue
Charlotte, NC  28274
Tel:   704-971-5409


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!hUikcT8jC9Bhg_ZM6kiGSAbudKiOd0bB-whyb19bXEpsdaYBeWYS4E2xD-ONQtI$>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community