How should one access their servers when in China if at all?
from ComradeMiao@lemmy.world to selfhosted@lemmy.world on 16 Nov 20:20
https://lemmy.world/post/22103346

Some people my server admin uncle included believe that bringing any device to China automatically compromises it even if you reinstall a new OS. Is this warranted as some random person?

Can I go to my public sites and/or VPN into my servers?

Edit: I go there all the time. Also, I can take these precautions but I can’t expect my family to take them. What about family members phones?

A lot of great replies, thank you! Would love the read more specifics so I can know exactly the threats and my actions

Also, this is not an anti-China post. My field is Chinese related. Just learning more about the hosting side :)

#selfhosted

threaded - newest

schizo@forum.uncomfortable.business on 16 Nov 20:38 next collapse

If your device is out of your sight, then yeah, you should probably assume it’s compromised.

Of course, that’s hardly JUST China doing funky shit with your devices, but depending where you’re calling home, odds are customs/immigration when you head home will try to do the exact same thing, too.

And the answer to everything is yes, always use a VPN if you don’t trust the network and you should never trust the network.

JeffKerman1999@sopuli.xyz on 16 Nov 22:57 collapse

Well china does it to everyone, in the western countries usually it is targeted to individuals.

schizo@forum.uncomfortable.business on 16 Nov 23:21 next collapse

For sure, just wanted to mention that it’s not just the China side of the trip you need to be vigilant about.

ComradeMiao@lemmy.world on 16 Nov 23:29 collapse

What else then?

ComradeMiao@lemmy.world on 16 Nov 23:31 collapse

Source? I would like to read more

NeoNachtwaechter@lemmy.world on 16 Nov 21:06 next collapse

Can I go to my public sites

I would not recommend. Remember, wherever you step, your feet are leaving traces. Your public sites may be a little too publicly well-known afterwards.

and/or VPN into my servers?

VPN’s might not work from there, or the use may be considered a crime.

TheButtonJustSpins@infosec.pub on 16 Nov 21:39 next collapse

Get a new phone for use while traveling, then dump it when you’re back home. Leave your services behind.

Semi_Hemi_Demigod@lemmy.world on 16 Nov 22:15 collapse

Leave it on some form of mass transit before you leave

[deleted] on 16 Nov 22:31 next collapse

.

neatchee@lemmy.world on 16 Nov 23:03 collapse

Do not bring your normal personal devices to China. They are notorious for injecting spyware on foreign devices at every opportunity. Use a freshly formatted device and create all new accounts to use with it.

Regarding services: do not use self-hosted services unless you you spin up fresh, isolated instances of your services for use while abroad and spin them down afterwards, including formatting any OS they were hosted on.

Regarding VPN: because we are assuming that any device used in China is compromised, do not connect to your VPN unless you have set up a segregated VLAN and are connecting through a VPN server instance created specifically for use while in China.

Basically, assume anything you use in China is compromised. And assume your connections are being monitored. And assume that any device you are connecting to from China is at risk of being compromised. So everything needs to be segregated from the rest of your network and set up specifically to be deleted after you’re back home.

ComradeMiao@lemmy.world on 16 Nov 23:31 collapse

Do you have any links to read more about this? Thanks for a very detailed response.

Is there anyway to bring my phone and laptop without this risk? I can totally format my laptop completely but can’t do that with my phone.

neatchee@lemmy.world on 17 Nov 00:51 collapse

Unfortunately, no, not really. They are absolutely able and willing to confiscate your devices at any time once you’re on Chinese soil, and once you’ve lost physical control, that’s the end of trust for that device. Even beyond that, it’s not unheard of for there to be vulnerabilities in Wi-Fi, Bluetooth, etc that make your device susceptible to wireless attacks. IMO it’s not worth the risk.

Here is just one example of this type of thing uncovered by The Guardian, New York Times, and others in a joint investigation: theguardian.com/…/chinese-border-guards-surveilla…