Travel to Mainland China - Cyber Security

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
mc7
Posts: 32
Joined: Wed May 29, 2013 3:03 pm

Travel to Mainland China - Cyber Security

Post by mc7 » Sun Jul 15, 2018 1:42 pm

I will be traveling for work to mainland China.

For work systems and data, there are a variety of precautions I'll take. My question is about personal security and privacy.

On a previous trip, I left all personal devices behind and avoided logging in to any personal accounts during the entire trip. That may be the best option for this trip as well. But I don't like being totally disconnected from my personal email, so I was considering buying a burner phone, say a Nokia 2, keeping it on me at all times, and checking my GMail on it using Project Fi (which I've already set up on a Pixel).

On the pro side, Google has pretty good account security, and fully patched vanilla Android with no apps installed should be reasonable. On the con side, folks in the industry say that just about every device can still be compromised.

Since there are many wise, tech savvy, and security minded folks on Bogleheads, I'm curious what folks think of the "attack surface" of the above arrangement, above and beyond the compromises already involved in making the trip.

Thank you

mc7

urumbu
Posts: 37
Joined: Sun Feb 13, 2011 12:29 pm

Re: Travel to Mainland China - Cyber Security

Post by urumbu » Sun Jul 15, 2018 1:53 pm

If you were a worthy target , for anyone , you wouldn't be posting here ..

What's the concern here ? Chineee government spying on your personal email ?

Did you know that US government can confiscate devices are port of entry ? Why the special worry about China ?

User avatar
Don_Qua
Posts: 60
Joined: Mon Jul 22, 2013 2:42 pm

Re: Travel to Mainland China - Cyber Security

Post by Don_Qua » Sun Jul 15, 2018 2:41 pm

Although Project Fi can get you mobile data in China I highly doubt that you'll be able to access Gmail with it. The Chinese government and Google had a major falling out and any Google services don't get through the Great Firewall. When I was in China 4 years ago I could hit my Gmail account every few days on hotel WiFi but it was the exception and not the rule. My understanding is that in the last few years the Great Firewall has gotten much better at keeping out anything the Chinese government wants to keep out and they have forbidden firewall bypassing VPN's.

When I went to China (we were tourists and were there for a month) I left a PC on at home in the states running Teamviewer. I had no problem remoting into my PC and accessing Google, Blogger, GMail and anything else the Chinese government didn't approve of, don't know if this would still be the case. I was also able to use Google Translate in this way to translate Chinese websites, it was slow but it worked. I'm sure that if you're going to China for work purposes your employer's IT dept would frown on the method I used. You'll have access to a sanitized version of Bing in China but their translate function was conveniently disabled.

jebmke
Posts: 8279
Joined: Thu Apr 05, 2007 2:44 pm

Re: Travel to Mainland China - Cyber Security

Post by jebmke » Sun Jul 15, 2018 2:45 pm

I have used Teamviewer on an Android tablet to access a Windows PC; I've never tried it on a phone nor from China.
When you discover that you are riding a dead horse, the best strategy is to dismount.

mc7
Posts: 32
Joined: Wed May 29, 2013 3:03 pm

Re: Travel to Mainland China - Cyber Security

Post by mc7 » Sun Jul 15, 2018 2:53 pm

Thanks for the first hand experience and suggestions.

One thing I noticed last year was that my work phone had far greater access to Google services than locals'. This was in a major city, with lots of foreign business people. My hosts thought that it was because of my phone service provider; knowing that I was roaming with a major USA carrier, the Great Firewall granted me additional access. That's generally consistent with this report claiming Project Fi enabled access to Google services https://www.androidauthority.com/using- ... na-850456/ (although, if I remember right, corporate VPN also worked pretty well). Yes, Google and China have a big conflict over services for the Chinese public. Meanwhile Google actually has several offices there. It's complicated.

User avatar
Don_Qua
Posts: 60
Joined: Mon Jul 22, 2013 2:42 pm

Re: Travel to Mainland China - Cyber Security

Post by Don_Qua » Sun Jul 15, 2018 3:11 pm

jebmke wrote:
Sun Jul 15, 2018 2:45 pm
I have used Teamviewer on an Android tablet to access a Windows PC; I've never tried it on a phone nor from China.
I had a number of reasons for doing this. Sure, I was able to bypass the Great Firewall and use Google and Gmail but we were going to be gone for 3 months (we also went to the Philippines and Malaysia) so bills back home had to be paid, I wanted access to Quicken to record those bills too. We weren't on any tours so flights and hotel rooms had to be reserved and paid for, sometimes on the same day we'd use them. Accessing a US based travel site from overseas always got me billed in local currency which meant currency conversion fees. Reserving the same hotels and flights on a US based travel service from a US based IP got me billed in US dollars every time.

HEDGEFUNDIE
Posts: 638
Joined: Sun Oct 22, 2017 2:06 pm

Re: Travel to Mainland China - Cyber Security

Post by HEDGEFUNDIE » Sun Jul 15, 2018 3:13 pm

VPN is your best bet. Your home router may even have VPN server functionality, so that all traffic from your devices in China go through your home router and then back out to the public internet.

https://www.vpnuniversity.com/tutorial/ ... rs-asuswrt

Freefun
Posts: 324
Joined: Sun Jan 14, 2018 3:55 pm

Re: Travel to Mainland China - Cyber Security

Post by Freefun » Sun Jul 15, 2018 3:20 pm

Last time I was there i used nordvpn.
Remember when you wanted what you currently have?

02nz
Posts: 471
Joined: Wed Feb 21, 2018 3:17 pm

Re: Travel to Mainland China - Cyber Security

Post by 02nz » Sun Jul 15, 2018 3:35 pm

mc7 wrote:
Sun Jul 15, 2018 2:53 pm
One thing I noticed last year was that my work phone had far greater access to Google services than locals'. This was in a major city, with lots of foreign business people. My hosts thought that it was because of my phone service provider; knowing that I was roaming with a major USA carrier, the Great Firewall granted me additional access. That's generally consistent with this report claiming Project Fi enabled access to Google services https://www.androidauthority.com/using- ... na-850456/ (although, if I remember right, corporate VPN also worked pretty well). Yes, Google and China have a big conflict over services for the Chinese public. Meanwhile Google actually has several offices there. It's complicated.
I've noticed the same - roaming with T-Mobile (free but slow international data), Google Maps ad Gmail both worked. As soon as I switched to wifi (e.g. at a hotel) they ceased to work.

VPNs are kind of a cat-and-mouse game in China - one will work for a bit and then suddenly stop. Not aware of a major service that consistently works in China without fiddling.

GmanJeff
Posts: 140
Joined: Sun Jun 11, 2017 7:12 am

Re: Travel to Mainland China - Cyber Security

Post by GmanJeff » Sun Jul 15, 2018 3:51 pm

Just assume that any laptop and/or cell phone you bring with you will be compromised. Conduct no transactions unless you don't mind them being monitored. It's not possible to know with certainty what level of scrutiny you individually will receive, but there is no doubt that you will be unable to maintain any level of privacy if the government there chooses to target you. And, they have essentially infinite resources to devote to such things, and are indiscriminate - they vacuum up everything.

Of particular interest will be any employer intellectual property or proprietary information around technology, business plans, and any other information potentially of value to a current or future business competitor or nation-state adversary. Political content is also likely to arouse interest.
Last edited by GmanJeff on Sun Jul 15, 2018 6:11 pm, edited 1 time in total.

livesoft
Posts: 62297
Joined: Thu Mar 01, 2007 8:00 pm

Re: Travel to Mainland China - Cyber Security

Post by livesoft » Sun Jul 15, 2018 5:00 pm

I was in China last year. I didn't worry about it, but since gmail doesn't work in China, I got another non-gmail e-mail address for people to contact me.

Not only do I assume the Chinese government sees everything I do, I also know the US government does as well as recently confirmed be recent news reports.

While I was in China last year, I was asked to report to local police station. I didn't even bother.
Wiki This signature message sponsored by sscritic: Learn to fish.

criticalmass
Posts: 577
Joined: Wed Feb 12, 2014 10:58 pm

Re: Travel to Mainland China - Cyber Security

Post by criticalmass » Sun Jul 15, 2018 9:23 pm

The Chinese government aren’t the boogeyman, but if they want to compromise your device (and often they do for various reasons), they nearly unlimited cracking resources to do so. Still, they can’t do everything to everyone.

A burner phone, fully up to date, and used only for limited access is your best bet. Have several vpn alternatives. Understand that this still has limitations. Keep your correspondence, even private, on guard and never write/say anything their government could even remotely view as unwelcome while in country.

While the US could also spy on a device, practical resources are much more limited, and anything they do to you is subject to actual law and / or Constitution. Chinese government doesn’t bother with such restrictions.

Enjoy the trip and be safe.

German Expat
Posts: 602
Joined: Fri Oct 16, 2009 10:49 pm

Re: Travel to Mainland China - Cyber Security

Post by German Expat » Sun Jul 15, 2018 9:39 pm

I am currently in China (usually travel there once or twice a year). If you mobile phone is on a foreign carrier then the google tools will work (gmail, maps, youtube etc.). This assumes you have a data roaming contract that is not excessive expensive (Project FI etc). Very useful with maps and public transportation is also mapped out well.

As soon as you go on wifi (e.g. hotel or private wifi) it will stop working and you need a vpn (I use either our companies or nordvpn).

I am not too worried about phones or laptops getting hacked and the government here won't be interested in your Vanguard balance. If you work for a company that is a high profile target then most of them provide special laptops and phones that get wiped after you return. Also keep your phone on you and it will already be a bit harder to hack it compared to leaving it at the hotel (or even room safe).

flyingaway
Posts: 1871
Joined: Fri Jan 17, 2014 10:19 am

Re: Travel to Mainland China - Cyber Security

Post by flyingaway » Sun Jul 15, 2018 9:41 pm

If you use your phone with a U.S. carrier, such as T-mobile, you will be able to use Gmail, GoogleMap, etc, just like in the U.S. (roaming with a China mobile carrier).
However, if you use the Chinese network, such as the WiFi in hotels, you will not be able to use Gmail, GoogleMap, etc.
If your company in China is an international company, i.e., based outside China, the company's internet is likely to be able to get to Gmail.
Basically, the Chinese restrictions on internet accesses to outside world are mainly targeting the Chinese citizens, not the foreigners.

AddingUp
Posts: 67
Joined: Mon Aug 04, 2014 9:12 pm

Re: Travel to Mainland China - Cyber Security

Post by AddingUp » Sun Jul 15, 2018 10:28 pm

I spent the last year living and working in China. I used a VPN on my laptop and phone so I was able to access all the Google products without a problem. (NB: Google maps wasn't accurate....close but not exact.) I never had any reason to believe that any of my U.S. financial accounts were compromised, and I accessed them frequently, but only from my private apartment.

As others have mentioned, I'd suggest getting a VPN, but do so before you enter the Mainland.

User avatar
jharkin
Posts: 1775
Joined: Mon Mar 28, 2016 7:14 am
Location: Boston suburbs

Re: Travel to Mainland China - Cyber Security

Post by jharkin » Mon Jul 16, 2018 7:15 am

Ive been to China for work 3 times. I never took any of the precautions you are talking about... Im not Jason Bourne.....

Biggest thing is to realize certain sites like facebook will be blocked and to avoid any browsing or discussion of political topics while there. The only extra precaution I can think of is I didn't go into any of my financial accounts unless I was safely on our local office network. (Note however we had an office with a couple hundred staff and a VPN tunnel back to USA HQ. If you are depended only on the services locals use you may need to be more careful as described above)

User avatar
BolderBoy
Posts: 4021
Joined: Wed Apr 07, 2010 12:16 pm
Location: Colorado

Re: Travel to Mainland China - Cyber Security

Post by BolderBoy » Mon Jul 16, 2018 12:53 pm

HEDGEFUNDIE wrote:
Sun Jul 15, 2018 3:13 pm
VPN is your best bet. Your home router may even have VPN server functionality, so that all traffic from your devices in China go through your home router and then back out to the public internet.

https://www.vpnuniversity.com/tutorial/ ... rs-asuswrt
+1. VPN is the way to go.
"Never underestimate one's capacity to overestimate one's abilities" - The Dunning-Kruger Effect

GmanJeff
Posts: 140
Joined: Sun Jun 11, 2017 7:12 am

Re: Travel to Mainland China - Cyber Security

Post by GmanJeff » Mon Jul 16, 2018 2:04 pm

A VPN connection offers secure connectivity between the client PC/cell phone or other endpoint and the corporate network or other site you're connecting to but does nothing to secure the endpoint itself. If those endpoints are compromised, the security of the connection itself won't protect you from a keystroke logger or other malware which maybe surreptitiously placed onto the endpoint, which can then be used as a platform from which to not only access the data on the endpoint but can serve also as a point of entry into a corporate network through the VPN connection.

HEDGEFUNDIE
Posts: 638
Joined: Sun Oct 22, 2017 2:06 pm

Re: Travel to Mainland China - Cyber Security

Post by HEDGEFUNDIE » Mon Jul 16, 2018 11:01 pm

GmanJeff wrote:
Mon Jul 16, 2018 2:04 pm
A VPN connection offers secure connectivity between the client PC/cell phone or other endpoint and the corporate network or other site you're connecting to but does nothing to secure the endpoint itself. If those endpoints are compromised, the security of the connection itself won't protect you from a keystroke logger or other malware which maybe surreptitiously placed onto the endpoint, which can then be used as a platform from which to not only access the data on the endpoint but can serve also as a point of entry into a corporate network through the VPN connection.
You can control whether your endpoint is compromised with good internet and email hygiene habits. VPN solves the otherwise uncontrollable problem of your internet traffic being intercepted after it leaves your device.

golfCaddy
Posts: 696
Joined: Wed Jan 10, 2018 10:02 pm

Re: Travel to Mainland China - Cyber Security

Post by golfCaddy » Mon Jul 16, 2018 11:24 pm

This thread is ridiculous in multiple ways. What makes the OP so special? Is he the first boglehead Congressmen? Why does the OP think the Chinese government has a particular interest in his personal email account? Then, the responses are equally ridiculous. The Chinese government effectively controls the internet for a billion people. You think you can outsmart them? Because you did an internet search and read something about VPNs online?

Cunobelinus
Posts: 196
Joined: Tue Dec 04, 2012 5:31 pm

Re: Travel to Mainland China - Cyber Security

Post by Cunobelinus » Mon Jul 16, 2018 11:53 pm

golfCaddy wrote:
Mon Jul 16, 2018 11:24 pm
This thread is ridiculous in multiple ways. What makes the OP so special? Is he the first boglehead Congressmen? Why does the OP think the Chinese government has a particular interest in his personal email account? Then, the responses are equally ridiculous. The Chinese government effectively controls the internet for a billion people. You think you can outsmart them? Because you did an internet search and read something about VPNs online?
Pump the brakes.

Just because he might not be the CEO of a MegaCorp doesn't mean that he doesn't want (potentially) state-run malware on any electronic device that he brings into the country.

Don't bring any devices that you don't want compromised. Don't log into any websites with any credentials that you don't want compromised. People go away for months on end without having to log into websites -- you can think of what you really need to be able to access (if anything) while you're traveling, or leave your devices/logins with someone trusted at home. If you just want to have access to personal e-mail, use a proxy/burner e-mail account that you're forwarding specific e-mails to (probably nothing involved with 2FA for important accounts). VPNs are like whack-a-mole, with the state finding innovating ways to disable/disrupt them all the time, and the VPN companies making workarounds to permit access.

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged"
-Cardinal Richelieu
Last edited by Cunobelinus on Tue Jul 17, 2018 3:15 am, edited 1 time in total.

User avatar
MossySF
Posts: 2292
Joined: Thu Apr 19, 2007 9:51 pm
Contact:

Re: Travel to Mainland China - Cyber Security

Post by MossySF » Tue Jul 17, 2018 12:27 am

International data roaming is unblocked in China. I'm on T-Mobile which gives you free 2G speed data roaming in China (amongst many other countries) and using it, I can access Google, Youtube, Facebook and so on -- all the sites normally blocked using local internet services. The problem will be getting signal in smaller cities using international roaming. In Beijing, it worked pretty well. In Guangzhou and Shenzhen, it was spottier. In small towns & cities, it's random luck to get a connection.

So depending on which city, you could use a clean laptop and then VPN over your international data roaming hotspot if you really needed to deal with a work emergency.

criticalmass
Posts: 577
Joined: Wed Feb 12, 2014 10:58 pm

Re: Travel to Mainland China - Cyber Security

Post by criticalmass » Tue Jul 17, 2018 11:44 am

MossySF wrote:
Tue Jul 17, 2018 12:27 am
International data roaming is unblocked in China. I'm on T-Mobile which gives you free 2G speed data roaming in China (amongst many other countries) and using it, I can access Google, Youtube, Facebook and so on -- all the sites normally blocked using local internet services. The problem will be getting signal in smaller cities using international roaming. In Beijing, it worked pretty well. In Guangzhou and Shenzhen, it was spottier. In small towns & cities, it's random luck to get a connection.

So depending on which city, you could use a clean laptop and then VPN over your international data roaming hotspot if you really needed to deal with a work emergency.
Unblocked and note that end to end GSM / LTE security is conveniently turned off, making a good secure VPN even more important.

User avatar
MossySF
Posts: 2292
Joined: Thu Apr 19, 2007 9:51 pm
Contact:

Re: Travel to Mainland China - Cyber Security

Post by MossySF » Tue Jul 17, 2018 12:07 pm

If you're just accessing Google apps on your phone, they'll all be using SSL security already so the extra VPN is not needed.

Anything else you do will be a site-by-site, app-by-app choice.

If you use a VPN vendor, shrug -- who knows how secure they really are?

If you use your work VPN, you're probably restricted to work activities.

If you roll your own VPN server on your home computer, hopefully you won't make any mistakes.

TravelGeek
Posts: 2213
Joined: Sat Oct 25, 2014 3:23 pm

Re: Travel to Mainland China - Cyber Security

Post by TravelGeek » Tue Jul 17, 2018 3:03 pm

Cunobelinus wrote:
Mon Jul 16, 2018 11:53 pm

Pump the brakes.

Just because he might not be the CEO of a MegaCorp doesn't mean that he doesn't want (potentially) state-run malware on any electronic device that he brings into the country.

(...)

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged"
-Cardinal Richelieu
The Russians apparently call it Kompromat. The Chinese government may not have any particular plans for a particular visitor but collecting and analyzing data for "future reference" doesn't cost a lot and could prove valuable down the road. Not that I am implying that there is anything compromising that they could gather from "bugging" the OP, but just because I don't have anything to hide doesn't mean I would want my devices manipulated etc.

AddingUp
Posts: 67
Joined: Mon Aug 04, 2014 9:12 pm

Re: Travel to Mainland China - Cyber Security

Post by AddingUp » Tue Jul 17, 2018 3:46 pm

TravelGeek wrote:
Tue Jul 17, 2018 3:03 pm
Cunobelinus wrote:
Mon Jul 16, 2018 11:53 pm

Pump the brakes.

Just because he might not be the CEO of a MegaCorp doesn't mean that he doesn't want (potentially) state-run malware on any electronic device that he brings into the country.

(...)

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged"
-Cardinal Richelieu
The Russians apparently call it Kompromat. The Chinese government may not have any particular plans for a particular visitor but collecting and analyzing data for "future reference" doesn't cost a lot and could prove valuable down the road. Not that I am implying that there is anything compromising that they could gather from "bugging" the OP, but just because I don't have anything to hide doesn't mean I would want my devices manipulated etc.
Exactly! The WeChat app is ubiquitous in China, and if you're doing business with the Chinese, they expect you to install it on your phone and use it every waking moment. And that is monitored by the government (specifically those conversations in Chinese....not sure about those in English).

mc7
Posts: 32
Joined: Wed May 29, 2013 3:03 pm

Re: Travel to Mainland China - Cyber Security

Post by mc7 » Fri Sep 14, 2018 12:54 pm

Thanks to all those who took the question seriously and provided helpful suggestions. Of course, this is more interesting to the folks who take a belt-and-suspenders approach to privacy, I realize some bogleheads simply don't care. For my part, I am a senior executive at a large publicly traded corporation, corporate security doesn't do anything in particular to protect personal data, opinions differ among my highly technical colleagues, and I highly respect the opinions of many of the folks here on the forum. Of course, you don't have to be an executive to have your data harvested, as all of the unfortunate folks with security clearances learned in the Office of Personnel Management breach.

In the end, I brought a personal iPhone activated on AT&T (same provider as work phone). I did not notice any Great Firewall blocking of my cell data, and could freely connect to VPN. Supposedly this is linked to having a USA-based mobile plan; and I say USA because I compared notes with some colleagues from Europe and they said they were blocked (anecdotal of course). I took the extra precautions of only loading a few apps and wiping the phone on return, but not sure whether these extra steps were strictly necessary.

Yellowjacket1
Posts: 37
Joined: Sat Jul 28, 2018 2:54 pm

Re: Travel to Mainland China - Cyber Security

Post by Yellowjacket1 » Fri Sep 14, 2018 9:31 pm

I can’t speak to the OP’s issue Re cyber security. However, I can share about Chinese preoccupation with any and all Security.

My daughter and son-in-law lived in China for five years. My son-in-law was an attorney in a Chinese firm. Officially, my daughter was a teacher, and unofficially she was a missionary.

Several times they had the local police barge into their apartment. On other occasions they talked about things in their apartment that only they would know. These would be innocent things but somehow their “neighbor” knew about them. Yes, their apartment was bugged.

OP has every reason to be as cautious as possible, because even if he wasn’t atop level exec, he would be under surveillance.

Post Reply