Red Flag Linux Forced On Chinese Internet Cafes

iamhigh writes "Reports are popping up that Chinese Internet Cafes are being required to switch to Red Flag Linux. Red Flag is China's biggest Linux distro and recently received headlines for their Olympic Edition release. The regulations, effective Nov. 5th, are aimed at combating piracy and require only that cafes install either a legal version of Windows or Red Flag. However, Radio Free Asia says that cafes are being forced to install Red Flag even if they have legal versions of Windows. Obviously questions about spying and surveillance have arisen, with no comment from the Chinese Government."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:In other news

[SatanicPuppy]

...While number of licensed copies remains the same.

Another motive

[theapeman]

If I were some non-american government then I would prefer people to use Linux. Not because of any backdoors that I could put in it, but because I could be reasonably sure that there were no backdoors put in it by the US government.

Re:Poor Microsoft...

[Aphoxema]

Maybe it's the fact that Windows is an OS made from their good friends in the US, and Windows is proprietary, and we know how many Americans (US) feel about the risk of software working against you...

It's like the US Government buying Cisco routers made in China, how the US sabotaged a Russian oil pump station, there's only so much trust to be had, and when you have people from the Land of Microsoft being untrusting of Microsoft, how can you possibly expect a xenophobic, militant country to?

Next will be North Korea I bet.

Re:What "questions about spying and surveillance?"

[MightyYar]

What "questions about spying and surveillance?" TFA doesn't mention any.

Did you read the same article I did? From TFA:
It quoted Xiao Qiang, director of the California-based China Internet Project, as saying the new rules would help authorities regulate Internet cafes that now operate on the margins of the law, and allow them to undertake heightened surveillance.

3 full paragraphs in the article discuss surveillance.

Re:Easy Solution

[MBGMorden]

What good is a fork? The rest of the world generally isn't using Red Flag anyways and China isn't exactly all butterflies and tater tots when it comes to their directives.

If they say you have to use Red Flag, you'll be using Red Flag or they'll be "reeducating" you on just WHY you should be using it.

Re:Where Exactly is the Danger?

[ShieldW0lf]

I'm confused.

Are there concerns that the Chinese government are going to be spying on citizens using the open source Red Flag operating system, or are there concerns that using the closed source Windows operating system will allow some group to spy on the Chinese?

The second seems like a greater risk than the first.

Re:Great News

[Tubal-Cain]

Not when it isn't a voluntary adoption.

Re:Where Exactly is the Danger?

[Sylver Dragon]

Government recommendation: Hey, this stuff is pretty good. You guys should try it.

Government mandate: You will use this, regardless of how good or bad it is, or we will put a bullet in you.

Just a little different.

Also, that article you linked talked about an internal DoD recommendation. They don't really care what Happy Fun Time internet cafe is using.

I find that splitting

[windsurfer619]

up comments is confusing.

No danger whatsoever

[hackingbear]

The new rules that went into effect Nov. 5 are aimed at cracking down on the use of pirated software, said Hu Shenghua, a spokesman for the Culture Bureau in the city of Nanchang.

1. Common mistake #1: assuming whatever a little municipal government says equal what the Chinese central government says. REALITY: in China, local governments don't pay a shit to upper government and just make up whatever rule they want.
2. Common mistake #2: assuming this has anything to do with national security, censorship, etc. REALITY: it is just a marketing maneuver some company trying to get people buy into their products -- by making it officially required.
3. Common mistake #3; assuming any people actually pay a shit to this. REALITY: if so, they would have obey anything from tax laws to traffic laws first before worrying about this.

Welcome to China!

Re:Where Exactly is the Danger?

[X0563511]

Yep, just like the rootkit they would put in the windows machine.

I don't see a difference, only that the government is saying "you must use linux".

Really, what's the problem with that? I mean, it sucks... but it could be far worse...

Re:It's a silo. Anyone can set one up.

[Hognoxious]

And anyone can stand in front of a fucking tank.

Re:Poor Microsoft...

[ArsonSmith]

I don't think North Korea has a lot of computers at all. They don't even seem to have many light bulbs: http://www.globalsecurity.org/wmd/world/dprk/images/dprk-dmsp-dark.jpg [globalsecurity.org]

Re:You can't spot the obvious danger?

[chrb]

And you think that Yahoo, Google, Cisco, Microsoft etc. aren't in league with the PRC government? In order to do business in China, you have to do as the government say. Actually, it kind of works like that in every nation...

The backdoor fears are being overblown, this is open source after all. It would be trivial to compare the binary packages installed on one of the internet cafe computers with a standard Red Flag install to see if any have been modified. Then strace or disassemble the modified binary to find out what it is doing. If you're worried that the entire Red Flag distribution might be compromised, consider that the Chinese government is recommending that this distribution be used on government and corporate computers. If there were a deliberately introduced backdoor, then it is highly likely that either a Western security researcher, or the NSA, would find it, and then be able to gain access to the Chinese computers. Thus the Chinese government actually has a very strong motive to ensure that there isn't a generic backdoor. And again, finding such a backdoor would be trivial - all you have to do is compile your own distribution using the same versions of each source package, and then compare the output binaries. Having said that, Debian had a modified ssh package with a gaping security vulnerability for a long time before anyone noticed... but eventually someone did.

I really think that there is a higher risk of the Chinese government sneaking a backdoor into Windows through a Chinese-American employee of Microsoft, or through compromising a Chinese CDROM factory or OEM manufacturer, than of being able to covertly introduce a secret backdoor into an open source Linux distribution like Red Flag. Having the source makes hiding a backdoor very difficult - if they ever did introduce a backdoor, they would probably be quite blatant about it. And as for the Windows comparisons, we still don't really know what the _NSAKEY [wikipedia.org] was for.

OffTopic : Surveillance in GPL ?

[DrYak]

Slightly off-topic, but how in hell could you hope to succeed secretly be doing surveillance in an OPEN SOURCE software ? (GPL, in this case)

- As the source is accessible, surveillance functionality hidden in the source code would soon be discovered and published about. (Just as exploitable bugs are regularily cleaned)
- People would be free as per GPL to make surveillance-free forks of the code and publish "clean" versions of RFL (even more easy if these fix are done under non-Chinese jurisdictions)

Even if *indeed* there was surveillance in RFL, at least something could be done against it, thanks to the GPL. The Chinese would only be vulnerable if :
- either they are too lazy
- or the government explicitly states that the surveillance modules are mandatory (in which case it won't be a secret anymore).

Whereas, with proprietary Windows, the US could pretty much be already spying on the Chinese and nothing could be done against it to either prevent it or even detect it. The Chinese would be completely vulnerable to some foreign developers.

Re:No danger whatsoever

[alemaco]

Mod parent up. I live there. I can confirm.

Why is that even worth talking about?

[AlfredZhang]

Anyone cares to read the referred articles? This is only a move of a insignificant local government and is already criticized in many Chinese forums and online media sites. As a big country, things much weirder than this happens all the time. It is surprising why it gets singled out here. Yes, Chinese government heavily filters Internet connections and suppress any sites that it sees inappropriate, but it does NOT have to force linux on Internet cafe simply to spy on citizens. Believe me, it is much easier and inexpensive to spy on Windows machines. My suggestion: next time before you bring up something about a monarchy/communist/evil China, do some research.

Re:Spy and Malware.

[MaskedSlacker]

Non-sequitur. The fact that the integrity is easy to verify does not change the fact that they cannot get a clean copy. Knowing your copy isn't clean does you no good if there are no clean copies.

Re:The UI is Hilariously Windows-ish

[Belial6]

Yes, Microsoft is a growth company. I'm not convinced that they will be able to figure out how to make the transition to a mature industry.

Re:Where Exactly is the Debate?

[arth1]

Yes, there can and should be questions.
The first one to ask is "who would want this rumour, true or not, to be spread?"
The second one to ask is "do those who might benefit have a history of disinformation?"
The third one to ask is "if country X monitors hundreds of millions of PCs, where are all the millions of people doing the monitoring?"

China is a new capitalist society with roots in communism, and has quite a bit of baggage to deal with. Among them a propensity to overregulate everything, and likewise for the citizens to ignore all the regulations as long as no-one is watching.

I don't doubt for a second that the Chinese government can and will spy on some of its citizens, just like CIA, FBI, NSA and SS will over here. But they quite frankly don't have the infrastructure to do full scale computer surveillance, nor any need to -- if they want someone arrested, they simply arrest him or her. They don't need to collect evidence and convince a judge first.
And just like here, if they want to monitor internet traffic, doing it at the ISP or confiscating equipment is far easier than backdooring individual systems. For one thing, you don't need highly skilled agents capable of accessing back doors with the required finesse and understanding.

This whole article smells of FUD and agitprop. Sure, China is designated the new Big Evil, and the US needs another Enemy to believe in right now. But seeing Chinese government conspiracies in everything doesn't make it true, any more than seeing communist conspiracies in the 50s and 60s made that propaganda true.

My guess: A canton or city government decided to go linux, and chose Red Flag as their distro. Some zealous and cerebrally challenged bureaucrats (I know, a tautology) then interpreted that as an order. And a newspaper picked up the blunder, and wrote a note about it, which was then picked up and massaged to fit the desired perception by their western colleagues who like to post propaganda against the enemy du jour, because it sells ads. Our local Ministry of Truth won't interfere, as long as the bashing is against this year's designated foe.
ICBW, but it seems like a much simpler explanation.

And personally, I think China is on the road towards freedom, even if they stumble every now and then. But we need to keep in mind that it's going to be a long march.

Re:Where Exactly is the Danger?

[blind biker]

As I was saying earlier, I have Red Flag Linux 2.0. This is an old version, so what I say about it, may not apply to the current version 6.0. It does not come with sources.

I see many people here presume that Red Flag Linux is open source software. I think that's a whole lot of assuming without knowing jack.

Re:what is the ideological rationale

[shutdown -p now]

this makes it very different when the chinese use access: there is still an outside hand in what china does. with open source, an authoritarian regime doesn't have to listen to you or consult you at all

It doesn't have to do that with closed source, either.

Re:Where Exactly is the Danger?

[ShieldW0lf]

You give an inch and pretty soon people will advocate that the government can and should regulate any aspect of life. If the government can tell businesses what operating systems to run you, me, everyone on the internet has already as good as lost the fight for freedom online because if it wishes it can dictate the same to individuals for the very same reasons.

Yes, and people like you would have me buying whiskey with methanol in it, because regulations interfere with the rights of the still operator.