Server access from China (lemmy.dbzer0.com)

submitted 1 month ago* (last edited 1 month ago) by abies_exarchia@lemmy.dbzer0.com to c/selfhosted@lemmy.world

29 comments fedilink hide all child comments

From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?

Edit: To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or something

you are viewing a single comment's thread
view the rest of the comments

[-] BaroqueInMind@piefed.social 7 points 1 month ago* (last edited 1 month ago)

People posting here don't realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.

Don't bring in any tech, don't access your personal net back home, don't expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.

[-] BuoyantCitrus@lemmy.ca 9 points 1 month ago

they likely have the capability to trivially decrypt TLS

Whoa. Anywhere to read more about this? Had not been paying close attention, didn't realise that was so starkly the case.

[-] BaroqueInMind@piefed.social 13 points 1 month ago* (last edited 1 month ago)

China blocks newer TLS and forces a TLS downgrade of a version they have decryption capabilities of - https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report

More info - https://gfw.report/publications/usenixsecurity23/en/

More - https://www.scmp.com/news/china/politics/article/2167240/chinese-police-get-power-inspect-internet-service-providers

Chinese cryptography law mandates packet inspection and supervison of all foreign telemetry - https://link.springer.com/chapter/10.1007/978-3-031-11252-2_4
https://en.m.wikipedia.org/wiki/Cryptography_law

If you are truly skeptical of one of the world's largest cyber threat actors with an enormous economy and large population of cyber security experts is or isnt capable of trivially decrypting TLS, I don't know how else I can convince you that they are capable.

[-] amino 1 points 1 month ago* (last edited 1 month ago)

really off-topic here, but as long as you factory reset a google pixel before leaving home why wouldn't you bring that with you?

AFAIK it's possible to detect government tampering by using GrapheneOS' Auditor

I'm asking in good faith but maybe it would be dangerous to stand out by running non-standard OSes

this post was submitted on 21 Jul 2025

74 points (100.0% liked)

Selfhosted

51250 readers

388 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz