Some people my server admin uncle included believe that bringing any device to China automatically compromises it even if you reinstall a new OS. Is this warranted as some random person?

Can I go to my public sites and/or VPN into my servers?

Edit: I go there all the time. Also, I can take these precautions but I can’t expect my family to take them. What about family members phones?

A lot of great replies, thank you! Would love the read more specifics so I can know exactly the threats and my actions

Also, this is not an anti-China post. My field is Chinese related. Just learning more about the hosting side :)

  • omxxi@feddit.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    I’m wondering if this is a real threat, or a conspiracy theory. If it’s a real threat, wouldn’t be the same with the NSA?

  • Pixel@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    7 days ago

    A lot of these comments are downright unreasonable.

    It’s important to evaluate your threat model critically. The average tourist (that isn’t going to Western China) or student is not a target for surveillance or data extrication attempts, especially firmware level attacks that are very specific to devices and are expensive to research and implement.

    Companies tend to require employees to carry burner devices for international travel because that’s just good practice. You’re far more likely to lose your device when traveling, border officials have broad discretion to search for and access your devices, and companies tend to have high value information available to their devices past the corporate gateway, like trade secrets, technical designs, accounting records or employee data. That applies to any country, even Western countries.

    Take your privacy seriously, but the notion that anything that touches Chinese soil means your devices are instantly compromised is a bit of a fallacious claim. Critically evaluate your role, the information you carry and why you might be the target of anything.

    Anyways, as far as VPNs go - technically not illegal. Companies, universities, etc. all have sanctioned MLP gateways in Hong Kong to bypass the firewall. Every expat in China uses a VPN. There’s only one public case of anyone ever being arrested for using a VPN (and it was under a catch-all law), the others were all operators of ShadowSocks/V2Ray airports.

    Tailscale and WireGuard is dicey in Mainland China. If you’re just a short term visitor, just buy a 3HK roaming sim for China and call it a day. As a best practice, you don’t really want to expose your self hosted services to the web anyways, so I would probably not even bother trying to VPN from a mainland connection directly.

    I never got Plex or Jellyfin to work well on actual Mainland internet connections, simply because the Chinanet backbone that most people in China use is excruciatingly bottlenecked to the point that torrenting from other Chinese peers is just a much more pleasant experience.

  • Moonrise2473@feddit.it
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    When you enter China, you have to run their application on your phone to fill the immigration form. Way more convenient compared to the paper slip, right? 😉

    It’s this https://apkpure.com/zhong-guo-ling-shi/com.gov.mfa

    Luckily, you don’t need to install full malware but only medium malware, there’s a way to run it as a web app inside tencent WeChat by scanning a special qr code.

    I run this stuff inside insular because tencent is tencent and even on fully patched Android 15 without any file access permission they still manage to drop fingerprinting files disguised as images in /pictures/.gs_fs0

    For connecting to my servers, technically ssh on standard ports isn’t blocked (otherwise it would hurt their bots, no?) but I don’t want to show my server IP address, so I use a hysteria2 proxy hosted on a Oracle VM in the Japan datacenter. There are services like doggygo that rent access to those proxys for literal pennies (like $2 per month) but payment need to do with alibaba’s alipay or tencent wepay which is ultra traceable (linked to Chinese id+Chinese bank account+Chinese phone number) and very stupid. Honeypot?

    There are reports of evil maid attacks where a secret service agent poses as room cleaner in your hotel room and tampers with your laptop when you’re away, but for normal people this seems unlikely. Keep your electronics with you at all times, always use a VPN, check hashes of executables if really need to run them (better not) and you’re going to be ok