The Chinese Minister of Industry and Information Technology, Li Yizhong, has said that the fiat that all computers sold in his country after July 1 were required to have Green Dam Internet censoring software was just a great big misunderstanding.
Green Dam will be installed in school computers and those in public places, but computer buyers are not required to install it on their own machines, he said.
Almost from the moment the Ministry of Industry and Information Technology announced the requirement in May, there was push back from a wide range of places.
A U.S. firm, Solid Oak Software, of Santa Barbara, said June 12 that code from its CyberSitter software was ripped off and used extensively in Green Dam-Youth Escort. It sent cease-and-desist letters to U.S. PC manufacturers who were expecting to install it for the Chinese market. The company also launched lawsuits in the U.S. and China.
The staff at the company that created it, Jinhui Computer System Engineering Com of Zhengzhou, China, got harassing phone calls, including late-night death threats.
Most observers assumed that Green Dam was to prevent Chinese Internet users from seeing content critical of the government. The Chinese government already operates a “Great Firewall” to filter Internet content (including politically sensitive sites) but it can be bypassed.
Politics aside, there are serious problems with Green Dam:
— It has the capacity to monitor keystrokes.
— It logs the URLs of sites the user has attempted to reach.
— It uses unencrypted data transfer from clients to company servers.
— OpenNet Initiative said Green Dam can monitor activities in addition to Web browsing and can shut down applications.
— The black-list update process is vulnerable to compromise
— Exploit code was posted that compromises Internet Explorer on computers running Green Dam. It uses a stack overflow in the browser process triggered by an overly long URL. It works on Microsoft’s latest Vista operating system too.
June 16 we blogged that we classify Green Dam as a surveillance tool with a rating of “moderate risk” and we recommend that CounterSpy™ and VIPRE® users quarantine it.