[052c7028e]

When I was at Akamai about 5 years ago, I was involved in building the system for making their CDN compliant in China. There were two main features, and they were activated on all servers running inside mainland china (not HK, macau or Taiwan)

1. Logs of the CDN were sent in real time to the ministry of technology -- there was about a 15 minute delay if I remember correctly, and they could impose fines if they were delayed. The log included the url visited, the IP address of the visitor, and a few other things. Perhaps the user agent? I forget.

2. The ministry of technology had a special API to block URLs on the CDN. Basically, they provided a list of URLs that would return a 451, and of course those logs also went to the government.

No other country had this kind of access at the time, but it was considered critical for the business to continue to operate in China. As I understand it, these are required to comply with chinese government regulations, and other CDNs like Cloudflare and Cloudfront have also built similar capabilities. Perhaps jgrahamc can comment on what cloudflare did?

I feel quite guilty about being involved with that project, but the business was set on building it, so I did what I could to limit the blast radius. I would not be surprised if someone got arrested or was killed because of it.

[xwowsersx]

Glad you regret it. Not trying to rub it in as I don't think anything productive will come from self-flagellation, but this is truly awful and I think the US should have laws that make it a crime for any US corporation to participate in this sort of thing.

[052c7028e]

I was powerless to stop it. I was just a junior engineer, and it was decided by the CEO to do the project. So, actually, I feel I made the right choice -- I participated in the project but worked hard on making sure it was as limited as possible. I successfully advocated for several categories of logs to not be sent because they were not required by law.

So, yes, I regret I couldn't do more, but I don't regret the choices I made with the information I had and the position I was in.

[notRobot]

Just a stranger on the internet, but FWIW I'm proud of you. You did what you could, and you're cognizant of your actions.

[052c7028e]

Thank you.

[jasonhansel]

> I was powerless to stop it.

You couldn't have stopped someone from building it. But you could have refused to work on it on principle, or even have become a whistleblower.

Yes, doing so might have been infeasible for you, particularly if you couldn't risk a temporary loss of income. But your involvement was, nevertheless, a choice, and it's important to acknowledge that.

edit: If it was exactly 5 years ago, you may recall that, when you were working on this, China was starting to round up Uighurs to send them to concentration camps. Nobody should take working on this sort of thing lightly.

[derangedHorse]

If they refused the work and let someone else who cared less about limiting the amount of data, things would be worse.

Also what would whistleblowing do? A lot of companies were operating in China and followed similarly privacy-hostile regulation.

Also to bring up Uighurs in this is ridiculous. Logging ips and urls has no direct correlation with being able to round people up in concentration camps. It has nothing to do with what the Uighurs ideologies were, it has something to do with who they are and the cultural differences they had with mainland China.

To try and look down your nose at an engineer who did the best they could with the position they were in with the belief that there was more that could be done is just naive.

[jasonhansel]

You may recall that, when someone blew the whistle on Google Dragonfly, a censored search engine intended for use in China, the public outrage was enough to bring the project to a halt. The same might well have happened to Akamai.

Regardless: this whole attitude strikes me as an overly utilitarian outlook. Yes, if someone else handled the development, the consequences might well have been worse. But it is still wrong to participate in an injustice when you have the opportunity not to do so. "I was just following orders" is a pretty weak excuse.

Again, if the commenter had no other options because they couldn't risk the loss of income, that would be a good reason, but it isn't clear that that was the case.

I think it's pretty naive to assume that this project wouldn't have been used against the Uighur population, given how China has used extensive surveillance against them.

[xwowsersx]

I applaud you. I absolutely did not intend to rub it in or make you feel worse than you might already (which it sounds like you have little reason to). I admire you sharing your experience and being honest about it without beating yourself up too much. The world is made better by little decisions for the good like the ones you made. Thank you.

[danuker]

> I was powerless to stop it.

You could have found a new job, driving up their costs or delaying them slightly.

[notRobot]

And what purpose would that have ultimately served?

[danuker]

Sending a message, driving up their costs and delaying them slightly.

[wcerfgba]

Thanks for sharing your story. I am curious what you would do next time if you found yourself asked to build something that you found unconscionable? Would you refuse to work on the project?

Other engineering disciplines have a strong focus on 'engineering ethics' and it may be more acceptable in different branches of engineering to refuse to build something that you consider unethical. I do not know if there are any professional bodies or laws which protect the employment rights of individual engineers who refuse certain work on ethical bases. But I feel that software engineers should be able to exercise their conscience, reference a standard of professional ethical principles, and refuse to work on such projects.

[pototo666]

If I use a VPN like v2ray and write some crazy shit about Dictator Xi, is your system able to know what I write and who I am?

I'm very curious because many Chinese people including me are doing that daily.

[ospider]

That what I do on a daily basis, so far so good, I haven't been seized by the police for what I published outside of the Great Fire Wall.

[jeffrallen]

Akamai has very tight relations with the US Government. So what was probably happening is that the USG was fine with Akamai treating it's users like this because it was getting a copy of those URL filters and access logs too. Don't know if that should make you more in or less sorry for being involved.

(It would make me more sorry. Sorry.)

[stevewatson301]

While I wouldn't put any authoritarian moves beyond China's reach, the ICP recordal mechanism already requires government approval.

In that case, isn't it better for user privacy (not that anyone cares about it in China) to receive an ICP recordal but then wait for an actual request from law enforcement to turn over the logs?

Also, while you wouldn't see anyone from Amazon or Cloudflare comment on your thread, both have the ability to stream logs to a destination, and that is also exposed to customers, so I don't think they needed to build anything else.

[052c7028e]

All of the sites served had an ICP license. This is separate, and the CDNs in China have regulations specific to CDNs they need to comply with.

At the time, Akamai also had the capability to stream logs, but the ministry of technology required a specific, custom interface to receive them, which required engineering work, especially to do it for an entire country without the customers configuring it themselves. I would be extremely surprised if it required no engineering work at Amazon or Cloudflare to deliver the logs in the way they requested.

[slim]

Thank you. This is very informative. And don't feel guilty, nobody will get jailed for visiting a website. This is mostly for censorship.

[iopq]

There was a person in Beijing that was arrested for a post on Twitter. Government surveillance was able to track him down in real life, which I think is deeply troubling

[slim]

That's a post not a visit

[iopq]

There's really nothing stopping them from going after people who use VPNs. What are Chinese people going to do? Protest?

[nibbleshifter]

> This is mostly for censorship.

As if that makes if any better?

[jasonhansel]

This is kind of like saying, "don't feel guilty, this weapon won't be used for murder, it's mostly just for arson."