When you enter China, you have to run their application on your phone to fill the immigration form. Way more convenient compared to the paper slip, right? 😉

It’s this https://apkpure.com/zhong-guo-ling-shi/com.gov.mfa

Luckily, you don’t need to install full malware but only medium malware, there’s a way to run it as a web app inside tencent WeChat by scanning a special qr code.

I run this stuff inside insular because tencent is tencent and even on fully patched Android 15 without any file access permission they still manage to drop fingerprinting files disguised as images in /pictures/.gs_fs0

For connecting to my servers, technically ssh on standard ports isn’t blocked (otherwise it would hurt their bots, no?) but I don’t want to show my server IP address, so I use a hysteria2 proxy hosted on a Oracle VM in the Japan datacenter. There are services like doggygo that rent access to those proxys for literal pennies (like $2 per month) but payment need to do with alibaba’s alipay or tencent wepay which is ultra traceable (linked to Chinese id+Chinese bank account+Chinese phone number) and very stupid. Honeypot?

There are reports of evil maid attacks where a secret service agent poses as room cleaner in your hotel room and tampers with your laptop when you’re away, but for normal people this seems unlikely. Keep your electronics with you at all times, always use a VPN, check hashes of executables if really need to run them (better not) and you’re going to be ok

Do not bring your normal personal devices to China. They are notorious for injecting spyware on foreign devices at every opportunity. Use a freshly formatted device and create all new accounts to use with it.

Regarding services: do not use self-hosted services unless you you spin up fresh, isolated instances of your services for use while abroad and spin them down afterwards, including formatting any OS they were hosted on.

Regarding VPN: because we are assuming that any device used in China is compromised, do not connect to your VPN unless you have set up a segregated VLAN and are connecting through a VPN server instance created specifically for use while in China.

Basically, assume anything you use in China is compromised. And assume your connections are being monitored. And assume that any device you are connecting to from China is at risk of being compromised. So everything needs to be segregated from the rest of your network and set up specifically to be deleted after you’re back home.

Get a new phone for use while traveling, then dump it when you’re back home. Leave your services behind.

Can I go to my public sites

I would not recommend. Remember, wherever you step, your feet are leaving traces. Your public sites may be a little too publicly well-known afterwards.

and/or VPN into my servers?

VPN’s might not work from there, or the use may be considered a crime.

If your device is out of your sight, then yeah, you should probably assume it’s compromised.

Of course, that’s hardly JUST China doing funky shit with your devices, but depending where you’re calling home, odds are customs/immigration when you head home will try to do the exact same thing, too.

And the answer to everything is yes, always use a VPN if you don’t trust the network and you should never trust the network.

Removed by mod