EN 中文
← Blog

The 72-Hour Risk Behind the GFW

A new reason your network is the single most important piece of infrastructure you have.

In my post on running Claude Code behind the GFW, I ended with a line: “your network is the single most important piece of infrastructure you have.” Here’s a new reason that’s true.

If you run an agent like Codex — the kind that needs to stay online and does heavy web search — and you keep it running for more than 72 hours straight, your home network in China becomes a dangerous place to be. Given enough time, it can start to pick out your VLESS subscription and the traffic behind it.

I won’t pretend I understand the technical side of why. I don’t. But the part I want to stress is simple: running these tasks for a long time is high-risk. The longer one runs, the more your device stands out — until the network stops treating it as ordinary traffic and starts treating it as a target.

If you’re doing this, you may want to borrow what I do now — the MAC approach.

The logic: a network bans your device by its MAC address, the hardware ID every device broadcasts. Once that ID is banned, nothing else you change — node, proxy, subscription — gets you back on. The fix has to happen at that layer.

So I wrote a small LaunchDaemon that does one thing. It watches the WiFi association, and when the device has been fully disassociated for a few minutes — not a transient drop, a real lockout — it forgets the network and rejoins, which forces macOS to regenerate the Private Wi-Fi Address. New MAC, clean reconnect. It’s reactive, never scheduled: idle until you’re actually locked out, a ~30-minute cooldown after each rotation, and jitter on every interval so there’s no fixed cadence.

It’s a stopgap, not a cure — the real answer is a separate line dedicated to the heavy tasks. But it runs itself, and it buys back the 72-hour window.

墙后面的 72 小时风险

又一个理由,证明网络就是你最重要的基建,没有之一。

那篇讲在墙后面跑 Claude Code 的文章里,我最后写了一句:“在墙里面跑 AI agent,网络就是你最重要的基建,没有之一。”这里有一个新的理由,证明这句话是对的。

如果你运行像 Codex 或者其他这类 agent 任务,在需要联网并进行大量 web search 的情况下,持续运行超过 72 小时,那么你在国内的 Wi-Fi 环境就会变得非常危险。时间够长,它有可能会识别出你的 VLESS 节点订阅等信息。

technical 的原理我不太懂,也不装懂。但我想强调的是:长时间运行这类任务,风险很高。跑得越久,你这台设备越显眼 — 直到网络不再把它当成普通流量,而是当成一个要清掉的目标。

如果你在干这种活,你可能需要参考我现在的做法 — 就是关于 MAC 的这个方案。

逻辑是这样:网络是靠 MAC 地址封你的设备的,那是每台设备都会广播的一个硬件 ID。这个 ID 一旦被封,你换别的 — 节点、代理、订阅 — 都连不回去。修复必须发生在这一层。

所以我写了一个很小的 LaunchDaemon,只干一件事。它盯着 WiFi 的关联状态,当设备彻底掉线好几分钟 — 不是那种瞬断,是真被锁在外面 — 它就 forget 掉网络再重新加入,逼 macOS 重新生成一个 Private Wi-Fi Address。新 MAC,干净重连。它是反应式的,从不定时:没锁死就闲着,每次换完约 30 分钟冷却,每个时间间隔都加随机,没有固定节奏。

这是权宜,不是根治 — 真正的答案是给重任务单独拉一条线。但它自己跑,不用管,而且把那个 72 小时的窗口给你赚回来了。