[toc] Also referred to as The Golden Shield, the project is a responsibility of The Ministry of Public Security (MPS).

The Great Firewall of China is controversial in that, while many see it as a human rights violation and causing international trade barrier, other regimes like Turkey, Cuba, Belarus, Zimbabwe, and Iran among others have admired and modeled on the technology.

In this piece, we not only delve deep to provide a thorough examination of the technical and historical aspects of The Great Firewall of China but also look at the role played by the leading VPN service providers to counter the project. We also share with you a list of the Top Ten blocked sites.

Historical Aspects Of The Great Firewall Of China

The Great Firewall of China is a massive surveillance and censoring project that got its inspiration from the great Deng Xiaoping’s saying “If you open the window for fresh air, you have to expect some flies to blow in.”

In the year 1997, The National People’s Congress (the sole legislative body in China) enacted the CL97 legislation that criminalized cybercrime in China. The CL97 law broadly classified cyber-crime to include crimes that target computer networks and crimes that are carried out over computer networks.

The state council also defines CL97 law as to include distribution of information considered “harmful to National Security’” as well the distribution of information that is “harmful to public order, social stability, and Chinese morality.”

The state Council is China’s administrative body tasked with the determination of what falls under the ambit of the law, and its decision does not require the approval of the NPC. It is the latter definition of CL97 “crimes carried out by computers” as regards cyber-crime that the government of China uses to justify its Great Firewall.

The year 2003 saw the Chinese government embark on the Golden Shield Project that involved the creation of a massive surveillance and censorship system with the help of western based companies.

The American based Cisco provided routers and Firewalls, Motorola provided wireless communication devices as the Canadian telecommunication giant Nortel played a fundamental role in the implementation of Great Firewall of China project.

In 2008 the government of China embarked on “Operation Tomorrow” aimed at curtailing the youth’s use of internet cafes to view content declared illegal as well as to play video games.

Internet café owners are required to register their entire customers in logs which are confiscated by the authorities at will. In China, youths under the age of 18 are not allowed in cyber cafés. The ban has resulted to the insurgence of underground “Black Web Bars.”

The Chinese government has used the Firewall to filter content and decide what its citizens can view and what they cannot. The firewall has been effective in blocking entire websites among them Facebook, YouTube, Twitter, and Yahoo.

Here you can find a list of websites both blocked and still working in China.

Technical Elements That Comprise The Great Firewall of China

The Great Firewall project continues to improve its censoring techniques by employing multiple methods.

China goes beyond blocking individual websites by applying techniques to scan URLS as well as web content pages for keywords that are blacklisted, thereby blocking such traffic.

The Firewall helps China to control the Internet Gateways where traffic moves between China and the rest of the world.

Methods used by the Chinese government to censor content

IP blocking

IP address blocking is among the easiest Great Firewall of China censorship process that involves dropping packets destined to blacklisted IP addresses by peering with gateway routers of ISP’s in China.

China injects IP blacklist via BGP (Border Gateway Protocol) using null routing. Null routes for destinations of a blacklisted IP address are transmitted into the network thereby forcing routers to drop all the traffic that is destined to the blocked IP address.

Though null routing blocks the outward bound traffic while allowing the inbound one, it is effective in blocking websites as most internet communication can only establish with a two-way interaction.

IP blocking is easy to implement as it is a minor burden for ISP’s and no special devices are required.

IP blocking has its share of weaknesses:

The blacklist of IP’s needs constant updating

Content providers can give ISP’s a hard time by choosing to change or rotate IP addresses

There’s the danger of China accidentally leaking the null routes to ISP’s in the neighboring countries.

DNS Tampering and Hijacking

DNS tampering is a technique that involves falsifying the response returned by the DNS server either through DNS poisoning or intentional configuration. The server lies about the associated IP address hence users are given a false address for censored sites.

The Great Firewall of China disturbs DNS resolution by use of DPI devices that are strategically deployed near all Gateways.

Thus, they can monitor each DNS query that originates from any end computer or DNS server inside China.

The technique is used to censor websites such as Facebook, Youtube, Twitter and much more.

If you’re in China and query, for instance, www.facebook.com, the Great Firewall of China will inject a fake DNS reply with an invalid IP address that arrives earlier than the legitimate one.

A combination of DNS tampering and IP blocking can censor blacklisted sites as well as servers at both the domain and IP level. Routers are also used by the Chinese government to disrupt unwanted communication.

Collateral DNS Damage

DNS techniques though powerful, can and have resulted in unintended consequences in various circumstances.

When the Chinese government employs DNS techniques, the Firewall has no capacity to distinguish between traffic going out of the country and incoming traffic.

It may result in Large-scale Collateral Damage that can affect communication beyond the censored networks.

A good example is where a Canadian-based resolver is required to resolve a query for a site and to do so; the resolver needs to contact a Top Level Domain (TLD) name server in the UK.

Should the path to the TLD authority happen to pass through China, on seeing the query, Great Firewall will automatically inject a false reply.

And since as discussed earlier, the fake DNS arrives earlier than the legitimate one, the Canadian resolver will accept, cache and return the incorrect response to the user. Thus the user will not reach the intended web server.

Deep Packet Inspection

China effectively uses Intrusion Detection System (IDS) to inspect packets of data in traffic so as to establish whether the content together with the keywords matches with those that are blacklisted.

The system is intelligent as it does not hinder transmission of data, but, rather focuses on establishing only blocked content.

It does this by inspecting the first HTTP GET request arriving after a TCP handshake and ignores HTTP responses as well as GET requests before a preceding handshake.

The Great Firewall of China can reassemble both IP fragments and the TCP segments for HTTP connections.

Though the deep packet inspection on-path systems like the one used by the Chinese government are advantageous for being efficient and less disruptive were they to fail, they can’t prevent in-flight packets already sent from reaching their intended destinations.

Manual enforcement

China has a massive internet police force of more than 50,000 employees that monitor online content. They have the power to delete offending content manually.

The police unit can order owners of offending sites and internet service providers to delete all materials that are thought to be offensive.

The government employs around 300,000 online commentators (50 cent party) whom they pay 50 cents per every post. The writers originate and post content that promotes the ruling communist party, counter government critics and politicians alike.

Self-Censorship

Internet censorship in China encourages self-censorship as citizens and visitors alike believe they are watched. Enforcement of censorship and the threat of implementation make individuals and businesses to exercise self-censorship to avoid legal and economic consequences.

China requires ISP’s and companies to exercise control and filter content to ensure that it meets the state guidelines for objectionable content.

Many entities that operate online activities in China have signed a public pledge for self-discipline. The commitment requires them to identify and prevent transmission of information that is deemed objectionable by the Chinese authorities.

Leading online platforms in China like Baidu have consciously worked to ensuring they meet the requirement of the state as regards censorship.

Top Ten Blocked Sites By The GFC

To check if a website is working or not in China is pretty simple. You can use a service like blockedinchina.net where you just type the url of the website and run a test to see if the website is censored or not. For your quick reference, we have carried out tests to identify the Top Ten blocked sites in China as follows:

Facebook

Not accessible from within main land China.

Wikileaks

Not accessible from within mainland China.

YouTube

Not accessible from within mainland China

Twitter

Not accessible from within mainland China.

Google

Not accessible from within mainland China.

Gmail

Not accessible from within mainland China.

Wikipedia

Not accessible within mainland China.

Dropbox

Not accessible within mainland China.

SnapChat

Not accessible within mainland China.

New York Times

Not accessible within mainland China.

VPN Regulation In China

With the Great Firewall, China restricts the freedom of expression.

The use of usernames and avatars is limited while online writers are required to register with their real names.

Access to social media networks like Facebook, Twitter, and YouTube is impossible as the Great Firewall blocks them. The only hope left for residents of China to bypass the extensive censorship is the use of VPN service.

It has been relatively easy for anyone in China armed with a VPN service to bypass censorship and unblocks websites and other online content of their choice.

However, early this year, China launched a 14-Month nationwide campaign against illegal internet connections including VPN services.

The Ministry of Industry and Information Technology in China released a notice to the effect that special cable and VPN service providers to get government approval. The move has the effect of making VPN services illegal.

Can the Chinese people use VPN services to bypass the Great Firewall?

We are yet to see what happens next as we know VPN service providers don’t take any war sitting down.

Their business involves among other things bypassing censorship and unblocking content for their clients.

Netflix slowly realizes that VPN services are non-relenting.

VPN services and how they bypass the Great Firewall is a topic in its entirety.

However, we can confidently report that the best VPN for China, the undisputed VPN for all situations – Express VPN is successfully bypassing the Great Firewall of China and helping Chinese people get access to their favorite websites and apps worldwide. Vyprvpn is another excellent China VPN with fast speeds and comes with NAT firewall for extra security.

ExpressVPN and Vyprvpn are at the moment the only two VPN providers that guarantee to successfully bypass the Great Firewall of China.

Conclusion On The Great Firewall Of China

China’s internet censorship is extreme owing to the wide variety of laws and administrative regulations that are firmly in place.

The government uses provincial branches of state-owned internet service providers (ISP’s) to implement the ever increasing regulations.

The communist party of China uses the Great Firewall as a powerful tool for consolidating power and shutting down on the opposition, political activists, and international influence.

Though the blocking of western companies has given China companies the opportunity to grow, the world is now a global village, and China is missing out on the big platform. The Great Firewall is not only an oppressive, backward and a violation of the freedom of expression; it is also a barrier on international trade.

VPN’s are a major solution for bypassing the extreme censorship for the savvier China residents.

With the affront on the VPN service providers and outlawing the use of the VPN services, we are set to witness a deadly game of cat and mouse between VPN service providers and the government of China.