The Great Firewall of China: What It Is and How to Get Around It
The Chinese government started its campaign to control the internet as early as 1998 with the “Golden Shield” project. In 2003, the first measures officially aimed at 'national security' were launched. However, it’s indisputable that the main goal of these is to censor content that the Communist Party deems undesirable. So, how does the so-called “Great Firewall” work? And more importantly, what can you do to circumvent it?
The “Great Firewall of China” is not just a piece of software—it’s the sum of all Internet censorship measures in China. These are omnipresent for private individuals and companies alike. In the past, companies (foreign ones in particular) enjoyed more freedom and were able to bypass censorship with relative ease. However, in recent years, accessing the free Internet has become increasingly problematic, even for non-Chinese entities.
One side effect of these censorship measures has been government-sanctioned support for Chinese IT concerns. Since websites like Google and Amazon are blocked, Alibaba, Tencent, and Baidu, all local to China, have enjoyed room to grow. The same applies to social media, with Weibo, WeChat, and Kuaishou (and their paid platforms) eclipsing leading US companies such as Facebook, Twitter, and YouTube.
Weibo is China’s answer to Twitter, but with significantly more censorship.
In this article, we’ll explain how the Great Firewall works, which websites it impacts, and how you can bypass it while traveling or visiting China.
How Does the Great Firewall Work?
The Great Firewall of China interferes with Internet traffic at various levels. In technical terms, it intercepts all data packets sent between the router and the gateway. This is done using the following methods:
- Blocked IP addresses (network blackholing) - If a website is deemed undesirable, the router can be configured to block all data packets to the IP address of its server. If someone tries to establish a connection with the server, they’ll typically see an error message.
- DNS spoofing - Let’s say you want to connect to www.nytimes.com. The request first goes to a local domain name system (DNS) server that provides the corresponding IP address. However, if the DNS server has been manipulated, it will provide a fake IP address and redirect the user to an alternative website that contains different content than the original site. In China, international news sites may be available in part, however, users will only be able to see certain articles or videos.
- DNS poisoning - Alternatively, the DNS server could return an incorrect IP address, causing the website to become unavailable.
- Deep Packet Inspection (DPI) – Software analyzes unencrypted data packets to and from a server. The packets are then copied and examined for prohibited keywords. If meta tags or the URL contain undesirable words such as “democracy” or “Tiananmen”, the software severs the connection. This can also occur when attempting to access sub-pages, even if the main page is approved.
- Self-censorship - For economic reasons, both Chinese and foreign companies engage in self-censorship by only providing content that complies with the law. This includes censoring any content critical of the regime.
In the Macau special administrative region (SAR), the Internet is not censored. Until recently, the Internet also wasn’t censored in the Hong Kong SAR. However, owing to political unrest in 2019, surveillance in the latter has increased. Since 2020, a law has been in place that allows the government to limit freedom of the press to a greater extent than before. Although Hong Kong remains freer than mainland China, it’s still advisable to protect your anonymity with a VPN while there.
Which Websites Are Blocked in China?
The Great Firewall blocks a wide range of services and content, which are regularly added to and updated. Some of these include:
- Almost all international news and press agency websites, such as the BBC, CNN, and Reuters.
- Major websites and service providers like Wikipedia and Google.
- Using our Internet censorship checker, you can find out if a specific website is blocked in China. Our Chinese servers in Beijing, Shanghai, and Shenzhen test whether it's possible to establish a connection.
- Generally speaking, the situation is very fluid. You may find that a website is accessible one day, and blocked a few days later.
How To Circumvent the Great Wall of China?
Of course, if you’re traveling to China as a tourist or for business, you’ll probably want to be able access your favorite apps and websites, like Gmail, Twitter, and Google Maps. You may also want to check international news sites that you regularly read at home. Accessing these sites and services is only possible in a roundabout way. We cover some of the methods you can use below.
The most common way to bypass the Great Firewall of China remains via a virtual private network (VPN). VPN providers maintain networks with servers located all over the world. Users of a VPN have their traffic redirected from their Internet provider to one of these servers, and from there, to the desired website. In addition, communication through a VPN is always encrypted, making it possible to significantly limit both IP blocking and surveillance.
NordVPN, the service which we awarded the highest rating, can also be relied upon while in China.
Nevertheless, it’s important to consider the following when using a VPN in China:
- Usually, government-approved VPN providers are only accessible to state-owned companies. Smaller, private providers don’t have permission to operate there, and it’s commonplace for them to be abruptly shut down. Since 2017, authorities have increasingly forced service providers to disconnect those using VPNs from the Internet.
- Before subscribing to a VPN, ensure that the service also works in China. EXPERTE.com offers a regularly updated overview of the best VPN providers to use in China.
- Be sure to install any VPN software before your trip; you might be unable to download the app in China should the website be blocked. If you forget, many providers offer what are called dynamic links. These links search mirror sites around the world to see which are currently blocked.
- Another way to install a VPN while in China is to connect via tethering with devices that are already VPN-capable.
- Obfuscation protocols can trick the Great Firewall's censorship software of the Great Firewall. With these, it's possible, for instance, to make it appear as though the user is participating in a video conference. A well-known application that uses these protocols is Obfsproxy. However, even this altered traffic can sometimes be detected and blocked by the Great Firewall.
Tor (the onion router) functions similarly to a VPN; it’s a distributed network with nodes all over the world. Each request is encrypted and travels to a node (entry point) through multiple servers, before reaching the exit node. Since traffic within the network can only be traced to the previous node, the user’s original IP address remains hidden. However, the traffic from the exit node to the end server is unencrypted. In China, you'll need to pay attention to the following:
- With increasing frequency, the government has begun to block access to relays (entry points to the Tor network). A type of data processing called deep packet inspection sifts through all Internet connections for code fragments that are unique to the Tor protocol. If a server is identified as a Tor server, it is immediately blacklisted by the Great Firewall.
- Similar to VPNs, Obfsproxy confuses the Great Firewall by obscuring traffic. However, it isn’t always successful.
- To achieve enhanced security, you can try simultaneously using a VPN and Tor. However, not all VPN providers allow access to Tor network. In addition, some websites block Tor users outright.
- Tor connections are typically slower than those of VPNs. That being said, Tor is free of charge.
You’ll surf slower, but more safely using Tor browser.
Another way to get around the Great Firewall is to access the Internet with mobile data and roaming. Roaming creates a kind of tunnel to the provider in your home country. This would, for example, assign the user a German IP address, which would not be affected by censorship.
- With its Google Fi service, Google offers excellent mobile coverage in China and a specific amount of mobile data, depending on the plan you choose. For example, one gigabyte costs $10, and the phone flat rate is $20. Should you have purchased a six or more gigabyte plan ($60), you'll be able to use up 15 gigabytes of data at no extra charge.
- Google struck a deal with the Chinese-based provider Unicom, ensuring data isn’t intercepted.
- While Google Fi used to be reserved for Google Nexus owners, it’s now available for iPhone and Android users as well, regardless of what sort of device they have. An embedded SIM card (eSIM) and a VPN are required because the activation must be completed from a US server.
- Some other reasonably priced roaming SIM cards (eSIMS) include AirBaltic Card, those from the French provider MySIM, and Surfroam. AirBaltic, for example, offers three gigabytes of data for 30 days for around $40.
Like VPNs, proxies act as middlemen (literally) between the client and server. However, not all proxies encrypt data packets with the same secure encryption algorithms that VPNs do. In addition, proxies don’t always hide the user’s IP address. The open-source proxy Shadowsocks, for example, uses the SOCKS5 protocol, which makes traffic look like HTTPS traffic. Compared to a VPN, proxies have the following advantages and disadvantages:
- In contrast to VPNs which use a few large servers, proxy connections utilize more servers that are better distributed and less conspicuous. Think of it in terms of delivering a secret package; VPNs can be compared to professional couriers with large delivery trucks and numerous warehouses, whereas proxies are more like a private network of friends delivering the package to the recipient using their own (unmarked) vehicles.
- Because proxy connections share fewer common characteristics than VPN connections, they’re more difficult for the Great Firewall to identify.
- That being said, a proxy protocol like Shadowsocks is harder to use, especially because you'll need some knowledge of Internet settings to wield it properly.
- Generally speaking, a proxy connection is faster than one achieved via VPN or Tor.
- While VPNs also encrypt app data and messages sent with an email client, among other things, surfing with a proxy only protects requests emanating from browsers.
- If you want to bypass the Great Firewall of China while preserving your anonymity and security, use both a VPN and a proxy.
Highly effective for all data
Only between the client and entry relay
Only among certain providers
Success in bypassing censorship
Depends on the provider
The Great Firewall of China censors sites that the Chinese government deems undesirable by blocking IP addresses and monitoring traffic. VPN services and proxies redirect traffic to foreign servers before it reaches its destination. Theoretically, this can circumvent censorship, however, VPN providers themselves have also recently experienced difficulties in the PRC.
Proxy connections bypass the Great Firewall more effectively, but offer less secure encryption. If you want to protect your sensitive data from surveillance, you should use a VPN provider that has a good track record in China. Should you simply want to surf without censorship, you can use a proxy, which also provides a fast connection. Another alternative is to use international data roaming, in which case it’s worth comparing providers to find the most cost-effective option. Unfortunately, Tor is unreliable (and slow) in China, even though connections can be established.
Why is the Internet censored in China?
The Chinese government uses censorship to prevent the spread of politically undesirable content. In addition, the blocking of US Internet giants such as Google and Facebook ensures that Chinese tech companies can dominate the domestic market without fear of external competition.
How can I find out if a website is blocked in China?
Check out our tool to determine if a particular website is blocked in China. We have servers located in three Chinese cities which we use to attempt a connection to the chosen site. However, it’s important to keep in mind that a website confirmed as available just moments ago may be blocked a few days later because it violated certain rules.
How can I bypass the firewall?
VPN services bypass the Great Firewall by using servers that are physically located outside of the PRC. Proxies work in a similar way, albeit on a different level, and only when it comes to browser-based traffic. Tor is another alternative, but connections are much slower in comparison. Those with an eSIM card that includes roaming can surf using their provider’s mobile data. This will avoid surveillance and censorship, however, it’s the most expensive method of the bunch.
Is it legal to use a VPN in China?
Officially, it’s not illegal to use a VPN in China. However, the government is aggressively cracking down on VPN providers and continually shutting down services. In addition, if a local Internet provider discovers that a VPN is being used, they may cut off the user’s Internet access. With that said, penalties or fines are rare.