Here’s Exactly How the Chinese Government Censors the Internet

Project Golden Shield a sophisticated censorship tool

There’s no doubt the Internet functions a whole lot differently in China. Since the late 1990s the Chinese government has actively censored the Internet, predominately by building what’s known as the Great Firewall, which is part of China’s larger Golden Shield Project.

The Golden Shield Project is operated by the Ministry of Public Security and its main mission is to block unfavorable incoming data from foreign countries. The Great Firewall, the most well-known element of the Golden Shield Project, references the network firewall that blocks content from passing through the necessary Internet gateways to access Chinese networks. It has also been referred to as “the Chinese autonomous routing domain.” This is an accurate depiction of the Chinese network behind the Great Firewall, because a routing domain is a collection of networked systems that operates under the control of a single administration. In this case, the Chinese government is the entity that runs Chinese networks and they utilize the Great Firewall to block content they deem unsuitable for citizens.

Here are some ways the Chinese Government censors the Internet in China:

    1. IP blocking – Access to a website’s IP address is denied, and all websites on the server that use the IP are blocked. VPNs or proxies can be used to bypass IP blocking in most cases, but the Chinese Government actively works to block these solutions.
    2. DNS Filtering and Redirection – DNS servers are used to facilitate the connection between a user’s computer and the website they’re trying to access. The Chinese government “hacks” ISP’s DNS servers to redirect users trying to access blocked websites to different websites of the government’s choosing.
    3. URL and Packet Filtering – Internet data is sent in “packets,” or formatted units of data. When packets of data contain restricted keywords (as designated by the Chinese government), the data is blocked. Likewise, if URLs contain restricted keywords, the URL and associated content is also blocked.
    4. VPN/SSH Traffic Recognition – The Chinese government is aware that users in China used VPNs and proxies to bypass the Great Firewall in the past. So they’ve developed a method of identifying VPN and SSH (encrypted) traffic and block this type of Internet traffic outright.

While the first three methods make the Great Firewall a comprehensive censorship tool, the addition of the 4th method, VPN/SSH Traffic Recognition, has been a significant issue for Chinese Internet users in recent years. Historically, users could utilize VPN services or proxies and access an open Internet. However, in 2012 China began to crack down on these services and reduced the number of options for bypassing the Great Firewall. The Chinese Government has also begun blocking websites that offer information or subscriptions to these VPN products.

Presently, there are few VPNs that work well in China. But there are a few working solutions that still exist, such as Golden Frog’s VyprVPN.

VyprVPN gives users over 200,000 IP addresses to connect to VyprVPN servers. These IP addresses are obtained from one of VyprVPN’s more than 50 global server locations, making it appear like the user is physically located in the same region as the server they’re connecting through. VyprVPN allows users to browse without a Chinese IP address, so they can connect to websites and online services without being subject to Chinese content restrictions and censorship. Users aren’t subject to URL and packet filtering either, as those restrictions are also tied to Chinese IP addresses. By using a non-Chinese IP address over the VyprVPN network instead of through China’s “autonomous routing domain,” users can avoid URL and Packet Filtering.

Another way China imposes censorship is through DNS manipulation, specifically filtering and redirection. As mentioned, a DNS server facilitates the connection between a user’s machine and a web server. This process is similar to a phonebook – when a user wants to call a friend whose number they don’t know, they can look in a directory for their name (analogous to typing in the name of the website) and can see the phone number (analogous to an IP address) needed to contact that individual – the only difference is that the DNS server does this automatically. Unfortunately, the Chinese government has access to the DNS servers used to connect to the Internet in China. For websites that are blocked in China, Chinese DNS servers are set to give users incorrect IP addresses (like a fake phone number). This redirects users to another website, usually stating the website is blocked. Fortunately, VyprVPN users in China don’t encounter this problem. VyprVPN owns, manages, and maintains a no-logging, proprietary DNS service, VyprDNS, which operates within the Golden Frog network and is safe from China’s DNS filtering, hijacking, and redirection techniques.

The most important reason VyprVPN works in China is Golden Frog’s proprietary VPN protocol, Chameleon. Chameleon is a variation of the OpenVPN-256 bit protocol, but it scrambles a user’s encryption metadata so it doesn’t appear to be VPN/SSH traffic. This prevents Chinese ISPs and network administrators from seeing the user is using a VPN. At the moment, unless a VPN can disguise itself in this way, there’s a strong likelihood that it will not work in China. This is why VyprVPN is one of the few global VPNs that works in China. Masking the SSH component of its traffic with the Chameleon protocol is the cornerstone that allows VyprVPN technology to work in China, and it does so without compromising connection speed or reliability.

The Chinese government has imposed a very tight lock on the country’s Internet. Without a quality VPN service, users have significant difficulty finding a way to browse a free and open Internet. Fortunately, some companies are actively developing new technology to fight outdated and harmful philosophies like mass censorship. Though the Chinese government may not evolve to a modern way of thinking, technology like VyprVPN exists to gives users everywhere access to a free, open Internet.

As a reader of The Nanfang, you are invited to use VyprVPN for free! VyprVPN is a premier, global VPN service that serves the Chinese community and helps users bypass the Great Firewall of China. As a member of The Nanfang community, you can claim 500MB of free VPN data each month by signing up for a free VyprVPN account via this link.


Publishing Partner

The World's Fastest VPN - Get a free VPN as a reader of The Nanfang.