A Closer Look at China’s Internet Censorship

Yesterday, right after the Chinese government blocked Instagram, Gmail got blocked, as well. In the past, Gmail was working fine in China, at least partially, that is. Sometimes you did miss some emails and attachments, but Chinese users got used to it. This time, however, it is blocked on all ports, including SMTP, POP3, IMAP, as well as the Gmail apps for Android and iPhone.

Back in the 1980’s, one of Deng Xiaoping’s (the former president of China) favorite sayings was: “If you open a window, you have to expect some flies to blow in.” This saying is related to the economy reformation called “socialistic market economy.” The same principle applies to the Internet.

Over the years, China gained notoriety for online censorship. Usually when there was a major event (a riot or a protest, for example) it was followed by a blockage either temporarily or permanent. For example:

You might be asking yourself: How does China censor its Internet content?

The term Great Firewall (GFW) is used as a blanket term to describe the Internet Censorship in China. The magazine WIRED used it for the first time in an article back in 1997. Nowadays, not only do other countries use it, but Chinese media use this term, as well, to refer to the legislation and projects initiated by the Chinese government to regulate the Internet in Mainland China.

The Chinese government has never revealed the network structure of the GFW but it is believed that many international companies, including well-known American companies are a part of it (suspects include Cisco, Microsoft and Apple).

Some common methods of content filtering used by the Chinese government are:

  • DNS filtering/spoofing
  • URL filtering
  • IP blocking
  • Connection reset
  • SSL Man-in-the-middle

You may have heard of these methods before. What you might not have known, however, is that many of these country-wide blocks by the Chinese government have affected users not only in China, but in other countries as well, causing thousands to millions of users to not have access to Facebook, Twitter, Youtube and others for hours even days.

On March 16, 2010, the Chinese government attacked the mirror servers of root name servers F, I and J. It was a “successful” attack that ensured users in Mainland China wouldn’t be able to access Facebook and Twitter. A root name server is very similar to a router. It can use “anycast” to deliver (new) DNS records to its neighbors. Unfortunately, in this case, a DNS server of an upstream provider in Chile called Global Crossing learnt these records from an infected mirror server in China. This caused the DNS server to provide faulty DNS information. The owner of that mirror server in China, Netnod, had to shut down the server to recover the network.

Another high-profile attack happened about two months ago. The target was Apple.

When you tried to use iCloud web service in China. After you opened the website, your browser would tell you “Certificate Error! This certificate cannot be trusted” This was a very typical SSL Man-in-the-Middle attack. GreatFire.org actually has technical evidence proving this attack was carried out by the government of China (more info).

If you used Chrome, Firefox, or Safari, it would give you warning and prevent you from opening these pages but if you used IE or some other China-Based browsers, they would load the page directly.

Since I am a user of Google, Facebook, and Dropbox, and I travel between China and the U.S. often, how do I survive in China?

There are actually a couple of different ways you can bypass the Great Firewall of China:

Because Google has multiple IP addresses for one single service, such as Gmail, you can change the “hosts” file on your PC and keep trying until you can find an IP that works for you, although this is very time-consuming.

What I usually do is I buy a VPN account from a service provider in the states before I go back to China and always connect to my VPN when I need to access the blocked services. This is much faster than changing your “hosts” file.

Recently, however, I think I found the ultimate solution: T-Mobile.

T-Mobile doesn’t charge a penny for data when you travel abroad in most countries. When you use Internet on your phone, it goes through the T-Mobile Internet proxy first. In this way, T-Mobile acts as a VPN/Proxy. You can check your email, chat on Facebook, post your photos to Instagram, etc., as you if you were still in the states.

The question is not just how the people of China are dealing with the censorship, but also how China as a whole can survive without Internet within the current wave of globalization.