The Great Firewall of China (GFW) is a nickname given to China’s internet censorship system, which functions through legislation and internet filtering technologies.
Since 2003, the GFW has given Chinese authorities the power to monitor and restrict internet access in mainland China (Hong Kong and Macau are exempt).
The Great Firewall regulates and censors the internet by limiting, slowing, or completely blocking access to specific websites, applications and web services.
You can use our Great Firewall of China tool to test which websites are blocked in China in real-time.
How Does the Great Firewall Work?
Unlike the online censorship in some other countries, China’s Great Firewall has been around since the origins of the internet. As a result, it is built into the basic internet infrastructure of the country.
The Great Firewall uses a combination of five methods to block websites and apps:
- IP blocking: blocking IP addresses that resolve to specific URLs (websites).
- DNS spoofing: diverting traffic from one website to another, which practically blocks you from accessing a desired website or app.
- Keyword and URL filtering: scanning websites and URLs for specific terms.
- Deep packet inspection (DPI): inspecting the headers in data packets to detect the destination IP address (website).
- Manual actions: Chinese authorities employ thousands of workers to censor forbidden content.
The GFW doesn’t operate in a single or straightforward way, and the Chinese Communist Party (China’s ruling political party) maintains a high degree of secrecy about how its censorship functions.
From the outside looking in, these are some of the common methods used by the Great Firewall to block websites and services.
By combining these technologies and constantly upgrading its methods and infrastructure, China has managed to build the most effective and dynamic system of online censorship in the world.
Here’s a more detailed explanation the five methods used to block or censor content in China:
1. IP Blocking
China builds a blacklist of IP addresses which correspond to banned websites. If it sees you are trying to connect to these IP addresses, your traffic will simply be blocked.
If an IP address associated with a non-approved VPN are discovered, it is blocked too.
2. DNS Spoofing
When you connect to a website, the Domain Name System (DNS) is used to establish a connection between your device and the website’s IP address.
China can set DNS servers up to give faulty information for some DNS requests, which will prevent you from establishing a connection with the website.
3. URL Filtering
As well as blocking specific IP addresses, the GFW scans URLs for sensitive keywords. This means you may be able to access one part of a website, but not the pages that refer to content that the government would rather keep you from seeing.
4. Deep Packet Inspection & Injection
The Great Firewall can look through blocks of unencrypted data to identify flagged keywords using a process known as ‘deep packet inspection’. It can then stop any unwanted packets from being transmitted.
After identifying an unwanted connection, China can inject reset packets, to break the connection between you and the website you are visiting for a period of time.
5. Manual Actions
Much of the censorship carried out as part of the Great Firewall isn’t automated. The government hires staff specifically to scan the internet for content to add to its blacklist.
Does the Great Firewall Block Every VPN?
China’s Great Firewall actively blocks VPN connections, but it cannot block every VPN.
The Chinese government has been blocking VPNs to some degree since 2011, but this process has intensified since 2017 and early 2018.
During that time, the Chinese government ordered the Apple App Store to remove all VPN applications and threatened to block all VPN services that were not government-approved.
While it wasn’t successful in blocking all VPN services, many popular services are now unusable.
Even the VPNs with the most effective obfuscation tools occasionally fall victim to the Great Firewall’s censorship.
During times of political unrest, or on significant anniversaries such as June 4, the Chinese government cracks down on VPNs more intensely. Connecting to a VPN server will be harder, but the best VPNs usually find a solution reasonably quickly.
How Do the Top VPNs Beat the Great Firewall?
VPN services encrypt your internet traffic so the Great Firewall can’t see what you’re trying to access online.
The encrypted traffic is routed to a VPN server in another country before going to the website or service that you want to access. This hides the destination of the internet traffic from the Great Firewall, too.
The Chinese censors have learnt to identify some VPN connections.
Using Deep Packet Inspection, the censors can see certain indicators of VPN traffic, such as characteristics of particular VPN protocols.
As a result, the most reliable VPNs for China now use obfuscation technology to scramble VPN traffic and make it look like normal HTTPS internet traffic. This helps the data to go undetected.
PrivateVPN uses obfuscation to unblock YouTube in China.
Even with obfuscation, the Great Firewall still successfully blocks some VPN servers by blacklisting associated IP address ranges.
This means that one day a VPN server might work, and the next day it won’t. Some trial and error might be required when this happens.
What Is VPN Obfuscation?
VPN Obfuscation technology disguises your VPN traffic so it blends in with other forms of online traffic. Normal VPN encryption stops observers from reading your traffic, but obfuscation stops them from knowing it is VPN traffic at all.
A VPN that offers obfuscation technology will allow you to select an obfuscation protocol from the settings menu.
Without obfuscation, the Chinese Firewall will detect VPN traffic (through deep packet inspection) and block it.
VPN services use protocol obfuscation methods to scramble VPN data and mask it as regular HTTPS web traffic.
The two most common ways to obfuscate VPN traffic are:
- XOR: Also referred to as OpenVPN Scramble, XOR is an encryption algorithm often used to mask OpenVPN traffic.
- Obfsproxy: Developed by the Tor network, Obfsproxy works by adding a further layer of encryption to OpenVPN traffic using the “obfs4” wrapper.
Sometimes obfuscation protocols are also called ‘stealth’ or ‘camouflage’ protocols. All of the recommended VPNs above use obfuscation protocols.
Can You Beat the Great Firewall without a VPN?
There are other circumvention tools that can unblock websites and apps in China, but they’re usually not as effective as VPNs.
Most VPN alternatives don’t protect your privacy and aren’t guaranteed to work.
Here’s a list of five circumvention tools that can work in China:
- Proxies (Shadowsocks): One option is to use a proxy server, which spoofs your IP address but doesn’t encrypt your internet traffic.This means that your ISP – or the Chinese government – will be able to see what you’re doing online.The most effective proxy for China is called Shadowsocks, which uses the SOCKS5 internet protocol. Many VPNs actually incorporate Shadowsocks into their obfuscation protocols.
- Lantern: Lantern is a type of open-source peer-to-peer (P2P) software specifically built to circumvent web filters, and funded by the US government.It uses volunteers located in countries with a more open internet to share their bandwidth with users in high-censorship nations.Lantern is not an anonymity tool, so remember that your web activity is still visible to others.
- Mirror Websites: Some websites release copies or “mirrors” of their website if the original has been blocked by the Great Firewall. As long as the mirror site remains unblocked, users in China can still access it.
- TOR: The Onion Router (Tor) is a free web browser that anonymizes your internet activity by routing your web traffic through a network of random servers.While Tor is a safer option than using proxy servers or mirror websites, it comes with some major disadvantages.Firstly, Tor is much slower than most VPNs. It is very anonymous, but it isn’t very secure – which means you’ll need to do your research to use it safely.China also actively blocks access to Tor, which means you have to configure the browser’s advanced settings and use bridges to unblock websites. There is a good chance that you simply won’t be able to get it working, though.
- FreeBrowser: FreeBrowser is a free web browser for Android devices with built-in circumvention technology. It’s used by over 100,000 Android users, but user reviews are very mixed.It’s only a web browser, too – so your internet traffic outside of it will be blocked (or heavily restricted) in China.