A recent investigation carried out by OONI (Open Observatory of Network Interference) has revealed that China is no longer just blocking the Chinese language edition of Wikipedia, but has now blocked access to all different language versions of the site.
Using OONI’s free, open-source ‘Probe’ software, it has been testing out Wikipedia domains from a series of local vantage points in China since 2015. Its proprietary ‘Web Connectivity Test’ measures the various ways in which websites can be blocked, such as via TCP/IP, HTTP, and DNS.
Network measurement data (mainly collected from China Telecom) shows that although the Chinese edition of Wikipedia has reportedly been blocked since May 2015, most other language editions of the site were previously accessible in China.
From April 25th, however, the measurements collected for all subdomains of Wikipedia presented the same DNS anomalies, showing that DNS injection was being used to block Wikipedia domains.
Since these measurements were collected from inside China, OONI also ran a DNS injection test from outside of the country, pointing to an IP address in China. This is very fast, allowing over 2,000 Wikipedia domain names to be scanned in under a minute, determining which ones are blocked.
The results of this test showed that even though the blocks appeared to be targeting any subdomain and/or language edition of Wikipedia, they weren’t affecting any other Wikimedia resources (aside from zh.wikinews.org.)
China also appears to be blocking wikipedia.org subdomains regardless of whether they exist or not – as an example, OONI discovered that the made-up address doesnotexist.wikipedia.org was inaccessible. The IP addresses returned in the injected DNS responses were also unusual and had no noticeable pattern compared to what they’d seen before.
OONI also ran tests to validate their theory that China was additionally using SNI filtering to implement the blocks, which proved to be true. This means that it wouldn’t even be possible to access Wikipedia domains by encrypting your DNS traffic.
By using both DNS and SNI-based techniques, China Telecom has created several different layers of censorship that make it particularly hard to circumvent these blocks. The only possible solution OONI has suggested is an encrypted DNS resolver paired with Encrypted SNI (ESNI), but unfortunately this isn’t currently supported by Wikipedia.
Over recent years China has gained a reputation as the world’s strictest internet censor, with the Great Firewall blocking access to many popular websites such as Google, Twitter, and WhatsApp. These restrictions show no sign of easing up any time soon, with many Chinese residents rapidly running out of ways to access the free internet.