Great Firewall

From Wikipedia, the free encyclopedia
(Redirected from Great firewall of china)

The Great Firewall (GFW; simplified Chinese: 防火长城; traditional Chinese: 防火長城; pinyin: Fánghuǒ Chángchéng) is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically.[1] Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic.[2] The Great Firewall operates by checking transmission control protocol (TCP) packets for keywords or sensitive words. If the keywords or sensitive words appear in the TCP packets, access will be closed. If one link is closed, more links from the same machine will be blocked by the Great Firewall.[3] The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google Search,[4] Facebook,[5] Twitter,[6] Wikipedia,[7][8] and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations.[9][10]

Besides censorship, the Great Firewall has also influenced the development of China's internal internet economy by giving preference to domestic companies[11] and reducing the effectiveness of products from foreign internet companies.[12] The techniques deployed by the Chinese government to maintain control of the Great Firewall can include modifying search results for terms, such as they did following Ai Weiwei’s arrest, and petitioning global conglomerates to remove content, as happened when they petitioned Apple to remove the Quartz business news publication’s app from its Chinese App Store after reporting on the 2019–2020 Hong Kong protests.[13][14]

The Great Firewall was formerly operated by the SIIO, as part of the Golden Shield Project. Since 2013, the firewall is technically operated by the Cyberspace Administration of China (CAC), which is the entity in charge of translating the Chinese Communist Party's doctrine and policy into technical specifications.[15]

As mentioned in the "one country, two systems" principle, China's special administrative regions (SARs) such as Hong Kong and Macau are not affected by the firewall, as SARs have their own governmental and legal systems and therefore enjoy a higher degree of autonomy. Nevertheless, the U.S. State Department has reported that the central government authorities have closely monitored Internet use in these regions,[16] and Hong Kong's National Security Law has been used to block websites documenting anti-government protests.[17]

The term Great Firewall of China is a combination of the word firewall with the Great Wall of China. The phrase "Great Firewall of China" was first used in print by Australian sinologist Geremie Barmé in 1997.[18][19] RedfishGroup's Stephen Guerin first described the internet filtering as a reversed "firewall" on CNN on Feb 9, 1996.[20]

History[edit]

A favorite saying of Deng Xiaoping's in the early 1980s, "If you open the window, both fresh air and flies will be blown in", is considered to be the political and ideological basis of the GFW Project.[nb 1] The saying is related to a period of the economic reform of China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Chinese Communist Party have had to be protected by "swatting flies" of other unwanted ideologies.[21]

The internet in China arrived in 1994,[22] as the inevitable consequence of and supporting tool for a "socialist market economy". Gradually, while Internet availability has been increasing, the Internet has become a common communication platform and tool for trading information.

The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4–6, are:

Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promoting the overthrow of the government or socialist system; undermining national unification; distorting the truth, spreading rumors, or destroying social order; or providing sexually suggestive material or encouraging gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.[23]

In 1998, the Chinese Communist Party feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control.[24] The CDP was immediately banned, followed by arrests and imprisonment.[25] That same year, the GFW project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the GFW project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System".[26] At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000–50,000 police were employed in this gigantic project.[27]

Fang Binxing

Fang Binxing is known for his substantial contribution to China's Internet censorship infrastructure, and has been dubbed "Father of China's Great Fire Wall".[28][29][30]

Origins of Chinese Internet law[edit]

China's view of the Internet is one of "Internet sovereignty": the notion that the Internet inside the country is part of the country's sovereignty and should be governed by the country.[12][31]

While the United States and several other western countries passed laws creating computer crimes beginning in the 1970s, China had no such legislation until 1997. That year, China's sole legislative body – the National People's Congress (NPC) – passed CL97, a law that deals with cyber crimes, which it divided into two broad categories: crimes that target computer networks, and crimes carried out over computer networks. Behavior illegal under the latter category includes, among many things, the dissemination of pornographic material, and the usurping of "state secrets."[32]

Some Chinese judges were critical of CL97, calling it ineffective and unenforceable. However, the NPC claimed that it intentionally left the law "flexible" so that it could be open to future interpretation and development. Given the gaps in the law, the central government of China relies heavily on its administrative body, the State Council, to determine what falls under the definitions, and their determinations are not required to go through the NPC legislative process. As a result, the Chinese Communist Party has ended up relying heavily on state regulation to carry out CL97.[33]

The latter definition of online activities punishable under CL97, or "crimes carried out over computer networks", is used as justification for the Great Firewall, and can be cited when the government blocks any ISP, gateway connections, or any access to anything on the internet. The definition also includes using the internet to distribute information considered "harmful to national security," and using the internet to distribute information considered "harmful to public order, social stability, and Chinese morality." The central government relies heavily on its State Council regulators to determine what specific online behavior and speech fall under these definitions.[citation needed]

The reasons behind the Internet censorship in China include:

  • Social control: the Internet is a means for freedom of speech, and dissemination of campaigns could lead to protests against the government.
  • Sensitive content: to control information about the government in China.
  • Economic protectionism: China prefers the use of local companies that are regulated by Chinese regulations, since they have more power over them, e.g. Baidu over Google.[citation needed][34]

Campaigns and crackdowns[edit]

As part of the Great Firewall, beginning in 2003, China started the Golden Shield Project, a massive surveillance and censoring system, the hardware for which was provided by mostly U.S. companies, including Cisco Systems. The project was completed in 2006, and is now carried out in buildings with machines manned by civilians and supervised by China's national police force, the Public Security Bureau (PSB). The main operating procedures of the gatekeepers at the Golden Shield Project include monitoring domestic websites, email, and searching for politically sensitive language and calls to protest. When damaging content is found, local PSB officials can be dispatched to investigate or make arrests. However, by late 2007, the Golden Shield Project proved to operate sporadically at best, as users had long adapted to internet blocking by using proxy servers, among other strategies, to make communications and circumnavigate to blocked content.[35]

Internet cafés, an extremely popular way of getting online in developing countries and where fewer people can afford a personal computer, are regulated by the Chinese government and by local Chinese government officials. Minors (in China, those under the age of 18) are not allowed into Internet cafés, although this law is widely ignored, and when enforced, has spurred the creation of underground "Black Web Bars" visited by those underage. As of 2008, internet cafés were required to register every customer in a log when they used the internet there. These records may be confiscated by either local government officials or the PSB. To illustrate local regulation of internet cafés, in one instance, a government official in the town of Gedong lawfully banned internet cafés from operating in the town because he believed them to be harmful to minors, who frequented them to play online games (including those considered violent) and surf the internet. However, internet cafés in this town simply went underground, and most minors were not deterred from visiting them.[36]

In May 2015, China indefinitely blocked access to the Chinese-language Wikipedia.[37] In 2017, China discussed plans for its own version of Wikipedia.[38][39] As of May 2019, all language versions of Wikipedia have been blocked by the Chinese government.[40]

Blocking methods[edit]

Active filtering[edit]

One function of the Chinese firewall is to selectively prevent content from being accessed. It is mostly made of Cisco, Huawei, and Semptian hardware.[41][42] Not all sensitive content gets blocked; in 2007, scholar Jedidiah R. Crandall and others argued that the main purpose is not to block 100%, but rather to flag and to warn, in order to encourage self-censorship.[43] An illustrative but incomplete list of tactics includes:

Method Description
IP range ban using black holes The Chinese firewall maintains a list of IP ranges that are automatically dropped (network black-holing).

Because of the complexity involved in maintaining a large, up-to-date banned network list with dynamic IPs (and as this method has proven incompatible with services using content delivery networks) it is usually used as a last resort, with other blocking methods preferred (such as filtering based on QoS).

DNS spoofing, filtering and redirection One part of the Chinese firewall is made of liar DNS servers and DNS hijackers returning incorrect IP addresses.[44] Studies seems to point out that this censorship is keyword-based.[45]

Contrary to popular belief,[46] foreign DNS resolvers such as Google Public DNS IP address 8.8.8.8 are reported to work correctly inside the country; however, these DNS servers are also subject to hijacking as their connections are not encrypted: DNS queries do reach the DNS server, but if the request matches a banned keyword, the firewall will inject a fake DNS reply before the legitimate DNS reply arrives. The vast majority of these fake responses contain public IP addresses of U.S. companies, including Facebook, Twitter, and Dropbox.[47]

Typical circumvention methods include modifying the Hosts file, typing the IP address instead of the domain name in a Web browser or using DNS over TLS/HTTPS.[48]

URL filtering using transparent proxies The Chinese firewall is made of transparent proxies filtering web traffic. These proxies scan the requested URI, the "Host" Header and the content of the web page (for HTTP requests) or the Server Name Indication (for HTTPS requests) for target keywords.[49]

Like for DNS filtering, this method is keyword-based. Encrypting the Server Name Indication (Encrypted Client Hello or ECH) can be used to bypass this method of filtering. It is currently in development by the IETF,[50] and is enabled by default for supported websites in Firefox and Chromium (Google Chrome, Microsoft Edge, Samsung Internet, and Opera).[51][52][53][54]

Quality of service filtering Since 2012, the GFW is able to "learn, filter, and block" users based on traffic behavior, using deep packet inspection.[55] This method was originally developed for blocking VPNs and has been extended to become part of the standard filtering system of the GFW. The method works by mirroring all traffic (using a network tap) to a dedicated analytics unit, that will then deliver a score for each destination IP based on how suspicious the connection is deemed to be. This score is then used to determine a packet loss rate to be implemented by routers of the Chinese firewall, resulting in a slowed connection on the client side. The method aims to slow down traffic to such an extent that the request times out on the client side, thus effectively having succeeded in blocking the service altogether.

It is believed that the analytics system is using side-channel (such as the handshake headers, and packet sizes) to estimate how suspicious a connection is.[56] It is able to detect traffic protocols (such as SSH tunneling, VPN or Tor protocols), and can measure the entropy of packets to detect encrypted-over-encrypted traffic (such as HTTPS over an SSL tunnel).

This attack may be resisted by using a pluggable transport in order to mimic 'innocent' traffic, and never connect to 'suspicious' IPs by always having the circumvention software turned on, yet not proxy unblocked content, and the software itself never directly connects to a central server.[57]

Packet forging and TCP reset attacks The Chinese firewall may arbitrarily terminate TCP transmissions, using packet forging. The blocking is performed using a TCP reset attack. This attack does not block TCP requests nor TCP replies, but sends a malicious TCP RST packet to the sender, simulating an end-of-connection.

Side channel analysis seems to indicate that TCP Resets are coming from an infrastructure co-located or shared with QoS filtering routers.[58] This infrastructure seems to update the scoring system: if a previous TCP connection is blocked by the filter, future connection attempts from both sides may also be blocked for short periods of time (up to a few hours).

An efficient circumvention method is to ignore the reset packet sent by the firewall.[59] A patch for FreeBSD has been developed for this purpose.[60]

Man-in-the-middle attack with TLS The Chinese National Intelligence Law theoretically allows the Chinese government to request and use the root certificate from any Chinese certificate authority,[61] such as CNNIC, to make MITM attacks with valid certificates.

Multiple TLS incidents have occurred within the last decade, before the creation of the law.

On 26 January 2013, the GitHub SSL certificate was replaced with a self-signed certificate in China by the GFW.[62]

On 20 October 2014, the iCloud SSL certificate was replaced with a self-signed certificate in China.[63] It is believed that the Chinese government discovered a vulnerability on Apple devices and was exploiting it.[64]

On 20 March 2015, Google detected valid certificates for Google signed by CNNIC in Egypt. In response to this event, and after a deeper investigation, the CNNIC certificate was removed by some browsers.[65] Due to the removal being based on proof and not suspicion, no other Chinese certificate authority has been removed from web browsers, and some have been added since then.[66]

This type of attack can be circumvented by websites implementing Certificate Transparency and OCSP stapling or by using browser extensions.[67]

Active probing[edit]

In addition to previously discussed techniques, the CAC is also using active probing in order to identify and block network services that would help escaping the firewall. Multiple services such as Tor or VPN providers reported receiving unsolicited TCP/IP connections shortly after legitimate use, for the purported purpose of network enumeration of services, in particular TLS/SSL and Tor services, with the aim of facilitating IP blocking. For example, shortly after a VPN request is issued by a legitimate Chinese VPN client and passes outbound though the Great Firewall to a hidden VPN IP, the Great Firewall may detect the activity and issue its own active probe to verify the nature of the previously unknown VPN IP and, if the probe confirms the IP is part of a blacklisted VPN, blacklist the IP.[68][69] This attack can be circumvented with the Obfs4 protocol, which relies on an out-of-band shared secret.[68][69]

Proxy distribution[edit]

The Great Firewall scrapes the IPs of Tor and VPN servers from the official distribution channels, and enumerates them.[70][71][72][73] The strategy to resist this attack is to limit the quantity of proxy IPs revealed to each user and making it very difficult for users to create more than one identity.[74][75][76] Academics have proposed solutions such as Salmon.[77][78][79][80] Dynamic IPs are quite effective to flush out from blacklists.

Goals, impact and resistance[edit]

Goal of the Firewall[edit]

Article 15 of a September 20, 2000 document from the Chinese State Council, posted by the Xinhua News Agency, lists 9 categories of information which should be censored, blocked, or filtered from access to the citizens using the internet within China:

  1. Opposing the basic principles as they are confirmed in the Constitution.
  2. Jeopardizing the security of the nation, divulging state secrets, subverting state power, or jeopardizing the integrity of the nation's unity
  3. Harming the honor or the interests of the nation
  4. Inciting hatred against peoples, racism against peoples, or disrupting the solidarity of peoples
  5. Disrupting national policies on religion, propagating evil cults and feudal superstitions
  6. Spreading rumors, disturbing social order or disrupting social stability
  7. Spreading obscenity, pornography, gambling, violence, murder, terror, or abetting the commission of a crime
  8. Insulting or defaming third parties, infringing on the legal rights and interests of third parties
  9. Containing any other content prohibited by law or administrative rules[81]

To filter this content, the Chinese government not only uses its own blocking methods, but also heavily relies on internet companies, such as ISPs, social media operators such as Weibo,[82] and others to actively censor their users.[83] This results in private companies censoring their own platform for filtered content, forcing Chinese internet users to use websites not hosted in China to access this information. Much of this information is related to sensitive topics.[84] The Great Firewall's goal is perceived by the Communist Party as helping to protect the Chinese population by preventing users from accessing these foreign websites which, in their opinion, host content which would be 'spiritual pollution', as well as information about these sensitive topics.[85] These topics include:

Specific websites blocked or filtered include many popular search engines, social media platforms, information-hosting sites, and video-hosting websites such as Google Search, Facebook, Wikipedia, YouTube, Twitter, and many more.

Impact on people in China[edit]

The Cybersecurity Law behind the firewall is targeted at helping increase internet user privacy, increase protections on personal data, and making companies more responsible for monitoring bad actors, in hopes to make the Internet a safer place for Chinese citizens.[89] Despite this, there have been growing criticisms that the actions of the Chinese government have only hurt Chinese free speech, due to increased censorship, and lack of non-sanctioned sources of information, such as Wikipedia and many English news sources.[90] This has resulted in reports of some cases of legal persecution of those charged with spreading this information.[85]

The Chinese government itself does legally support free speech; article 35 of the Constitutions of the People's Republic states that "citizens of the People's Republic of China enjoy freedom of speech, of the press, of assembly, of association, of procession, and of demonstration."[91] In recent decades, many criticisms of the Chinese government found that some of these laws are often abused. A study by PEN America claimed that "Some of the government's most rights-abusive laws are aimed at criminalizing free speech that — in the eyes of the government — encourages subversion, separatism, or rejection of the State’s authority."[84]

Censorship of sensitive topics in China has also been easier for the government because of the firewall and its filtering. Because the monitoring of social media and chat apps in China presents a possibility of punishment for a user, the discussion of these topics is now limited to the correct thought of the Communist Party, or one's home and private spaces, reducing the chance for information about these topics to spread, reducing any threat of protest against the Communist Party.[92][93] According to Yaqiu Wang, a prominent human rights researcher, there was a time in China where the internet provided a method for Chinese citizens to learn about the sensitive topics the government had censored in the news, through access to international news reports and media coverage. She claims that, in the past 10 years, it has been increasingly difficult to access second opinions on events, meaning that students rarely have the opportunity to learn diverging viewpoints — only the "correct" thought of the Communist Party.[92]

Economic impacts[edit]

The Great Firewall has also allowed China to develop its own major internet services, such as Tencent, Alibaba, Baidu,[94][95] Renren, Youku, and Weibo.[96]: 8  China has its own version of many foreign web properties, for example: Bilibili and Tencent Video (YouTube), Sina Weibo (Twitter), Moments[97] and Qzone (Facebook), WeChat (WhatsApp), Ctrip (Orbitz and others), and Zhihu[98] (Quora). With nearly one quarter of the global internet population (700 million users), the internet behind the GFW can be considered a "parallel universe" to the Internet that exists outside.[12]

Resistance[edit]

While the Great Firewall has had an impact on Chinese citizens' ability to use the internet to find information about sensitive topics about the Communist Party, it has not completely stopped them from doing so. The firewall itself has caused much frustration amongst both individuals and internationally operating companies in China, many of whom have turned to VPNs, speaking in codes,[99] and other methods to retain their access to the international internet.[100]

Circumvention[edit]

Methods for bypassing the firewall[edit]

Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Bypassing the firewall is known as fānqiáng (翻墙, "climb over the wall"), and most circumvention tools combine these two mechanisms:[101]

  • Proxy servers outside China can be used, although using just a simple open proxy (HTTP or SOCKS) without also using an encrypted tunnel (such as HTTPS) does little to circumvent the sophisticated censors.[101]
  • Freegate, Ultrasurf, Psiphon, and Lantern are free programs designed and experienced with circumventing the China firewall using multiple open proxies.
  • VPNs (virtual private networks) are one of the most popular tools used by Westerners for bypassing censorship technologies.[102] They use the same basic approaches, proxies, and encrypted channels used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.[101]
  • Tor partially can be used in China.[101][103] Since 2010, almost all bridges at TorProject.org are blocked through proxy distribution. Tor still functions in China using Snowflake,[104] independently published Obfs4 bridges and meek.[105][106][107][108]
  • I2P or garlic routing is useful when properties similar to Tor's anonymity are needed. Due to I2P being much less popular than Tor, it has faced little to no blocking attempts.

In 2017, the Chinese government declared unauthorized VPN services illegal, requiring VPN providers to obtain state approval.[109] Although China restricts VPNs, they remain widely used by private individuals.[110]: 109  State-owned enterprises or state institutions also use VPNs for official work.[110]: 109  The Chinese government has authorized several official VPN providers.[110]: 109  Those who develop or sell their own VPNs potentially face years in prison.[111]: 109 

Non-proxy circumvention strategies include:

  • Using encrypted DNS may bypass blocking of a few sites including TorProject and all of GitHub, which may be used to obtain further circumvention.[112] In 2019 Firefox released an update to make it easy to enable DNS over HTTPS.[113] Despite DNS over encryption, the majority of services remain blocked by IP.[114]
  • Ignoring TCP reset packets sent by the GFW. Distinguishing them by the TTL value (time to live), and not routing any further packets to sites that have triggered blocking behavior.[115]

Known blocked methods[edit]

  • The OpenVPN protocol is detected and blocked. Connections not using symmetric keys or using "tls-auth" are blocked at handshake, and connections using the new "tls-crypt" option are detected and throttled (under 56kbit/s) by the QoS filtering system.[citation needed]
  • GRE tunnels and protocols that use GRE (e.g., PPTP) are blocked.[citation needed]
  • TLS, the Great Firewall can identify the difference between HTTPS TLS and other implementations by inspecting the handshake parameters.[116][117][118][119]

Outside China[edit]

Off-target incidents[edit]

In 2010, a root name server run by Netrod in China started returning poisoned DNS results to global users, preventing users in Chile and the U.S. from accessing sites such as Facebook. The server was shut down to stop the poisoning.[120]

In 2014, two-thirds of China's DNS infrastructure began resolving unrelated domains to 65.49.2.178, an address owned by the US-based Dynamic Internet Technology, Inc., resulting in widespread internet outage in China. No damage to DIT services were reported despite what amounts to an accidental DDoS. While some sources attribute this incident to GFW's DNS poisoning,[121] others (mostly quoting Chinese sources) speculate this incident was somehow caused by DIT themselves.[122]

Exporting Great Firewall technology[edit]

Reporters Without Borders suspects that countries such as Cuba, Iran,[123] Vietnam, Zimbabwe, and Belarus have obtained surveillance technology from China, although the censorship in these countries is less stringent than in China.[124]

Since at least 2015, the Russian Roskomnadzor agency collaborates with Chinese Great Firewall security officials in implementing its data retention and filtering infrastructure.[125][126][127] During his visit to Beijing in June 2016, Vladimir Putin signed a joint communiqué with Xi Jinping on information space, followed by Russia’s National Forum for Information Security in October hosted by Fang Binxing, the architect of the Chinese Great Firewall.[128]

Especially since the 2022 Russian invasion of Ukraine, in order to enforce the war censorship law, Russian authorities were making an internet surveillance system akin to Chinese Great Firewall.[129]

Opposition[edit]

Critics have argued that if other large countries begin following China's approach, the whole purpose of the creation of the Internet could be put in jeopardy. If like-minded countries are successful in imposing the same restrictions on their inhabitants and globalized online companies, then the free global exchange of information could cease to exist.[130]

The United States Trade Representative's (USTR) "National Trade Estimate Report" in 2016 referred the China's digital Great Firewall: "China's filtering of cross-border Internet traffic has posed a significant burden to foreign suppliers."[131] Claude Barfield, the American Enterprise Institute's expert of International trade, suggested that the U.S. government should bring a case against the Firewall, a huge trade barrier, in the World Trade Organization in January 2017.[132] Eight of the 24 more trafficked websites in China have been blocked by the Great Firewall. This has created a burden to foreign suppliers who rely on these websites to sell their products or services. The lobby's 2016 business climate survey showed 79 percent of its members reported a negative impact on business due to internet censorship.[133]

According to Stephen Rosen, the GFW is reflective of the Chinese government's fear of civil disobedience or rebellion among the Chinese population against the Chinese Communist Party's rule:

If you want to know what people are worried about look at what they spend their money on. If you’re afraid of burglars you buy a burglar alarm. What are the Chinese spending their money on? We’re told from Chinese figures they’re spending on the People's Armed Police, the internal security force is about as big as they’re spending on the regular military. This whole great firewall of China, this whole massive effort to control the internet, this effort to use modern information technology not to disseminate information, empowering individuals, but to make people think what you want them to think and to monitor their behavior so that you can isolate and suppress them. That’s because this is a regime which is fundamentally afraid of its own people. And it’s fundamentally hostile to them.[134]

See also[edit]

Notes[edit]

  1. ^ Chinese: 打开窗户,新鲜空气和苍蝇就会一起进来。; pinyin: Dǎkāi chuānghù, xīnxiān kōngqì hé cāngying jiù huì yìqǐ jìnlái.
    There are several variants of this saying in Chinese, including "如果你打开窗户换新鲜空气,就得想到苍蝇也会飞进来。" and "打开窗户,新鲜空气进来了,苍蝇也飞进来了。". Their meanings are the same.

References[edit]

  1. ^ Clayton, Richard; Murdoch, Steven J.; Watson, Robert N. M. "Ignoring the great firewall of china". International Workshop on Privacy Enhancing Technologies.
  2. ^ Mozur, Paul (13 September 2015). "Baidu and CloudFlare Boost Users Over China's Great Firewall". The New York Times. Archived from the original on 24 January 2019. Retrieved 16 September 2017.
  3. ^ Clayton, Richard; Murdoch, Steven J.; Watson, Robert N. M. (2006). Danezis, George; Golle, Philippe (eds.). Ignoring the Great Firewall of China. Lecture Notes in Computer Science. Vol. 4258. Berlin, Heidelberg: Springer. pp. 20–35. doi:10.1007/11957454_2. hdl:1811/72793. ISBN 978-3-540-68793-1. {{cite book}}: |journal= ignored (help)
  4. ^ "google.com is blocked in China | GreatFire Analyzer". en.greatfire.org. Archived from the original on 5 August 2014. Retrieved 18 January 2020.
  5. ^ "How China's social media users created a new language to beat censorship on COVID-19". Amnesty International. 6 March 2020. Archived from the original on 3 April 2020. Retrieved 3 April 2020.
  6. ^ "China Blocks Access To Twitter, Facebook After Riots". Washington Post. Archived from the original on 19 September 2010. Retrieved 18 January 2020.
  7. ^ "Wikipedia founder defends decision to encrypt the site in China". The Verge. 4 September 2015. Archived from the original on 12 June 2018. Retrieved 17 April 2018.
  8. ^ Skipper, Ben (7 December 2015). "China's government has blocked Wikipedia in its entirety again". International Business Times UK. Archived from the original on 3 May 2018. Retrieved 2 May 2018.
  9. ^ Mozur, Paul; Goel, Vindu (5 October 2014). "To Reach China, LinkedIn Plays by Local Rules". The New York Times. Archived from the original on 13 June 2018. Retrieved 4 September 2017.
  10. ^ Branigan, Tania (28 June 2012). "New York Times launches website in Chinese language". The Guardian. Archived from the original on 4 September 2017. Retrieved 4 September 2017.
  11. ^ Denyer, Simon (23 May 2016). "China's scary lesson to the world: Censoring the Internet works". The Washington Post. Archived from the original on 6 December 2018. Retrieved 5 September 2017.
  12. ^ a b c Rauhala, Emily (19 July 2016). "America wants to believe China can't innovate. Tech tells a different story". The Washington Post. Archived from the original on 3 September 2017. Retrieved 5 September 2017.
  13. ^ Miller, Chance (9 October 2019). "Apple removes 'Quartz' news app from Chinese App Store". 9to5Mac. Archived from the original on 10 October 2019. Retrieved 10 October 2019.
  14. ^ Statt, Nick (9 October 2019). "Apple removes Quartz news app from the Chinese App Store over Hong Kong coverage". The Verge. Archived from the original on 10 October 2019. Retrieved 10 October 2019.
  15. ^ "How China's Internet Police Control Speech on the Internet". Radio Free Asia. Archived from the original on 20 June 2014. Retrieved 15 August 2018.
  16. ^ "China (includes Tibet, Hong Kong, and Macau) - Hong Kong". U.S. Department of State. Archived from the original on 1 July 2019. Retrieved 29 July 2018.
  17. ^ "Hong Kong police use national security law for first time to block access to website recording anti-government protests, officers' details". South China Morning Post. 9 January 2021. Retrieved 13 January 2021.
  18. ^ Lanfranco, Edward (9 September 2005). "The China Yahoo! welcome: You've got Jail!". UPI. Archived from the original on 10 August 2017. Retrieved 9 August 2017.
  19. ^ Barme, Geremie R.; Ye, Sang (6 January 1997). "The Great Firewall of China". Wired. Archived from the original on 1 January 2016. Retrieved 29 December 2015.
  20. ^ "CNN - China roadblocks the Internet - Feb 9, 1996". www.cnn.com. Retrieved 1 May 2022.
  21. ^ R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
  22. ^ "中国接入互联网". China News Service. Archived from the original on 19 February 2014. Retrieved 28 August 2013.
  23. ^ "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  24. ^ Goldman, Merle Goldman. Gu, Edward X. [2004] (2004). Chinese Intellectuals between State and Market. Routledge. ISBN 0415325978
  25. ^ Goldsmith, Jack L.; Wu, Tim (2006). Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press. p. 91. ISBN 0-19-515266-2.
  26. ^ Website, Adsale Corporate. "Adsale Corporate Website - Adsale Group". www.adsale.com.hk. Archived from the original on 2 May 2020. Retrieved 24 May 2020.
  27. ^ "What is internet censorship? - Amnesty International Australia". 27 April 2015. Archived from the original on 27 April 2015. Retrieved 28 December 2023.
  28. ^ Qiang, Xiao (20 December 2010). "'Father' of China's Great Firewall Shouted Off Own Microblog". China Digital Times (CDT). Archived from the original on 25 December 2019. Retrieved 24 October 2019.
  29. ^ "'Father' of China's Great Firewall Shouted Off Own Microblog – China Real Time Report – WSJ". The Wall Street Journal. 20 December 2010. Archived from the original on 19 November 2017. Retrieved 25 December 2010.
  30. ^ "防火墙之父"北邮校长方滨兴微博遭网民"围攻" (in Chinese). Yunnan Information Times. 23 December 2010. Archived from the original on 21 July 2011. Retrieved 20 May 2011.
  31. ^ Denyer, Simon (23 May 2016). "China's scary lesson to the world: Censoring the Internet works". The Washington Post. Archived from the original on 6 December 2018. Retrieved 2 September 2017.
  32. ^ "Criminal Law of the People's Republic of China (1997)". www.npc.gov.cn. Retrieved 3 January 2024.
  33. ^ Keith, Ronald; Lin, Zhiqiu (2006). New Crime in China. Routledge Taylor & Francis Group. pp. 217–225. ISBN 0415314828.
  34. ^ Anderson, Daniel. Splinternet Behind the Great Firewall of China: Once China opened its door to the world, it could not close it again. Queue.
  35. ^ August, Oliver (23 October 2007). "The Great Firewall: China's Misguided — and Futile — Attempt to Control What Happens Online". Wired Magazine. Archived from the original on 2 April 2015. Retrieved 1 April 2015.
  36. ^ Cody, Edward (9 February 2007). "Despite a Ban, Chinese Youth Navigate to Internet Cafés". The Washington Post. Archived from the original on 20 December 2014. Retrieved 1 April 2015.
  37. ^ Smith, Charlie (18 June 2015). "We Had Our Arguments, But We Will Miss You Wikipedia". Huffington Post. Archived from the original on 19 June 2015. Retrieved 31 December 2018.
  38. ^ Toor, Amar (4 May 2017). "China is building its own version of Wikipedia". The Verge. Archived from the original on 4 September 2017. Retrieved 4 September 2017.
  39. ^ Watt, Louise (4 May 2017). "China is launching its own Wikipedia – but only the government can contribute to it". The Independent. Archived from the original on 10 December 2018. Retrieved 3 November 2017.
  40. ^ "Search result not found: China bans Wikipedia in all languages". Washington Post. Archived from the original on 7 June 2019. Retrieved 6 June 2019.
  41. ^ Herman, Arthur. "Huawei's (And China's) Dangerous High-Tech Game". Forbes. Archived from the original on 15 May 2019. Retrieved 8 October 2019.
  42. ^ "Cisco, Huawei and Semptian: A Look Behind the Great Firewall of China". C5IS. 15 December 2014. Archived from the original on 14 July 2019. Retrieved 8 October 2019.
  43. ^ Oliver Farnan; Alexander Darer; Joss Wright (2016). "Poisoning the Well". Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society - WPES'16. pp. 95–98. doi:10.1145/2994620.2994636. ISBN 9781450345699. S2CID 7275132.
  44. ^ "how to unblock websites in China". pcwizardpro.com. 26 January 2018. Archived from the original on 27 January 2018. Retrieved 27 January 2018.
  45. ^ "The Great DNS Wall of China - Analysis of the DNS infrastructure" (PDF). Archived (PDF) from the original on 3 April 2019. Retrieved 1 June 2019.
  46. ^ "8.8.8.8 goes pretty well in the Chinese market. (8 being a popular number.) I th... | Hacker News". news.ycombinator.com. Archived from the original on 26 March 2020. Retrieved 31 May 2019.
  47. ^ Hoang, Nguyen Phong; Niaki, Arian Akhavan; Dalek, Jakub; Knockel, Jeffrey; Lin, Pellaeon; Marczak, Bill; Crete-Nishihata, Masashi; Gill, Phillipa; Polychronakis, Michalis (3 June 2021). "How Great is the Great Firewall? Measuring China's DNS Censorship". arXiv:2106.02167 [cs.CR].
  48. ^ Hoang, Nguyen Phong; Polychronakis, Michalis; Gill, Phillipa (1 February 2022). "Measuring the Accessibility of Domain Name Encryption and Its Impact on Internet Filtering". arXiv:2202.00663 [cs.NI].
  49. ^ "What is the Great Firewall of China and why you should care". xeovo.com. Retrieved 2 January 2024.
  50. ^ "draft-ietf-tls-esni-03 - Encrypted Server Name Indication for TLS 1.3". Ietf Datatracker. Archived from the original on 6 June 2019. Retrieved 13 June 2019.
  51. ^ "Encrypted SNI Comes to Firefox Nightly". Mozilla Security Blog. 18 October 2018. Archived from the original on 24 March 2020. Retrieved 11 February 2020.
  52. ^ "Encrypt that SNI: Firefox edition". The Cloudflare Blog. 18 October 2018. Archived from the original on 14 February 2020. Retrieved 11 February 2020.
  53. ^ "How to disable TLS Encrypted ClientHello in Google Chrome using PowerShell". Chaser Systems Ltd. 9 October 2023.
  54. ^ "Feature: TLS Encrypted Client Hello (ECH)". Chrome Platform Status. Google. 12 December 2023. Retrieved 21 February 2024.
  55. ^ Arthur, Charles (14 December 2012). "China tightens 'Great Firewall' internet control with new technology". guardian.co.uk. London: The Guardian. Archived from the original on 10 September 2013. Retrieved 8 March 2013.
  56. ^ "My Experience With the Great Firewall of China". blog.zorinaq.com. Archived from the original on 1 July 2016. Retrieved 1 June 2019.[self-published source]
  57. ^ "How the Great Firewall of China is blocking Tor" (PDF). Archived (PDF) from the original on 27 January 2022. Retrieved 27 January 2022.
  58. ^ "Ignoring TCP RST send by the firewall" (PDF). Archived (PDF) from the original on 11 June 2019. Retrieved 1 June 2019.
  59. ^ "zdnetasia.com". zdnetasia.com. Archived from the original on 8 October 2009. Retrieved 13 June 2011.
  60. ^ "FreeBSD patch - ignore TCP RST". Archived from the original on 29 June 2008. Retrieved 1 June 2019.
  61. ^ "Cyber-security Law of the People's Republic of China". www.dezshira.com. 11 January 2018. Archived from the original on 1 June 2019. Retrieved 1 June 2019.
  62. ^ "GitHub SSL replaced by self-signed certificate in China | Hacker News". News.ycombinator.com. Archived from the original on 5 July 2014. Retrieved 15 June 2013.
  63. ^ "Chinese MITM Attack on iCloud - NETRESEC Blog". Netresec. 20 October 2014. Archived from the original on 29 March 2020. Retrieved 10 June 2019.
  64. ^ CVE-2014-4449
  65. ^ "TLS certificate blunder revisited – whither China Internet Network Information Center?". nakedsecurity.sophos.com. 14 April 2015. Archived from the original on 21 October 2018. Retrieved 18 October 2018.
  66. ^ "1128392 - Add GDCA Root Certificate". bugzilla.mozilla.org. Archived from the original on 24 March 2020. Retrieved 1 June 2019.
  67. ^ "Certificate Patrol - a psyced Firefox/Mozilla add-on". patrol.psyced.org. Archived from the original on 13 June 2019. Retrieved 7 July 2019.
  68. ^ a b Wilde, Tim (7 January 2012). "Knock Knock Knockin' on Bridges' Doors". Tor Project. Archived from the original on 13 January 2012. Retrieved 3 May 2018.
  69. ^ a b "Learning more about the GFW's active probing system | Tor Blog". blog.torproject.org. Archived from the original on 8 October 2019. Retrieved 8 October 2019.
  70. ^ "28c3: How governments have tried to block Tor". YouTube. 28 December 2011. Archived from the original on 29 March 2020. Retrieved 17 February 2020.
  71. ^ "Roger Dingledine - The Tor Censorship Arms Race The Next Chapter - DEF CON 27 Conference". YouTube. 15 November 2019. Archived from the original on 29 March 2020. Retrieved 17 February 2020.
  72. ^ "#32117 (Understand and document BridgeDB bot scraping attempts) – Tor Bug Tracker & Wiki". trac.torproject.org. 16 October 2019. Archived from the original on 27 March 2020. Retrieved 21 January 2020.
  73. ^ "Jinyang Li - Censorship Circumvention via Kaleidoscope". YouTube. Archived from the original on 23 May 2020. Retrieved 24 May 2020.
  74. ^ "Tor Games" (PDF). people.cs.umass.edu. Archived (PDF) from the original on 17 February 2020. Retrieved 17 February 2020.
  75. ^ "Data" (PDF). www-users.cs.umn.edu. Archived (PDF) from the original on 12 June 2019. Retrieved 17 February 2020.
  76. ^ "Info" (PDF). censorbib.nymity.ch. Archived (PDF) from the original on 17 March 2016. Retrieved 24 May 2020.
  77. ^ "Info" (PDF). censorbib.nymity.ch. Retrieved 24 May 2020.
  78. ^ "Frederick Douglas - Salmon: Robust Proxy Distribution for Censorship Circumvention". YouTube. 10 October 2016. Archived from the original on 4 February 2019. Retrieved 24 May 2020.
  79. ^ "Tor Project | Implementing Salmon as a bridge distribution mechanism". Archived from the original on 26 June 2020.
  80. ^ "Salmon: Robust Proxy Distribution for Censorship Circumvention (PETS 2016) · Issue #33 · net4people/BBS". GitHub.
  81. ^ "Measures for the Administration of Internet Information Services". Congressional-Executive Commission on China. 25 September 2000. Retrieved 21 April 2021.
  82. ^ Griffiths, James (20 March 2019). "Weibo's Free-Speech Failure". The Atlantic. Retrieved 21 April 2021.
  83. ^ FORBIDDEN FEEDS: Government Controls on Social Media in China," PEN America. (March 13, 2018) p. 33.
  84. ^ a b FORBIDDEN FEEDS: Government Controls on Social Media in China," PEN America. (March 13, 2018) p. 24.
  85. ^ a b Abbott, Jason (30 April 2019). "Of Grass Mud Horses and Rice Bunnies: Chinese Internet Users Challenge Beijing's Censorship and Internet Controls". Asian Politics & Policy. 11: 162–168. doi:10.1111/aspp.12442. S2CID 159308868.
  86. ^ Xiao, Qiang (30 April 2009). "Baidu's internal monitoring and censorship document leaked". China Digital Times. Retrieved 20 April 2021.
  87. ^ Shu, Catherine (3 June 2019). "A Look at the many ways China suppresses online discourse about the Tiananmen Square protests". Tech Crunch. Retrieved 20 April 2021.
  88. ^ FORBIDDEN FEEDS: Government Controls on Social Media in China," PEN America. (March 13, 2018) p. 41-42.
  89. ^ Wang, Hairong (17 January 2013). ""Legal Firewall" Beijing Review". Beijing Review. Retrieved 21 April 2021.
  90. ^ Pan, Jennifer; Roberts, Margaret (January 2020). "Censorship's Effect on Incidental Exposure to Information: Evidence from Wikipedia". SAGE Open. 10. doi:10.1177/2158244019894068.
  91. ^ "CONSTITUTION OF THE PEOPLE'S REPUBLIC OF CHINA". People's Daily. December Archived 2020-06-09 at the Wayback Machine (4, 1982) Archived from the original on August 12, 2010. Retrieved April 20, 2021.
  92. ^ a b Wang, Yaqiu (1 September 2020). "In China, the 'Great Firewall' is Changing a Generation". Politico. Retrieved 20 April 2021.
  93. ^ "Freedom of Expression in China: A Privilege, Not a Right". Congressional-Executive Commission on China. Retrieved 20 April 2021.
  94. ^ Denyer, Simon (23 May 2016). "China's scary lesson to the world: Censoring the Internet works". The Washington Post. Archived from the original on 6 December 2018. Retrieved 5 September 2017.
  95. ^ Chen, Te-Ping (28 January 2015). "China Owns 'Great Firewall,' Credits Censorship With Tech Success". WSJ. Archived from the original on 21 November 2017. Retrieved 2 September 2017.
  96. ^ Shi, Song (2023). China and the Internet: Using New Media for Development and Social Change. New Brunswick, NJ: Rutgers University Press. ISBN 9781978834736.
  97. ^ Hoskins, Peter; Fan Wang (29 July 2023). "WeChat: Why does Elon Musk want X to emulate China's everything-app?". BBC News. Retrieved 30 July 2023.
  98. ^ Millward, Steven (12 January 2017). "China's answer to Quora now worth a billion bucks". Tech in Asia. Archived from the original on 4 September 2017. Retrieved 4 September 2017.
  99. ^ Lyden, Jacki; Xiao, Qiang (September 7, 2013). “In China, Avoiding The ‘Great Firewall’ Internet Censors” NPR Podcasts Transcripts. Retrieved April 20, 2021.
  100. ^ Li, Yan (6 April 2016). "Chinese Voice Frustration Over 'Great Firewall'; Many Internet users criticize intensified blocking of foreign websites". The Wall Street Journal Online. Retrieved 20 April 2021.
  101. ^ a b c d "Splinternet Behind the Great Firewall of China: The Fight Against GFW" Archived 2017-09-20 at the Wayback Machine, Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
  102. ^ "Tech in Asia - Connecting Asia's startup ecosystem". www.techinasia.com. Archived from the original on 29 March 2020. Retrieved 20 January 2020.
  103. ^ "r/TOR - Does Tor still work in China?". reddit. 16 April 2018. Archived from the original on 4 September 2019. Retrieved 11 November 2019.
  104. ^ "DEF CON 30 - Roger Dingledine - How Russia is trying to block Tor". YouTube.
  105. ^ "Conference paper" (PDF). www.usenix.org. Archived (PDF) from the original on 28 October 2019. Retrieved 24 May 2020.
  106. ^ "28c3: How governments have tried to block Tor". YouTube. 28 December 2011. Archived from the original on 23 May 2020. Retrieved 24 May 2020.
  107. ^ "Test obfs4 reachability (#29279) · Issues · Legacy / Trac". February 2019.
  108. ^ "Circumventing Internet Censorship with Tor". Retrieved 3 December 2022 – via www.youtube.com.
  109. ^ Ye, Josh (January 2017). "China tightens Great Firewall by declaring unauthorized VPN services illegal". South China Morning Post. Retrieved 21 April 2021.
  110. ^ a b c Šebok, Filip (2023). "Social Control and Propaganda". In Kironska, Kristina; Turscanyi, Richard Q. (eds.). Contemporary China: a New Superpower?. Routledge. ISBN 978-1-03-239508-1.
  111. ^ Šebok, Filip (2023). "Social Control and Propaganda". In Kironska, Kristina; Turscanyi, Richard Q. (eds.). Contemporary China: a New Superpower?. Routledge. ISBN 978-1-03-239508-1.
  112. ^ "How to Use DNSCrypt to Prevent DNS Spoofing in China | Tips for China". www.tipsforchina.com. 13 May 2019. Archived from the original on 17 February 2020. Retrieved 17 February 2020.
  113. ^ Deckelmann, Selena (2 April 2019). "DNS-over-HTTPS (DoH) Update – Recent Testing Results and Next Steps". Future Releases. Archived from the original on 7 January 2020. Retrieved 20 January 2020.
  114. ^ "Archived copy" (PDF). dnsencryption.info. Archived from the original (PDF) on 26 October 2020. Retrieved 15 January 2022.{{cite web}}: CS1 maint: archived copy as title (link)
  115. ^ "Ignoring the Great Firewall of China" Archived 2017-09-09 at the Wayback Machine, Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20–35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
  116. ^ "Defcon 21 - Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine". YouTube. 16 November 2013. Archived from the original on 7 July 2016. Retrieved 24 May 2020.
  117. ^ "32C3 - How the Great Firewall discovers hidden circumvention servers". YouTube. 24 April 2016. Retrieved 24 May 2020.
  118. ^ "Data" (PDF). tlsfingerprint.io. 2019. Archived (PDF) from the original on 27 February 2019. Retrieved 24 May 2020.
  119. ^ "Anti-Censorship & Transparency - Roger Dingledine". YouTube. Archived from the original on 22 December 2021. Retrieved 24 May 2020.
  120. ^ McMillan, Robert (26 March 2010). "After DNS problem, Chinese root server is shut down". Computerworld.
  121. ^ Leyden, John. "DNS poisoning slams web traffic from millions in China into the wrong hole". www.theregister.com.
  122. ^ Carsten, Paul. ""Massive Internet mishap sparks Great Firewall scrutiny in China"". Reuters. Retrieved 22 January 2014.
  123. ^ "Iran To Work With China To Create National Internet System". www.rferl.org. Retrieved 30 September 2020.
  124. ^ "Going online in Cuba: Internet under surveillance" (PDF). Reporters Without Borders. 2006. Archived from the original (PDF) on 3 March 2009.
  125. ^ Soldatov, Andrei; Borogan, Irina (29 November 2016). "Putin brings China's Great Firewall to Russia in cybersecurity pact". The Guardian. ISSN 0261-3077. Retrieved 4 July 2017.
  126. ^ "China: The architect of Putin's firewall". Eurozine. 21 February 2017. Retrieved 10 December 2019.
  127. ^ "Russia's chief internet censor enlists China's know-how". Financial Times. 29 April 2016. Archived from the original on 11 December 2022. Retrieved 10 December 2019.
  128. ^ "China: The architect of Putin's firewall". www.eurozine.com. 21 February 2017. Retrieved 24 December 2023.
  129. ^ "War censorship exposes Putin's leaky internet controls". Associated Press. 14 March 2022.
  130. ^ "The Great Firewall of China". Bloomberg. Archived from the original on 31 March 2018. Retrieved 2 April 2018.
  131. ^ Barfield, Claude (29 April 2016). "China's Internet censorship: A WTO challenge is long overdue". TechPolicyDaily.com. Archived from the original on 30 April 2016. Retrieved 26 January 2017.
  132. ^ Barfield, Claude (25 January 2017). "China bans 8 of the world's top 25 websites? There's still more to the digital trade problem". American Enterprise Institute. Archived from the original on 26 January 2017. Retrieved 26 January 2017.
  133. ^ Martina, Paul (8 April 2016). "U.S. says China internet censorship a burden for businesses". Reuters. Reuters. Archived from the original on 2 April 2018. Retrieved 23 March 2018.
  134. ^ Kristol, Bill (30 November 2018). "Stephen Rosen interview". Conversations With Bill Kristol. Archived from the original on 25 March 2020. Transcript. Retrieved 26 October 2019.
  135. ^ Internet censorship in China

Further reading[edit]

  • Griffiths, James, "The Great Firewall of China: How to Build and Control an Alternative Version of the Internet", Zed Books (May 2019).
  • Nilekani, Nandan, "Data to the People: India's Inclusive Internet", Foreign Affairs, vol. 97, no. 5 (September / October 2018), pp. 19–26.
  • Segal, Adam, "When China Rules the Web: Technology in Service of the State", Foreign Affairs, vol. 97, no. 5 (September / October 2018), pp. 10–14, 16–18.

External links[edit]