The Great Firewall of China is an essential tool for the Chinese Communist Party (CCP); it consists of a series of technologies and laws employed by the Chinese government to censor and control the content available to users in the country.

China has historically been known to be one of the most heavily censored countries, regulating content on its version of the internet. They're known for censoring anything that doesn't align with their values, including political dissent.

In this piece, we'll dive into the history of the Great Firewall of China and explain how the government can deploy censorship at such a scale.

The History of the Great Firewall

The seeds for the Great Firewall of China, or the GFW Project, were actually sowed in the 1980s when the government planned to take measures to control the content that citizens could access.

a section of the Great Wall of China

In 1994, users in China were finally able to access the internet, and by 1997, the Ministry of Public Security issued a series of laws to censor it, prohibiting users from:

  • Disseminating information that may incite a resistance
  • Reveal any state secrets
  • Pornography
  • Content related to murder, gambling, or violence
  • Activities that affect network security

A year later, in 1998, the ruling party (CCP) officially launched the GFW project, explaining that the internet should be a part of a country's sovereignty and, as such, should be governed by it.

A Tiered Approach to Censorship

The first phase of implementing the Great Firewall continued until 2006 when the government added controls to monitor internet activity in all major provinces and started to clamp down on any transgressors.

illustration of man wearing a mask with censored on the face

This included surveillance tools and the use of censorship technologies, as well as legislation requiring all licensed ISPs to adhere to the government's strict censorship policies.

The second phase was launched in 2006 and ended a couple of years later. Experts believe that up to 50,000 policies were implemented, and the country began using a range of high-tech equipment to monitor internet use, including video monitoring, internet security, and facial recognition devices.

With time, the country has also introduced new policies, especially as mobile usage has become popular. To combat this, the country employs one of the world's most comprehensive surveillance and censorship networks, using hardware provided by foreign companies like Cisco Systems. In a nutshell, the government monitors virtually everything on the web.

The Development of a Mini-Internet

Night view of Shanghai

When internet use was rapidly evolving around the globe, especially due to the rise of social media, China began to clamp down hard, fundamentally changing user habits within the country.

Any company that refused to play by the government's rules, such as sharing user information with them or providing heaps of data for monitoring, was banned from operating in the country. For instance, cryptocurrencies are banned in China.

A number of popular websites are also banned in China, including big names like Facebook, Google, Twitter, and even YouTube. Certain services, which most may consider irreplaceable, are also not available in the country, such as:

  • Gmail
  • WhatsApp
  • Google (search engine and all Google apps)
  • Snapchat
  • Microsoft OneDrive

Instead, they have local alternatives that comply with the government's strict censorship rules. For instance, Baidu is the direct replacement for all of Google's services in the country.

With more than a billion users accessing the internet in China, the GFW Project is a stunning accomplishment. But how does the country censor content at such a mass scale?

The 5 Main Blocking Methods Used by the GFW Project

There are five main blocking methods that the Great Firewall of China uses to censor content on the internet.

1. URL Blocking

laptop with internet and lock logos on screen

URL blocking or filtering is one of the most effective methods used by the Great Firewall. It consists of a series of proxies that monitor and filter traffic on the web.

URL blocking is quite simple: the proxies scan a series of characters used by web technologies to locate information on servers, known as Uniform Resource Identifiers (URIs).

These proxies also scan a web page's content and look for target keywords to block. As soon as a keyword matches, the entire page is blocked. This method requires the database to be regularly updated with relevant keywords to work effectively.

2. DNS Poisoning

When you type in a URL in your browser, it converts it into an IP address and then uses the Domain Name System (DNS) to identify and serve relevant content. Think of it as a massive directory of all website addresses.

The Great Firewall of China uses a series of "fake" DNS servers that return invalid IP addresses if you try to open certain sites. This method of DNS hijacking relies on targeting specific keywords.

Whenever a DNS request matches a prohibited keyword, the firewall automatically adds a fake DNS response, thus preventing users from accessing the site altogether.

3. Direct VPN Blocking

vpn behind no access logo

The Chinese government is vehemently against the use of VPNs. It's one of several countries where VPNs are illegal and heavily restricted.

The Great Firewall analyzes traffic using methods like deep packet inspection to detect if someone is using a VPN. By inspecting individual packets of data sent to the server, it can identify where it came from, including any applications in use.

It's pertinent to mention that VPNs in China aren't actually outlawed. All VPN providers must hand over user data and comply with the country's censorship policies, which defeats the primary purpose of using a VPN: anonymity.

4. Man-in-the-Middle Attacks

Man-in-the-middle (MITM) attacks are used by the Chinese government to "impersonate" and use root certificates from Chinese authorities instead of ones by actual providers.

Websites often use SSL certificates to transmit data, ensuring it's encrypted. MITM attacks allow the Chinese authorities, like the CNNIC, to issue self-signed certificates; effectively being able to capture all communications and data with a particular site.

A popular example of this was in 2014 when the iCloud SSL certificate was replaced by another self-signed certificate from Chinese authorities. By exploiting a back-end vulnerability on Apple devices, the government could eavesdrop and gather heaps of data until the certificate was detected and replaced with an original.

5. Active Probing

Lots of digital matrix code

Active probing is a technique Chinese authorities use to identify services that can help users circumvent the firewall. VPN providers and even the use of the Tor Project can be blocked this way.

It works by probing any connection requests to an outbound server, such as one located outside China. The GFW Project inspects the nature of the request, and if it detects that the IP is part of a prohibited server network (likely belonging to a banned VPN), it instantly cancels the request and blocks the IP.

The Main Objective of the Great Firewall

The main objective of the Great Firewall is simply to clamp down on political dissent, control the narrative, and prevent users from being able to access content that may go against the country's policies.

Anything that portrays the country negatively is shot down, and thanks to mass surveillance, any instances of dissent are immediately detected, silenced, and removed from the web. This helps the government maintain a strong ideological grip on its citizens, with many believing that the Firewall "protects" them from falsified information.

Illustration of a spammy website riddled with warnings and ads

The Bottom Line—Is Internet Use Safe in China?

As long as you don't criticize the government or access any banned services, then the answer is yes. The government has made significant strides to introduce access to its version of the web to people, with public Wi-Fi now readily available in major cities.

It's all strictly monitored and silenced, and while there are ways to jump over the Great Firewall, those who do often run the risk of hefty fines or even jail time.