Every year, the Ministry of Industry and Information Technology seeks to improve the Great Firewall’s filtering and blocking techniques and enhance its algorithm. There are three state-owned ISP providers, China Unicom, China Telecom, and China Mobile, that control internet in China. The censorship and monitoring of internet have evolved from anti-virus-like and firewall software to hardware security patches for all devices that uses internet. The main filtering and blocking technologies of Great Firewall include IP blocking of the national entrance gateway, keyword filtering and blocking at the backbone router, HTTP/S certificate filtering, detection and banning of phishing, and domain name hijacking.
Operating System Updates and Security Patches
Since the majority of gadgets are produced in China, the government of China has collaborated with the manufacturers of mobile phones, tablets, and laptops to customize operating systems, such as Windows, Android, and IOS, based on the Great Firewall’s internet security guidelines. Devices purchased outside of China will, at a certain point, will require security updates when used within mainland China. These updates will disable access of Google apps downloader, for example. One can only download apps using the manufacturer’s downloader software, where VPN installers and other banned apps are not available for installation.
IP addresses from other countries are immediately filtered at the backbone router. All foreign websites hosted outside China undergoe screening and analysis for blacklisting and whitelisting. A website that is accessed in China for the first time will have a slow loading time due to this process. China’s firewall works both ways: people inside China cannot access restricted sites hosted in foreign countries, while a number of Chinese sites, apps, music and other media are not accessible outside China as well. This setup enables the government to control the flow of information. The laws in China are the basis of the filtration guidelines of the great firewall.
Keyword Filtering and Blocking
Search engines must be specially designed with search results that are compliant to existing Chinese laws on internet security and bandwidth control. Illegal, pornographic, gambling and other blacklisted sites are banned from appearing in search results, while some unauthorized sites may appear in the search results but will time out when the link is clicked since they do not belong to the whitelist. The firewall’s artificial intelligence (AI) technology analyzes website keywords and meta tags then whitelists or blacklists the URL or IP address.
HTTP/S Certificate Filtering
The most recent technology automatically shuts internet off whenever blacklisted URLs are accessed. The browser would return ERR_TIMED_OUT with an error message like the following, “This site can’t be reached. Try checking in the internet connection.” Apart from the top level filtering at the National Internet Gateway, each province in China has its own filtering devices that can probe HTTP/S URL and certificates. This makes censorship of domestic traffic faster.
DNS Hijacking and Phishing
Only accredited companies are authorized to have applications and websites implemented for public use. DNS hijacking is usually applied to redirect unauthorized sites to an government approved website. The Great Firewall detects the domain name entered and analyses its content, then suggest a similar domain from the white list, then poisons the DNS cache redirect the browser request to another domain. All information typed by users are collected for future analysis. Data gathered overtime makes the Great Firewall more “intelligent” in replacing websites. All chat or messenger applications are also being monitored by the Great Firewall. One can receive incoming messages from restricted apps, but cannot send messages without the use of VPN. This allows monitoring of suspicious conversations despite one party is using VPN.
Websites and apps that are allowed to be used in China can be accessed at a very fast speed, up to the recent 5G (20Gbps) upgrade. Therefore, even foreigners inside China will also opt to use the local counterparts of banned apps and websites due to speed. For example, Baidu in lieu Google maps, QQ mail in place of Gmail, Sogou for Google search, Youkou and Weibo instead of Youtube, MangoTV and Qiyi as replacement of Netflix, and Facebook is replaced by WeChat. Connecting to VPN every time is inconvenient and time consuming, so usually people only use VPN from time to time to access information that keeps oneself updated from what is happening outside China, or if they want to maintain privacy in their internet activities.
Getting around the Great Firewall of China
One workaround to access restricted sites and bypass the Great Firewall is to download and subscribe to a VPN service before going into Mainland China. Going to Hong Kong to download VPN apps is an option, since Hong Kong still retain its original laws pertaining to internet accessibility. Otherwise, request a friend located in another country to send the VPN installer file directly. There are also web browsers, such as Firefox and Opera that have built-in VPN functionality that can be enabled for private browsing.
The use of VPN however, usually slows down downloading and accessibility by 30 percent or more. Faster VPN services are more costly. One major drawback is that your location appears to be of a different country, and this can cause login problems specially for certain applications and websites that track login location for security purposes. Message timestamps are also affected due to the time zone differences with the country where the VPN server is located. So whenever connecting to a VPN, a best practice is to use one country as server location then stick to it. Using the same country every time is important to avoid your account being locked out due to suspicious access from another location.
Final Thoughts: Monitoring Performance from the Great Firewall of China
For users and companies doing business in China, it’s critical to continually test and monitor website accessibility and performance. Traffic conditions can change suddenly and you’ll want to know immediately when issues from the Great Firewall of China impact your users. Dotcom-Monitor provides a number of free online network performance tools to check performance of your websites, applications, servers, and more, from China. The China Firewall Test is specifically designed to show you how your website loads from behind the Great Firewall of China. Simply enter your URL, select your browser (desktop or mobile), set your locations within China, and run your test!
For a more comprehensive solution, set up continuous web page monitoring to ensure uptime, availability, and performance of all your websites 24/7.