South China Morning Post
Advertisement
Advertisement
Censorship in China
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
China is cracking down on methods of evading its online censorship. Photo: Shutterstock
TechPolicy

China blocks internet anticensorship tools ahead of 20th party congress as the Great Firewall grows in sophistication

  • More than 100 people have reported having their servers blocked for using proxies that disguise censorship circumvention as regular web traffic
  • The move marks an escalation of the Great Firewall’s censorship ahead of the party congress expected to extend President Xi Jinping’s term in power
Censorship in China
Matt Haldane
Xinmei Shen
Matt HaldaneandXinmei Shen
Why you can trust SCMP
Users of a number of popular censorship circumvention tools are reporting that their servers are being blocked in an apparent escalation of China’s crackdown on such tools ahead of this month’s 20th party congress, according to the censorship monitoring group Great Firewall (GFW) Report.
More than 100 users reported that their servers hosting the tools, which are specifically designed to avoid detection by China’s Great Firewall, have been blocked, the GFW Report said in a post on GitHub.

The identified protocols are known for their use of transport layer security (TLS), the ubiquitous encryption standard that makes secure communication on the web possible.

This is supposed to make private proxy servers look like normal web traffic, unlike traditional virtual private networks (VPNs).

02:33

How China censors the internet

How China censors the internet

All of the blocked proxy protocols – trojan, Xray, TLS+Websocket, VLESS, and gRPC – are used in the V2Ray platform that allows users to easily switch between them.

A separate traffic camouflage project called NaïveProxy was found to not be affected, which GFW Report said is because it is designed to make TLS connections look like they are coming from Chromium-based browsers such as Google Chrome or Microsoft Edge.

“This new blocking coincides with the most politically sensitive weeks in China,” GFW Report said in an email to the South China Morning Post. “The first three weeks of October 2022 are expected to be the most politically sensitive time because there are three major events.”

The group referred to the week-long National Day holiday that started October 1, the seventh plenum of the Communist Party’s Central Committee on October 9, and the 20th party congress that starts on October 16th.

Google is using a tool Chinese users developed to bypass the Great Firewall

The congress, one of the most sensitive political events in years, is set to extend President Xi Jinping’s term in power, making him the first leader since Mao Zedong to get a third term as general secretary of the Communist Party.

The sweeping block of several protocols marks a big step up in censorship, which often ramps up at sensitive times of the year, such as the weeks before the June 4 anniversary of the Tiananmen Square crackdown and major political events.

It is not currently known precisely how these proxies are being identified and blocked. The GFW Report hypothesised that TLS fingerprinting might be used, but the team has not done any empirical tests yet.

Some users who were blocked said it happened while sending traffic over port 443, which is used for encrypted web traffic over the secure hypertext transfer protocol (HTTPS). Switching ports temporarily allowed users to access the proxy again, but that could result in the server’s internet protocol (IP) address being banned, according to the GFW Report.

V2Ray has been a reliable method of accessing the global internet for many people in China who are technologically savvy enough to use it, or who pay for a subscription service with this technology used on the back end.

It is a spiritual successor to Shadowsocks, another encrypted proxy protocol that has been used by companies like Google but has declined in popularity since the Great Firewall learned to detect such traffic.

“We estimate more than half of all Chinese netizens who circumvent internet censorship use TLS-based circumvention strategies,” GFW Report said, contrasting it with Shadowsocks, which wraps traffic in other types of encryption.

“TLS-based tools have been reportedly blocked before, but we have never seen it blocked on such a scale.”

The ability to recognise proxy traffic patterns allows Chinese internet service providers to quickly throttle or block a server for a specific user.

China’s internet watchdog vows another crackdown against Covid-19 rumours

The GFW Report said that domain names used to help mask the proxy traffic are not being blacklisted by China, meaning the blocks only affect individual users while the domains remain accessible to others.

“This is similar to activity which has taken place in previous years and highlights the fact that, if the authorities wanted to, they could render most circumvention tools ineffective at the flip of a switch, at any time,” said Charlie Smith, the head of the Chinese censorship monitoring website GreatFire who uses a pseudonym to protect his identity.

“Perhaps the more important question is, why don’t the authorities do this all the time?”

Some access to overseas websites is considered important for international collaboration, trade and propaganda.
However, in a sign of intensified censorship ahead of the party congress, Google Translate, one of the US search giant’s few remaining consumer services available in mainland China, was discontinued because of low usage, the company said.

The GFW Report found last week that China had recently blocked all subdomains of Google.com, numbering more than 1,100 and affecting a large number of popular services.

This week, a number of Cantonese-speaking influencers on Douyin, the Chinese version of short video app TikTok, also voiced their frustration after their live-streaming shows were abruptly cut off by the app. The reason from the ByteDance-owned service was that the language was “unrecognisable”.
Cantonese is the most widely spoken form of Chinese after Mandarin, but censors have long struggled with it, as evidenced by recent reports that Cantonese posts on Weibo about sensitive topics related to Covid-19 restrictions went unnoticed by censors.

Weibo to regulate homonyms, ‘misspelt’ words if used to evade censorship

Since the earliest days of internet access within China, online censorship has been a cat-and-mouse game between censors and developers. In the case of V2Ray, support for personal domains and TLS was an advancement over Shadowsocks because it made traffic look like it was coming from unblocked websites.

When Shadowsocks censorship started ramping up three years ago, one developer going by Teddy Sun stopped development on a popular installation script for the tool. “It won’t last long,” Sun told the Post at the time. “It will die sooner or later.”

However, Shadowsocks is still in use, and Sun posted on his blog just last month about a new installation method. It has become just one of many tools in an ever-expanding toolbox used by those trying to thwart an increasingly sophisticated censorship regime.

“New tools are [being] and need to be developed at all times,” Smith said. “Obviously, a lot more work needs to be done if we really want to help people freely access information all over the world.”

8