The Great Firewall just got a few bricks higher.
As has been widely reported in the media, China recently ramped up its crackdown on virtual private network (VPN) access. VPNs are one of the relied-upon mechanisms for Internet users in China to route over the Great Firewall, as the country’s extensive Internet censorship mechanism is known.
For years, there had seemingly existed a tacit allowance by Beijing permitting Chinese netizens’ use of VPNs to access sites otherwise unreachable inside China. But it appears that acquiescence has faded, replaced by an intense crackdown the likes of which have not been seen before.
“The authorities have been doing this for a long time,” wrote Charlie Smith of OTF-sponsored GreatFire.org, which monitors blocked websites and keywords in China. “But they have never done it as extensively as they are doing now.”
Why VPNs are important to Chinese netizens
VPNs allow China’s 684 million Internet users to evade state censors and thereby connect to otherwise inaccessible sites. VPNs have become an indispensable tool for Internet users in China of all stripes: businesses depend on VPNs to encrypt outgoing traffic, keeping business secrets safe from the prying eyes of competitors; academia use VPNs to conduct research, accessing database search tools like Google Scholar; pop culture enthusiasts can use them to create an Instagram account and follow their favorite foreign celebrities.
And, much to China’s chagrin, everyday citizens use VPNs to access accurate, objective current events coverage from sites like Amnesty International and OTF parent organization Radio Free Asia. Both Amnesty and RFA are aggressively blocked by Chinese authorities.
How China is blocking VPNs
The GFW censorship apparatus analyzes all incoming and outgoing traffic flowing to and from a device as it is sent or received. The censors look for certain bytes of information which indicate VPN use, such as protocols commonly used to mask, or “tunnel,” VPN connections. If a device gets flagged as abnormal, the firewall will attempt to connect to the blocked site using the same path as the flagged device. If the connection is successful, the firewall automatically blocks access to that site. No access, no VPN, no open internet.
The voluminous increase and near instantaneousness of the blocks suggests that the Chinese government is using Deep Packet Inspection (DPI) to analyze the type of traffic flow and have automated the ability to block protocols that are commonly used by VPNs.
How the GFW works via VPN Reviewer:
Effect on OTF-funded tools
The effects of China’s VPN crackdown have been largely limited to popular commercial VPN providers like Astrill, StrongVPN, and GoldenFrog. OTF sponsors non-commercial circumvention tools like Tor, which maintained functionality without appearing to experience abnormal disruptions in usability.
The graphs below show that China-based Tor users experienced typical fluctuations during the past two months, a timespan that includes the VPN block surge in late January:
Oscillation between ‘blocked’ and ‘accessible’ has become the norm in this ongoing censorship arms race that pits the might of China’s Great Firewall against circumvention tools like Tor. It’s a constantly evolving cat-and-mouse game. Tor developer and research David Fifield recently assessed that it takes the GFW “between 2 and 10 weeks” to react to new circumvention systems, like upgrades to Tor bridges. And the blockages are patchy: even if Tor is blocked in, say, Guangzhou, it might still be available in Shanghai, sources say.
The uptick in VPN blocking, the latest affront to open internet access by Beijing, signals a marked shift in intensity for China’s online censorship efforts, signaling a more stringent control policy than we’ve seen prior. Disconcertingly, it fits right in with China’s push for “cyberspace sovereignty” as justification for its Internet intolerance.
That is why OTF facilitates the creation of the strongest, longest-lasting circumvention tools possible – to operate in challenging environments of scarce resources, like a VPN-blocking China. Chinese netizens have long shown incredible resilience in the face of oppression. Our experience tells us that substantial challenges will yield stronger solutions; this time will be no different.