Reality & The Great Firewall

China has implemented a complex information security and control strategy that involves a web of legal restrictions and regulation combined with advanced technical content filtering/blocking and surveillance mechanisms. However, the specific details of this matrix of control have yet to be thoroughly interrogated. Although much has been written, those who actually investigate the “Great Firewall” first hand are few. And often the results of these investigations raise more questions then they answer.

A recent report consolidates many of the claims that scholars and news reports (which often source each other in a circular fashion) regarding the “Great Firewall”. I�ll go through some of the specific and “grand” claims, again, raising more questions than answers, with goal of working towards a more thorough, grounded, investigation and analysis of China�s censorship and surveillance capacity, primarily from a technical perspective.

At last estimate, access was blocked to 19,000 political Web sites considered threatening.[19] These blocked sites include popular foreign news, political, religious, and educational Web sites, including fairly innocuous Web sites of church and religious organizations serving foreign businessmen and residents.[20]

What the author is referring to here is a study (Empirical Analysis of Internet Filtering in China [2002]) conducted by Jonathan Zittrain and Benjamin Edelman at the Berkman Center for Internet & Society. The study found that 19,032 web sites that were inaccessible from China on multiple occasions while remaining accessible from the United States. The “blocked” websites were assigned a blocking quotient — not all the 19,000+ sites were blocked all the time from all the testing locations. In the appendix the authors note:

To the extent that blocking varies across networks and across geographic locations, to describe a URL or entire Web site as “blocked in China” may be inexact — a site can be found accessible in some places and simultaneously inaccessible in others. In the absence of further data about political decision-making and technical implementation, we can be only as precise as the data is accurate — and we therefore apply a threshold of overall inaccessibility to determine that a site is “blocked in China.”

Of the more than 19,000 websites that were identified as “unavailable on at least two occasions, and from at least two distinct proxies, all while still accessible from the United States” many are not “political websites”. Extremely quick and random selections from the testing results make this abundantly clear. The list of 19,000+ sites does include “foreign news, political, religious, and educational Web sites” as well as pornography and clearly non-political sites — I even found a Chinese government website in the list.

Brief list of examples:

I don�t believe that the Berkman report claims to have uncovered 19,000 political blocked sites, but rather engaged in empirical analysis of accessibility which also raised many questions concerning China�s filtering capacity and the targeted content. It should also be noted that many mainstream foreign news websites are, in fact, accessible in China. China’s filtering system blocks a significant amount of non-pornographic websites, some as a consequence of overblocking but it makes a better case against censorship to be accurate and accountable in our claims about Internet filtering in China. Accounts that do not withstand review dimish credible claims about filtering in China.

In addition to blocking sensitive Web sites, the government also controls the sites that appear in popular global search engines such as Yahoo and Google. For instance, a search for �Jiang� in the Chinese version of Yahoo returns only 24 sites, all of which are flattering to Chinese leader Jiang Zemin. Moreover, e-mail subscription services are blocked and the government can and does moni�tor personal e-mail and �erase online content con�sidered undesirable.�[21]

While Yahoo! may self-censor their Chinese Portal the government does not “control” what sites appear in Yahoo! and Google. China does use keyword filtering in GET requests to distrupt the TCP connection to hosts (any, not just search engines) which has the effect of restricting what users in China can search for. This is entirely independent of the search engines themselves. (NOTE: In the case of Google’s Chinese NEWS service, Google is de-listing certain results. Chinese search engines, such as, also filter & de-list results.) In the article sourced in the footnote [21] it states the following with respect to Google: “Nor does Google weed out material that the Chinese government blocks as subversive.”

I understand that what is specifically blocked/unblocked varies, especially with time, and data can quickly become outdated. The article sourced in this context was written in Sep. 2002. Currently, a search for “jiang” Yahoo! (Chinese) produces 2,180,000 results. A search for “jiang” in Google (Chinese) produces 1,570,000 results. Results for “jiang zemin” (�jiang� returns many non-Jiang Zemin results) include mainstream news sources such ABC, CNN and Time magazine as well as oppositional sites (Google:,, | Yahoo:,,

Email lists may very well be blocked, my question is: which ones and how? Is SMTP traffic filtered? What about POP and IMAP? Is mail filtered by originating IP address? Is it filtered by FROM address, SUBJECT or BODY text? Is it filtered at the mail server level (large ISP�s, Chinese free email providers?) Are spam filters configured to block political emails? The same questions also apply to monitoring.

What does “erase online content considered undesirable” mean? Removing posts from government controlled bulletin board forums? Or does it mean shutting down specific websites, within China, such as the recent pornography crackdown and the temporary shutdown of and Many countries shut down �undesirable� websites from child pornography sites, to neo-nazi sites, and recently �terrorist� sites. Specifics are critical to this claim. Our case against censorship is made stronger with concrete examples rather than vague references.

By contrast, the search engine Google, which has not signed such an agreement, has been deemed “unselective” and “unsupervised” by the security authorities and has consequently been censored. Google is especially feared by China’s cybercensors because of its cache feature that makes available saved copies of Web pages that have been deleted and Web sites that have been taken down. Since 2002, Chinese visitors to have been re-routed to a local search engine. [23]

Chinese visitors to Google are not re-routed to a local search engine. Google was briefly blocked for approximately two weeks in August/September 2002. It has otherwise been consistently available to Chinese Internet users. During the two week block period Chinese users were re-directed to local search engines. This stopped when Google was unblocked.

The “cache” functionality of Google is blocked in China because any GET requests with the text string ‘search?q=cache’ are disrupted (whether or not the requests are to Google servers i.e. all servers are affected). However, Yahoo’s and Gigablast’s cache functionality was not blocked when checked in Sept 2004. these search engines, and their cache functionality, is no less “unselective” and “unsupervised” compared to Google’s similar functionality.

All Chinese Internet traffic is routed through five major channels using devices sold by a U.S.-based corporation. American engineers developed special routers, integrators, and a “special firewall box” programmed to monitor Internet traffic and detect selected keywords.[24] China Tele�com bought �many thousands� of these special firewall boxes from a U.S. firm for $20,000 each.[25] These boxes allow the Chinese government to search for, identify, and intercept potentially sub�versive transmissions, which had theretofore been considered difficult to track.[26] By exporting sophisticated communications technology to China, North American telecoms and software companies facilitated the construction of the “Great Firewall of China” against the world and provided the Chinese government with a means to conduct surveillance against its citizens.[27]

A map of the Internet in China shows that there are more than five international connections. The Berkman study also noted regional differences in blocking It also does appear that China’s filtering system is centralized and coordinated and spans multiple levels of access and its been reported that they’ve been assisted by expertise and technology from multinational corporations. Greg Walton’s paper, “China’s Golden Shield“, is an excellent resource that specifically focuses on surveillance technologies.

But China now has domesic technology firms that develop technology so that they no longer need to rely solely on foreign technology. Chinese forms have developed routers and switches that are capable of content filtering. Domestic firms have been charged with copying Cisco’s routers and switches.

Still, foreign companies do continue to sell China technology that is used for filtering and surveillance. It is indeed a problem, I’m not suggesing that it isn’t. The sale of filtering and surveillance technology to repressive regimes is a serious concern. We need to demystify both the technology and what is going on here.

This article , and book by the same author, is used as the basis for the suggestion that Cisco sold China “special firewall boxes from a U.S. firm for $20,000 each”. This may very well be true.

But what can these special boxes do that “normal” Cisco routers cannot be configured to do or that domestically developed Cisco clones cannot do? Packet filter? Access control lists? This is standard stuff. Most filtering technologies have the capabilty to sniff packets and, for example, block access to web content based on keywords in urls, or even the body content of the page itself.

Companies are supplying repressive regimes with technology used to violate the human rights of their citizens. These companies are in the business of filtering the Internet, in homes, schools, offices, libraries, net cafe’s, ISP’s, and even entire countries. The whole process is unaccountable, from the secret filtering lists to the deployment of the filtering systems.

Online conversations are subject to constant eavesdropping, and Web surfing is scrutinized. Yahoo-China, for example, reportedly hires supervisory “big mamas” for the teams of censors assigned to every Yahoo-hosted Internet chat room in China. One American expert in the Chinese Internet describes the big mamas� mission as deleting politi�cally undesirable chat room comments in real time and sending warnings to violators in cyberspace. All Chinese chat rooms, according to this expert, are watched by surveillance teams who can also monitor e-mails, including Web-based accounts, and may use unblocked Web sites as “tripwire” stings to locate and trap possible agitators.[29]

There have been numerous articles/reports on the “big mamas” so I am inclined to believe that such a phenomenon exists, however, the claim that “every Yahoo-hosted Internet chat room in China” seem dubious to me. I have gone into such chatrooms and freely chatted about falun gong/dafa and other sensitive topics without encountering any warnings from “big mamas” or having my comments deleted in real time. How can chatroom comments be technically deleted in realtime? The text has already been sent to the end user�s chat client. Moreover, the claim that chat room monitors can also monitor email is somewhat startling. Is the claim that “big mammas” have some kind of special access to Yahoo!’s chat servers and email servers in order to censor and monitor chat and email? Or is the claim that, independent of Yahoo!, China can filter specific chat text and monitor email traffic? Or is the claim that China can do this for ALL chat services and ALL email services?

I believe that we, as researchers journalists and activists, who are interested in issues of Internet censorship, filtering and surveillance, make and increased effort to demystify the technology being used, be more accurate and thorough when investigating these issues, and avoid speculative scenarios. Doing so increases our credibilty, attracts more people to these serious issues, makes a greater impression on policy makers and bolsters the fight against Internet censorship.

One comment.

  1. The big mama phenomenon is of interest, but as you say, the scope and method of filtering/surveillance is worth questioning. As you say, the manual (human) “real-time message deletion” sounds exaggerated, due to the unfeasibility of screening every message; not only would it require interventionary access to Yahoo or whatever chat service was hosting the conversation, but it would require extraordinary amounts of man-power and time; it would introduce untold latency into the chat service as every message would have to be screened before being distributed – how else could this “deletion” occur? – and the us.

    What may be more believable, based on pre-existing evidence, is that China’s filtering technology may employ some sort of protocol-sensitive snooping. They can and do watch HTTP GET requests and disrupt TCP connections based on data collected (keywords); doing the same for chat services would be only moderately more difficult. Certainly for mediums such as Yahoo!, disrupting the connection between central chat server and individual client saying undesirable things would be trivial. “Big mama’s” warning users sounds farfetched but is indeed possible if the traffic is being monitored. And this could theoretically be done at any level, either by the chat server itself or somewhere in between client and server. In other words, given what we know about how they filter the web, this is what’s possible and plausible, and it is important, as you say, that researchers, journalists and activists make a clear distinction between possible, plausible, and true, the latter being both dangerous and harmful.

    I agree that theorizing about what might be happening is a completely unproductive pursuit, and until there is empirical data on the subject, making claims about the scope and manner of surveillance/filtering of chatrooms is harmful to those of us seeking facts or trying to affect change. Perpetuating untrue/unconfirmed myths or creating new ones dilutes the facts and weakens the anti-censorship position.

Post a comment.