The Great Firewall of China (GFW) is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in Internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google search, Facebook, Twitter, Wikipedia, and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations.
|This article is part of a series on the|
politics and government of
Besides censorship, the GFW has also influenced the development of China's internal internet economy by nurturing domestic companies and reducing the effectiveness of products from foreign internet companies. The techniques deployed by the Chinese government to maintain control of the Great Firewall can include modifying search results for terms, such as they did following Ai Weiwei’s arrest, and petitioning global conglomerates to remove content, as happened when they petitioned Apple to remove the Quartz business news publication’s app from its Chinese App Store after reporting on the 2019 Hong Kong protests.
The Great Firewall was formerly operated by the SIIO, as part of the Golden Shield Project. Since 2013, the firewall is technically operated by the Cyberspace Administration of China (CAC), which is the entity in charge of translating the Communist Party of China's will into technical specifications.
As mentioned in the "One country, two systems" principle, China's special administrative regions (SARs) such as Hong Kong and Macau are not affected by the firewall, as SARs have their own governmental and legal systems and therefore enjoy a high degree of autonomy. Nevertheless, the U.S. State Department has reported that the central government authorities have closely monitored Internet use in these regions.
The term Great Firewall of China is a portmanteau of firewall and the Great Wall of China, and was first used in print by Geremie Barmé in 1997. The term started its use in Beijing in 1996 by Stephen Guerin of Redfish Group, a Beijing-based web consultancy. 1996 interviews of Guerin by CNN's Andrea Koppel and NPR's Mary Kay Magistad included Guerin discussing China's "reversing the firewall".
The political and ideological background of the GFW Project is considered to be one of Deng Xiaoping’s favorite sayings in the early 1980s: "If you open the window, both fresh air and flies will be blown in." The saying is related to a period of the economic reform of China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Communist Party of China have had to be protected by "swatting flies" of other unwanted ideologies.
The Internet in China arrived in 1994, as the inevitable consequence of and supporting tool for the "socialist market economy". Gradually, while Internet availability has been increasing, the Internet has become a common communication platform and tool for trading information.
The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4–6, are:
Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promoting the overthrow of the government or socialist system; undermining national unification; distorting the truth, spreading rumors, or destroying social order; or providing sexually suggestive material or encouraging gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.
In 1998, the Communist Party of China feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control. The CDP was immediately banned, followed by arrests and imprisonment. That same year, the GFW project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the GFW project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System". At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000–50,000 police were employed in this gigantic project.
Origins of Chinese Internet law
While the United States and several other western countries passed laws creating computer crimes beginning in the 1970s, China had no such legislation until 1997. That year, China's sole legislative body, the National People's Congress (NPC) passed CL97, a law that criminalizes "cyber crimes", which it divided into two broad categories: crimes that target computer networks and crimes carried out over computer networks. Behavior illegal under the latter category includes among many things the dissemination of pornographic material and the usurping of "state secrets."
Some Chinese judges were critical of CL97, calling it ineffective and unenforceable. However, the NPC claimed it intentionally left the law "flexible" so that it could be open to future interpretation and development. Given the gaps in the law, the central government of China relies heavily on its administrative body, the State Council, to determine what falls under the definitions, and their determinations are not required to go through the NPC legislative process. As a result, the CPC has ended up relying heavily on state regulation to carry out CL97.
The latter definition of online activities punishable under CL97, or "crimes carried out over computer networks" is used as justification for the Great Firewall and can be cited when the government blocks any ISP, gateway connections, or any access to anything on the internet. The definition also includes using the internet to distribute information considered "harmful to national security," and using the internet to distribute information considered "harmful to public order, social stability, and Chinese morality." The central government relies heavily on its State Council regulators to determine what specific online behavior and speech fall under these definitions.
The reasons behind the Internet censorship in China include:
- Social Control: The Internet is a means for freedom of speech, and dissemination of campaigns could lead to protests against the government.
- Sensitive Content: To control information about the government in China.
- Economic Protectionism: China prefers the use of local companies that are regulated by Chinese regulations, since they have more power over them. E.g. Baidu over Google.
Campaigns and crackdowns
As part of the Great Firewall, beginning in 2003 China started the Golden Shield Project , a massive surveillance and censoring system, the hardware for which was provided by mostly U.S. companies, including Cisco Systems. The project was completed in 2006 and is now carried out in buildings with machines manned by civilians and supervised by China's national police force, the Public Security Bureau (PSB). The main operating activities of the gatekeepers at the Golden Shield Project include monitoring domestic websites and email and searching for politically sensitive language and calls to protest. When damaging content is found, local PSB officials can be dispatched to investigate or make arrests. However, by late 2007 the Golden Shield Project proved to operate sporadically at best, as users had long adapted to internet blocking by using proxy servers, among other strategies, to make communications and circumnavigate to blocked content.
In February 2008, the Chinese government announced "Operation Tomorrow," an effort to crack down on youth usage of internet cafés to play online games and view content declared illegal. Internet cafés, an extremely popular way of getting online in developing countries where fewer people can afford a personal computer, are regulated by the Chinese government and by local Chinese government officials. Minors (in China, those under the age of 18) are not allowed into Internet cafés, although this law is widely ignored and when enforced, has spurred the creation of underground "Black Web Bars" visited by those underage. As of 2008 internet cafés were required to register every customer in a log when they used the internet there; these records may be confiscated by local government officials and the PSB. To illustrate local regulation of internet cafés, in one instance, a government official in the town of Gedong lawfully banned internet cafés from operating in the town because he believed them to be harmful to minors, who frequented them to play online games (including those considered violent) and surf the internet. However, internet cafés in this town simply went underground and most minors were not deterred from visiting them.
In May 2015, China indefinitely blocked access to the Chinese-language Wikipedia. In contrast (as of 2018), the English-language Wikipedia was blocked only rarely and intermittently. China in 2017 discussed plans for its own version of Wikipedia. As of May 2019, all language versions of Wikipedia have been blocked by the Chinese government.
The Chinese firewall works by selectively preventing content from being accessed. It is mostly made of Cisco, Huawei and Semptian hardware that provides censorship services within key networking components such as IPS, PE routers, or DNS servers. Researchers at the University of California, Davis, and at the University of New Mexico said that the censorship system is not a true firewall since banned material is sometimes able to pass through several routers or through the entire system without being blocked.
The filtering mechanism may differ from one Chinese ISP to another, but tend to be as common as possible :
|IP range ban using Black holes||The Chinese firewall maintains a list of IP ranges that are automatically dropped (network black-holing).
The network location of routers effectively performing the drop seems to vary between Chinese internet providers, but the general consensus is that packets are dropped when crossing an MPLS node, which are intensively used in the Chinese backbone internet. This would suggest that the list of dropped networks is likely maintained using LDP.
Because of the complexity to maintain a big, up-to-date banned network list, and because this method has proven not to be compatible with services using Content delivery networks, it is usually used as last resort and other blocking methods are preferred (such as filtering based on QoS).
|DNS spoofing, filtering and redirection||One part of the Chinese firewall is made of liar DNS servers and DNS hijackers returning incorrect IP addresses. Studies seems to point out that this censorship is keyword-based. Censors are likely maintaining two lists : a list of banned domain names, and a list of whitelisted domain names. Both lists very likely employ wildcard characters. Examples of banned websites include "*greatfire.org" or "*falungong*", examples of whitelisted websites include "developer.android.google.cn".
The list of banned/allowed keywords seems to be shared between multiple Chinese Internet providers, suggesting central management. The exact DNS software and configuration seems local to each Chinese ISP however.
Contrary to popular belief, foreign DNS resolvers such as Google Public DNS IP address 184.108.40.206 are reported to work correctly inside the country; however, these DNS servers are also subject to hijacking as their connections aren't encrypted: DNS queries do reach the DNS server, but if the request matches a banned keyword, the firewall will inject a fake DNS reply before the legitimate DNS reply arrives.
Since the major Chinese firewall upgrade of 2015, IP addresses returned for blocked domains are random IPs within the range of a black-holed network.
|URL filtering using transparent proxies||The Chinese firewall is made of transparent proxies filtering web traffic. These proxies scan the requested URI, the "Host" Header and the content of the web page (for HTTP requests) or the Server Name Indication (for HTTPS requests) for target keywords. If the firewall believe that the page should be blocked, a 403 error page may displayed instead, or the page may not load at all.
Like for DNS filtering, this method is keyword based. Encrypting the Server Name Indication can be used to bypass this method of filtering and is currently in development by the IETF.
|Quality of service filtering||Since 2012, the GFW is able to "learn, filter and block" users based on traffic behavior, using Machine learning. This method was originally developed for blocking VPNs and has been extended to become part of the standard filtering system of the GFW. The method works by mirroring all traffic (using a network tap) to a dedicated analytics unit, that will then deliver a score for each destination IP based on how suspicious the connection is. This score is then used to determine a packet loss rate to be implemented by routers of the Chinese firewall, resulting in a slowed connection on the client side. The method aims to slow down traffic to such an extent that the request times out on the client side, thus effectively having succeeded in blocking the service altogether.
It is believed that the analytics system is using Side-channel (such as the number of recently contacted IP addresses) to estimate how suspicious is a connection. It is able to detect traffic patterns (such as SSH tunneling, VPN or Tor protocols), and can measure packets Entropy to detect encrypted-over-encrypted traffic (such as HTTPS over an SSL tunnel).
This system does not require human interaction to work, and is completely separated from DNS filtering and proxies systems.
|Packet forging and TCP reset attacks||The Chinese firewall may arbitrary terminate TCP transmissions, using packet forging. The blocking is performed using a TCP reset attack. This attack does not block TCP requests nor TCP replies, but send a malicious TCP RST packet to the sender, simulating an end-of-connection.
Side channel analysis seems to indicate that TCP Reset are coming from an infrastructure collocated or shared with QoS filtering routers. This infrastructure seems to update the scoring system : if a previous TCP connection is blocked by the filter, future connection attempts from both sides may also be blocked for short period of times (up to few hours).
|Man-in-the-middle attacks with TLS||The Chinese National Intelligence Law theoretically allows the Chinese government to request and use the root certificate from any Chinese certificate authority, such as CNNIC, to make MITM attacks with valid certificates. No MITM attack using a valid certificate has yet been formally detected, but this is largely due to the fact that entities having both will and sufficient capabilities to detect such attack (eg: Google, Mozilla, Opera, and other web-browsers makers) have little or no adoption in China.
Multiple TLS incidents also happened in the last decade, before the creation of the law:
On 26 January 2013, the GitHub SSL certificate was replaced with a self-signed certificate in China by the GFW.
On 20 October 2014, iCloud SSL certificate was replaced with a self-signed certificate in China. It is believed that the Chinese government discovered a vulnerability on Apple devices and was exploiting it
On 20 March 2015, Google detected valid certificates for Google signed by CNNIC in Egypt. In response of this event, and after a deeper investigation, CNNIC certificate has been removed by some browsers. Because of the removal being based on proofs and not suspicion, no other Chinese certificate authority has been removed from web browsers, and some have been added since then.
This type of attack can be circumvented by websites implementing Certificate Transparency, or by using browser extensions.
|SMTP, IMAP4 and POP3
|The great chinese firewall has been reported to inspect and censor emails using SMTP, POP3 and IMAP4 transparent proxies .
The system would be working using keyword filtering .
In addition to the performed filtering, the CAC is also using Active Probing in order to identify and block network services that would help escaping the Firewall. Multiple services such as Tor or VPN providers reported receiving unsolicited TCP/IP connections for the purported purpose of network enumeration of services, in particular TLS/SSL and Tor (anonymity network) services, with the aim of facilitating IP blocking..
This active probing system seems to be using unused IP addresses within China Telecom and China Unicom IPs pools dedicated to Residential gateways , making the probes hard to block without affecting Chinese users.
Effectiveness and impact
The Great Firewall in China had direct influence on population's belief and way of thinking. It is mainly used by the Chinese government to perform brain washing and encourage "right thinking" by censoring dissident ideas. One of the main goals of the Great Chinese firewall is to create an environment where people have the same values and are having the same opinion. Therefore, the GFW is a political tool using Chinese citizens to promote Chinese Communist Party ideas.
The impact of this tool is difficult to evaluate, but It is estimated that its consequences are very strong and worldwide : instead of directly using force to control the population, the GFW quietly sets up an environment in which people share the same values and have same ideas, which are directly controlled by the CAC. Some example of ideas are :
- Taiwan and Tibet are part of China.
- 1989 Tiananmen Square protests should not be considered as very important
- Pornography, obscenity and eroticism are shabby activities.
- Democracy is not the best system for governing a country. As such Pro-democracy groups should be considered as terrorists and Hong Kong protests are definitely organized by foreign entities.
- Falun Gong and other anti CCP groups, are "outlawed".
The role of the firewall is to play with the social aspects of Chinese citizens, by blocking access to websites discouraging or criticizing these ideas. Other tools and means (50 Cent party, forcing companies in China to promote these ideas using loans as threat, pressuring citizens not complying with these ideas) are used to fill the space left with a "right thinking" voice.
Because the social environment of an individual doesn't necessarily change when moving country, there is multiple reports of Chinese users still promoting these ideas even when they are going abroad and are not under direct influence of the GFW. It is largely admitted that the GFW, as well as other means, is playing a non-negligible role in keeping stable, patriotic and CAC-compliant values.
The GFW is also putting foreign website, applications, and software owners under fear to get banned in China for having an user using their technology to express a non-CAC compliant opinion. This pressure is leading to chilled speech and self-censorship on all internet related services, from websites to mobile applications and video-games software. This self-censorship is encouraged by the Chinese government, and is currently more effective at blocking internet content than the Great Firewall has been.
Aside from the population-control aspect, the Great Firewall also act as a form of trade protectionism that has allowed China to grow its own internet giants, such as Tencent, Alibaba, and Baidu. China has its own version of many foreign web properties, for example: Tencent Video (YouTube), Tencent Weibo (Twitter), Qzone (Facebook), WeChat (WhatsApp), Ctrip (Orbitz and others), Zhihu (Quora). With nearly one quarter of the global internet population (700 million users), the internet behind the GFW can be considered a "parallel universe" to the Internet that exists outside.
Legal circumvention methods
- Website owners can set up regional Web sites within China. However, it requires companies and users to apply for local Internet Content Provider (ICP) licenses for each Chinese province where the website should be allowed. ICP licences come with a lot of restrictions, such as the mandatory use of a national domain name extension or the impossibility to set up community related websites.
- Chinese and Foreign companies willing to perform site-to-site VPN, can set up a private MPLS link connection between China and the rest of the world using pre-approved network operators . This option is expensive, but is the most reliable way to go through the firewall for a company. Some network companies have also been granted to distribute SD-WAN connections, using IPsec as site-to-site connection method.
Methods for bypassing the firewall
Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.
- Proxy servers outside China can be used, although using just a simple open proxy (HTTP or SOCKS) without also using an encrypted tunnel (such as HTTPS) does little to circumvent the sophisticated censors.
- Freegate, Ultrasurf, Psiphon, and Lantern are free programs that circumvent the China firewall using multiple open proxies, but still behave as though the user is in China.
- VPNs (virtual private network) is one of the most popular tools for bypassing censorship technologies. They use the same basic approaches, proxies and encrypted channels, used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.
- Reconfiguration at the end points of communication, encryption, discarding reset packets according to the TTL value (time to live) by distinguishing those resets generated by the Firewall and those made by end user, not routing any further packets to sites that have triggered blocking behavior.
- Tor partially can be used in China. China invested a lot of efforts to specifically detect and block entry nodes and bridges. Almost all built-in bridges (with the exception of meek bridges, which are detected by the QoS filtering system) are detected by imposing as users requesting bridge IPs and then blocked. Tor still functions in China using Obfs4 proxies distributed through social networks or self-published and meek.
Known blocked methods
- OpenVPN protocol is detected and blocked. Connections not using symmetric keys or using "tls-auth" are blocked at handshake, and connections using the new "tls-crypt" option are detected and slowed down (under 56Kbps) by the QoS filtering system.
- GRE tunnels and protocols that use GRE (eg, PPTP) are blocked.
- IPSec tunnels and protocols that use it (L2TP) are detected and slowed down (under 56Kbps) by the QoS filtering system and are sometimes blocked at handshake.
Reporters Without Borders suspects that countries such as Cuba, Vietnam, Zimbabwe and Belarus have obtained surveillance technology from China, although the censorship in these countries is less stringent than in China.
Even so, one can see the booming sector as well as one of the most dynamic. China is the second largest information and communication technology market, according to the International Data Corporation this market should reach US$844 billion by 2020. The market for big data is expected to become part of the industrial world of China by 2025. Regardless of the strictness the industrial internet architecture is already in place.
Protest in China
Despite strict government regulations, the Chinese people continue to protest against their government's attempt to censor the Internet. The more covert protesters set up secure SSH and VPN connections using tools such as UltraSurf. They can also utilize the widely available proxies and virtual private networks to fanqiang (翻墙, "climb over the wall"), or bypass the GFW. Active protest is not absent. Chinese people post their grievances online, and on some occasions, have been successful. In 2003, the death of Sun Zhigang, a young migrant worker, sparked an intense, widespread online response from the Chinese public, despite the risk of the government's punishment. A few months later, Premier Wen Jiabao abolished the Chinese law that led to the death of Sun. Ever since, dissent has regularly created turmoil on the Internet in China. Also in January 2010, when Google announced that it will no longer censor its Web search results in China, even if this means it might have to shut down its Chinese operations altogether, many Chinese people went to the company's Chinese offices to display their grievances and offer gifts, such as flowers, fruits and cigarettes.
Arguments against the GFW
Critics argue that the GFW is a consequence of China's paranoia of the potential that the Internet has of spreading opposition to their one-party rule. Other arguments given against China are that their method of having a limited Internet impedes freedom of speech and that it holds them down, economically speaking, by discouraging innovation, disapproving communication of important ideas and prohibiting firms the use of certain services that they use. It is also thought to be a detrimental approach for students and professors since they do not have access to resources which promote the sharing of work and ideas for a more comprehensive learning.
Another important argument against the GFW and fear that the critics have is that if other big countries begin following China's approach, the whole purpose of the creation of the Internet could be put in jeopardy. If like-minded countries are successful in imposing the same restrictions on their inhabitants and globalized online companies, then the free global exchange of information could cease to exist.
Reaction of the United States
The United States Trade Representative's (USTR) "National Trade Estimate Report" in 2016 referred the China's digital Great Firewall: "China's filtering of cross-border Internet traffic has posed a significant burden to foreign suppliers." Claude Barfield, the American Enterprise Institute's expert of International trade, suggested that the U.S. government should bring a case against the Firewall, a huge trade barrier, in the World Trade Organization in January 2017. 8 of the 24 more trafficked websites in China have been blocked by The Great Firewall. This has created a burden to foreign suppliers who rely on these websites to sell their products or services.The lobby's 2016 business climate survey showed 79 percent of its members reported a negative impact on business due to internet censorship.
According to Stephen Rosen, the GFW is reflective of the Chinese government's fear of civil disobedience or rebellion among the Chinese population against the Chinese Communist Party's rule:
If you want to know what people are worried about look at what they spend their money on. If you’re afraid of burglars you buy a burglar alarm. What are the Chinese spending their money on? We’re told from Chinese figures they’re spending on the People's Armed Police, the internal security force is about as big as they’re spending on the regular military. This whole great firewall of Chinese, this whole massive effort to control the internet, this effort to use modern information technology not to disseminate information, empowering individuals, but to make people think what you want them to think and to monitor their behavior so that you can isolate and suppress them. That’s because this is a regime which is fundamentally afraid of its own people. And it’s fundamentally hostile to them.
- Fang Binxing, considered to be the Father of the Great Firewall of China
- Bamboo Curtain
- Berlin Wall
- Great Cannon — A distributed denial-of-service attack tool co-located with the Great Firewall.
- GreatFire — An organization monitoring the Great Firewall.
- Great Wall of China — the physical analogy and the origin of the term, protecting China from foreign invasions in ancient times.
- Great Wall of Sand
- Blocking of Wikipedia by China
- Censorship in China
- Green Dam Youth Escort
- Internet in China
- Internet censorship in the People's Republic of China
- Internet censorship circumvention
- International Freedom of Expression Exchange – monitors Internet censorship in China
- Media of China
- Politics of China
- Who Controls the Internet?
- Mozur, Paul (13 September 2015). "Baidu and CloudFlare Boost Users Over China's Great Firewall". The New York Times.
- "Wikipedia founder defends decision to encrypt the site in China". The Verge. Retrieved 17 April 2018.
- Skipper, Ben (7 December 2015). "China's government has blocked Wikipedia in its entirety again". International Business Times UK. Retrieved 2 May 2018.
- Mozur, Paul; Goel, Vindu (5 October 2014). "To Reach China, LinkedIn Plays by Local Rules". The New York Times.
- Branigan, Tania (28 June 2012). "New York Times launches website in Chinese language". The Guardian.
- Denyer, Simon (23 May 2016). "China's scary lesson to the world: Censoring the Internet works". The Washington Post. Retrieved 5 September 2017.
- Rauhala, Emily (19 July 2016). "America wants to believe China can't innovate. Tech tells a different story". The Washington Post. Retrieved 5 September 2017.
- Miller, Chance (2019-10-09). "Apple removes 'Quartz' news app from Chinese App Store". 9to5Mac. Retrieved 2019-10-10.
- Statt, Nick (2019-10-09). "Apple removes Quartz news app from the Chinese App Store over Hong Kong coverage". The Verge. Retrieved 2019-10-10.
- "How China's Internet Police Control Speech on the Internet". Radio Free Asia. Retrieved 15 August 2018.
- "China (includes Tibet, Hong Kong, and Macau) - Hong Kong". U.S. Department of State. Retrieved 29 July 2018.
- Lanfranco, Edward (9 September 2005). "The China Yahoo! welcome: You've got Jail!". UPI.
- Barme, Geremie R.; Ye, Sang (6 January 1997). "The Great Firewall of China". Wired. Retrieved 29 December 2015.
- Koppel, Andrea (9 February 1996). "China Roadblocks the Internet". CNN.
- Magistad, Mary Kay (14 May 1996). "Internet Cafe". NPR.
- R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
- "中国接入互联网". China News Service. Retrieved 28 August 2013.
- "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
- Goldman, Merle Goldman. Gu, Edward X.  (2004). Chinese Intellectuals between State and Market. Routledge publishing. ISBN 0415325978
- Goldsmith, Jack L.; Wu, Tim (2006). Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press. p. 91. ISBN 0-19-515266-2.
- 首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集 (in Chinese)
- Xiao Qiang (20 December 2010). "'Father' of China's Great Firewall Shouted Off Own Microblog". China Digital Times (CDT). Retrieved 24 October 2019.
- "'Father' of China's Great Firewall Shouted Off Own Microblog – China Real Time Report – WSJ". Wall Street Journal. 20 December 2010. Retrieved 25 December 2010.
- "防火墙之父"北邮校长方滨兴微博遭网民"围攻" (in Chinese). Yunnan Information Times. 23 December 2010. Retrieved 20 May 2011.
- Denyer, Simon (23 May 2016). "China's scary lesson to the world: Censoring the Internet works". Washington Post.
- Keith, Ronald; Lin, Zhiqiu (2006). New Crime in China. Routledge Taylor & Francis Group. pp. 217–225. ISBN 0415314828.
- August, Oliver (23 October 2007). "The Great Firewall: China's Misguided — and Futile — Attempt to Control What Happens Online". Wired Magazine.
- "Website Test behind the Great Firewall of China".
- Cody, Edward (9 February 2007). "Despite a Ban, Chinese Youth Navigate to Internet Cafés". The Washington Post. Retrieved 1 April 2015.
- Smith, Charlie (18 June 2015). "We Had Our Arguments, But We Will Miss You Wikipedia". Huffington Post. Retrieved 31 December 2018.
- "en.wikipedia.org in China". GreatFire. Retrieved 31 December 2018.
- Toor, Amar (4 May 2017). "China is building its own version of Wikipedia". The Verge.
- Watt, Louise (4 May 2017). "China is launching its own Wikipedia – but only the government can contribute to it". The Independent.
- "Search result not found: China bans Wikipedia in all languages". Washington Post. Retrieved 6 June 2019.
- Herman, Arthur. "Huawei's (And China's) Dangerous High-Tech Game". Forbes. Retrieved 8 October 2019.
- "Cisco, Huawei and Semptian: A Look Behind the Great Firewall of China". C5IS. 15 December 2014. Retrieved 8 October 2019.
- ScienceBlog.com (2007-09-11). "China's 'Eye on the Internet' a Fraud". Retrieved 12 September 2007.
- "Deconstructing the Great Firewall of China". Network Intelligence Blog | ThousandEyes. 8 March 2016. Retrieved 1 June 2019.
- "how to unblock websites in China". pcwizardpro.com. Retrieved 27 January 2018.
- "The Great DNS Wall of China - Analysis of the DNS infrastructure" (PDF).
- DNS Servers of china unicom have a very recognizable signature ("Why query me?Your IP had been logged!"), indicating a common source code or configuration within this ISP.
- "220.127.116.11 goes pretty well in the Chinese market. (8 being a popular number.) I th... | Hacker News". news.ycombinator.com. Retrieved 31 May 2019.
- "r/China - DNS servers in China". reddit. Retrieved 31 May 2019.
- "Solidot | 防火长城使用有效IP投毒DNS，其中包括色情网站IP". www.solidot.org. Retrieved 13 June 2019.
- "Internet Censorship in China" (PDF).
- "Towards Illuminating a Censorship Monitor's Model to Facilitate Evasion, Page 4, section Protocol Message Interpretation" (PDF).
- "draft-ietf-tls-esni-03 - Encrypted Server Name Indication for TLS 1.3". datatracker.ietf.org. Retrieved 13 June 2019.
- Arthur, Charles (14 December 2012). "China tightens 'Great Firewall' internet control with new technology". guardian.co.uk. London: The Guardian. Retrieved 8 March 2013.
- "My Experience With the Great Firewall of China". blog.zorinaq.com. Retrieved 1 June 2019.
- "Ignoring TCP RST send by the firewall" (PDF).
- "zdnetasia.com". zdnetasia.com. Retrieved 13 June 2011.
- "FreeBSD patch - ignore TCP RST".
- "Google Chrome QUIC 白名单添加方法".
- "Cyber-security Law of the People's Republic of China". www.dezshira.com. Retrieved 1 June 2019.
- "GitHub SSL replaced by self-signed certificate in China | Hacker News". News.ycombinator.com. Retrieved 15 June 2013.
- "Chinese MITM Attack on icloud".
- "Apple CVE exploited by chinese government".
- "TLS certificate blunder revisited – whither China Internet Network Information Center?". nakedsecurity.sophos.com. 2015-04-14. Retrieved 18 October 2018.
- "1128392 - Add GDCA Root Certificate". bugzilla.mozilla.org. Retrieved 1 June 2019.
- "Certificate Patrol - a psyced Firefox/Mozilla add-on". patrol.psyced.org. Retrieved 7 July 2019.
- Wilde, Tim (7 January 2012). "Knock Knock Knockin' on Bridges' Doors". Tor Project.
- "Learning more about the GFW's active probing system | Tor Blog". blog.torproject.org. Retrieved 8 October 2019.
- "Learning more about the GFW's active probing system | Tor Blog". blog.torproject.org. Retrieved 8 October 2019.
- "Counter-protests against pro-Hong Kong demonstrators may reflect Chinese state influence".
- "Top concern: happiness of compatriots - People's Daily Online". en.people.cn. Retrieved 2019-11-03.
- "WeChat users censoring content amid China social media crackdown". South China Morning Post. 2017-09-12. Retrieved 2019-11-03.
- Fell, Andy (11 September 2007). "China's Eye on the Internet". UC Davis.
- Chen, Te-Ping (28 January 2015). "China Owns 'Great Firewall,' Credits Censorship With Tech Success". WSJ.
- Millward, Steven (12 January 2017). "China's answer to Quora now worth a billion bucks". Tech in Asia.
- "Restrictions - ICP Filing Basics| Alibaba Cloud Documentation Center". www.alibabacloud.com. Retrieved 2019-11-11.
- "填写主体信息和网站信息_填写主体信息和网站信息_ICP备案流程（PC端）_备案-阿里云". help.aliyun.com. Retrieved 2019-11-11.
- "China Mobile Partners With Aryaka For SD-WAN".
- "How to get a MPLS line to China". NiHao Cloud. Retrieved 2019-11-11.
- "SD-WAN Service for China".
- "Splinternet Behind the Great Firewall of China: The Fight Against GFW", Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
- "Ignoring the Great Firewall of China", Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20–35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
- "r/TOR - Does Tor still work in China?". reddit. Retrieved 2019-11-11.
- https://www.usenix.org/system/files/conference/foci18/foci18-paper-dunna.pdf https://www.youtube.com/watch?v=DX46Qv_b7F4&feature=youtu.be&t=949
- "r/Windscribe - China almost blocked everything pptp l2tp openvpn tunnel...if use private cloud there's still 50% chance get block". reddit. Retrieved 2019-11-11.
- "r/networking - About Chinese Great Firewall and IPsec". reddit. Retrieved 2019-11-11.
- "Going online in Cuba: Internet under surveillance" (PDF). Reporters Without Borders. 2006. Archived from the original (PDF) on 3 March 2009.
- "China - Technology and ICT". Export.gov. Retrieved 3 September 2018.
- Ramzy, Austin (13 April 2010). "The Great Firewall: China's Web Users Battle Censorship". Time. Retrieved 4 February 2011.
- "The Great Firewall of China". Bloomberg. Retrieved 2 April 2018.
- Barfield, Claude (29 April 2016). "China's Internet censorship: A WTO challenge is long overdue". TechPolicyDaily.com. Retrieved 26 January 2017.
- Barfield, Claude (25 January 2017). "China bans 8 of the world's top 25 websites? There's still more to the digital trade problem". American Enterprise Institute. Retrieved 26 January 2017.
- Martina, Paul (8 April 2016). "U.S. says China internet censorship a burden for businesses". Reuters. Reuters. Retrieved 23 March 2018.
- Kristol, Bill (30 November 2018). "Stephen Rosen interview". Conversations With Bill Kristol. Transcript. Retrieved 26 October 2019.
|Look up firewall in Wiktionary, the free dictionary.|Quotations related to Great Firewall at Wikiquote