How China‘s Great Firewall Works and How to Get Around It


If you have been to China in recent years, you may have experienced a lack of access to some websites that you’re used to backing home. Websites such as Google, YouTube, Facebook, and many other popular platforms are either blocked completely or slowed to a crawl by a large-scale content filtering mechanism known as the Great Firewall of China. This censorship engine allows the Chinese government to regulate the internet and protect its citizens from content deemed inappropriate to its population. However, China has been widely criticized internationally due to the sheer lack of freedom when using the internet. Global freedom watchdogs have labeled China as the worst country in terms of online Internet freedom. As technology has advanced, the Great Firewall has also seen many changes over the years with increasing complexity and sophistication, hence becoming more and more effective and subtle in its filtering efforts.

China’s Great Firewall is only getting stronger with new technology and the onset of artificial intelligence to improve existing security measures around a year ago. China was able to display its dominant censorship capabilities by outright banning cryptocurrency trading overnight with foreign cryptocurrency exchanges blocked and local exchanges forced to relocate overseas, making the industry disappear in the blink of an eye. The consequence is that many foreign business operators are afraid of being negatively impacted without testing if their website is blocked in China by the great firewall. Even if they are not blocked, they may still experience slower loading speed resulting in lost business to local competitors.

China’s internet censorship is a combination of a regulatory framework and technological enforcement. The Great Firewall sits in between the Chinese telco provider and the external foreign server that the user is attempting to access. The Firewall is able to filter the data that moves between the local servers and the overseas servers and block data coming from IPs that are disallowed. 

The second method used to restrict data is known as DNS poisoning. DNS or domain name system is a method by which to associate domain names with IP addresses after entering a domain name into your browser. Your computer needs to determine the IP address associated with that domain in order to know which server to retrieve the desired content from. Let’s say, for example, you enter into your browser. Your computer cannot find the IP address for this domain and the local cache and connects to the DNS servers provided by your internet service provider or ISP. The DNS servers will query the root DNS servers which will query the global top-level domain servers and redirect the query to the name servers of These name servers will respond with the IP address for this domain and then the DNS server will then cache this IP address and forward it to your PC. Your computer will then connect to the IP address received and ask for the content for the website. 

With the Great Firewall, it twists the process a little bit. In order to block google, instead of the name servers returning the correct IP address associated with, the Firewall will poison the DNS. This occurs while the IP address is in transit back to your computer. It is here where the IP address information will be intercepted via a gateway server that manipulates the DNS response by filtering content on certain keywords. China is able to decipher which domains to poison and deny service. 

The third way that China manages to catch non-authorized content is by self-censorship and manual enforcement according to Chinese laws and regulations. This mechanism is put in place across all websites hosted within China so that the domain registrars have full control over the domain names under their management. Chinese firms are completely and wholly responsible for their content as such Chinese firms employ dedicated employees to police their own sites and pull down content that is deemed inappropriate. These workers monitor social media sites, message boards, instant messages and a lot more sources. The Chinese government itself is estimated to employ several hundred thousand people according to some reports to sift through the web and report unauthorized content or posting government propaganda.

With tight control comes anti-control efforts to circumvent government measures, such as the wide use of VPNs. The use of VPNs allows the user to send and receive data securely without exposure to any authorities as long as the VPN server is located outside the country. It will be able to retrieve whatever data you wish and send it back to you via the encrypted tunnel. This method of circumventing the Great Firewall has become more and more popular and has been subject to some major crackdowns as of late as the firewall’s technology advances. More and more VPNs are being banned or blocked by identifying VPN-looking traffic and killing those connections permanently preventing them from ever reaching a foreign server again. However, VPN is not a black and white legal or illegal issue in China. On the one hand, the Great Firewall needs to block content according to its algorithm, but on the other business with the outside world has to be conducted on a daily basis as China is a major international trade player. So the restrictions on VPN usage come and go, and it’s to anyone’s guess when the government may decide to pull the triggers. In any event, businesses that operate in China or have trade relations with China need to find ways to ensure interactions and transactions are carried out cost-effectively.


Please enter your comment!
Please enter your name here