Google Bows Down To Chinese Government On Censorship

Sometime between December 5 and December 8 last year, Google made a surprising decision that hasn’t yet been reported. They decided to remove a feature which had previously informed users from China of censored keywords (screenshot below). At the same time, they deleted the help article which explained how to use the feature. This indicates a new development in the relationship between the Chinese government and Google. Since Google moved its search engine to Hong Kong in 2010, censorship of its services such as YouTube, Google Plus and thousands of keywords on Google Search has been done by the Great Firewall, out of control of Google. This latest move was fully controlled by Google and can as such only be described as self-censorship.

Google has been depicted as a model company that stands up to the Chinese government and upholds its famous motto “Don’t be evil”. This impression reached a climax in May this year when Google introduced a new warning message aimed at users in China. Typing one of the many keywords blocked by the Great Firewall, this message would inform the user that continuing the search would probably break the user's connection. It was a bold step towards exposing the censorship that the authorities desperately try to hide. At the time, Foreign Policy asked whether in this “second clash between the Internet search giant and the Chinese government, will freedom of speech win?”.

Within 24 hours of Google’s new feature, The Great Firewall had struck back by blocking the javascript file containing the function and blocked keywords data (see Timeline Of Events below for more). Google in turn reacted by changing the URL of this file, which again was blocked. The cat and mouse game ended before the end of the month when Google geniously embedded the whole function in the HTML of its start page. This made it technically impossible to block the new function without blocking Google altogether.
This was a remarkable victory against censorship. Unfortunately, it didn’t last. According to our test data, Google switched off the embedded function for Chinese users sometime between December 5 and December 8. Why did they pull the switch?
One theory is that embedding the China-specific function on Google’s front page makes the system more difficult to maintain. The more complex a system is, the harder it is to improve. On the other hand, this function was clearly valuable. And with all the brilliant minds Google has at its disposal, they could surely find a technical solution. Though Google’s market share in China is only around 5%, that still translates to more than 25 million Internet users.
What really renders this theory void is that Google also deleted the help article about this function. While disabling a feature could potentially be a result of technical streamlining, deleting a help article and so pretending that the feature never existed makes no sense. The article used to be available at but trying to view it now renders a “Page not available” message. Our test data shows that the article was still available on December 5 and that it had been removed by December 8. This is the same time that the function itself was disabled. Here’s a screenshot of the original help article:

What could be the reason for Google to switch off their smart anti-censorship function and at the same time delete the help article about the same function? The developers who painstakingly constructed it only half a year ago must have screamed in protest. Since the removal of the help article could only be done willingly by Google, the only explanation we see is that Google struck a deal with the Chinese government, giving in to considerable pressure to self-censor.

How did the Chinese government force such a candid company to do its bidding? Perhaps the complete blocking of Google Search on Nov 9 was part of it. The block was lifted after less than 24 hours making the move look very peculiar. At the time we speculated that perhaps it was a test of a “block-all-of-Google” button, but this new theory of it being part of pressuring Google looks at least as likely. It may have been an instance of the government showing off its power to Google and using it as a leverage in their negotiations. 

Also in November, the throttling and partial blocking of Google’s Mail service was stepped up considerably. In the end, Google may have decided that providing a restricted version of Google Search and a slow but usable Gmail to Chinese users is much better than being completely cut off.

This is a grave setback in the fight against censorship and Google has been caught on the wrong side. It suggests that Google’s reputation as a fighter of censorship may not be fully earned. However, it’s not obvious that any other company is much better (see these stories critical of Microsoft, Apple and Yahoo). Gmail may still be the best email service for Chinese dissidents because it supports https, two-step authentication, and warns against suspicious activity and state-sponsored attacks. We appreciate that Google tries to stand up to the government, even though it seems to have been forced to bow down.

Looking forward, a weakened Google suggests that it won’t continue to push the boundaries of censorship in China. For example, it is unlikely to start redirecting all Chinese users to its HTTPS version of Google Search, even though that would enable searching of all blocked keywords in one strike.

We hope that Google will offer us and its millions of Chinese users an explanation of what really happened. However, given what Google says on the China section of its Transparency Report website, this may be unlikely:

Chinese officials consider censorship demands to be state secrets, so we cannot disclose any information about content removal requests.

Update: According to the Guardian, "A Google spokesman confirmed it removed the notification features in December, but declined to comment further due to the sensitivity of the situation in China." and “A source in China said Google decided it was "counterproductive" to continue the technical dispute, despite several attempts to get around it.”

Timeline Of Events

May 31Google introduces new feature informing Mainland China users of blocked keywords. Google publishes blog posts, help article and Youtube videos about it.
May 31GFW disables new feature by blocking javascript file containing the function and data of blocked keywords.
June 2Google changes the URL of the javascript file, enabling the function again*
June 2 - June 18GFW blocks the new URL again.*
Before end of JuneGoogle embeds the new anti-censorship function on its front page, making it near-impossible to block.
Nov 6Partial blocking of Gmail is stepped up.
Nov 9All of and are blocked in China.
Nov 10Google is unblocked again.
Dec 5 - Dec 8Google stops embedding the anti-censorship function on its front page.From our database. Last record including
embedded function was on Dec 5. First record without it was on Dec 8.
Dec 5 - Dec 8Google deletes the help article.Dec 5 (article available).
Dec 8 (article deleted). 

*Because the exact URL is too long, our test system only tests the truncated version of the exact URL. This explains the 404 when accessing from U.S, but the block in China is still effective for this truncated version of URL.


  1. The external Javascript file containing an encoded list of blocked keywords (which was later embedded on the front page for Chinese users):,st,anim,bbd,c,sb_cn,hv,wta,cr,cdos,sk....
  2. Google official blog posts about the anti-censorship feature:
    1. (English)
    2. (Chinese)
  3. YouTube videos about observations in mainland China, by Google:
    1. (English)
    2. (Chinese)


More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Sep 24, 2015

Apple blocked CNNIC CA months after MITM attacks

In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center (CNNIC). CNNIC was controlled by the Chinese government through the Ministry of Industry and Information Technology and is now under the management of the Cyberspace Administration of China (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.

Wed, Sep 23, 2015

Malicious Xcode could spread via download manager Xunlei

What’s at stake?

We reported last week that popular Chinese iOS apps were compromised in an unprecedented malware attack. We discovered that the source of the infection was compromised copies of Xcode hosted on Baidu Pan. Apple has published an article urging developers to download Xcode directly from the Mac App Store, or from the Apple Developer website and validate signatures. We’ve now discovered that even if a developer uses a download link seemingly from Apple, he might still be possible to obtain a compromised copy of Xcode.

Please note that we do not have evidence that such attacks has happened. But it is an easy attack that anyone can implement.

How does it work?

This compromise happened because of Xunlei. Xunlei is the most popular download manager in China. Much of its popularity is due to the fact they can accelerate download speeds by pulling resources from other Xunlei users as well as cached copies on the Xunlei server. All of this, however, is invisible to users. Users can simply enter a regular http download address into Xunlei  download manager and the download will start. Chinese developers were using direct download addresses such as to download Xcode.

Mon, Sep 21, 2015



Sat, Sep 19, 2015

Popular Chinese iOS apps compromised in unprecedented malware attack

What happened?

According to recent reports, some versions of Xcode used by developers in China have been compromised and are being used to inject tracking codes in iOS apps without developer knowledge. (1,2). Unaware of the injection, those developers then released their compromised iOS apps to the App Store which were then later approved by Apple. At the time of writing this post, the compromised apps are still available in the App store. Any user who has installed and launched these compromised apps will be a victim of these tracking codes.

This is a significant compromise of Apple’s app store. Apple notoriously manually reviews all app submissions and, in comparison to Android stores, has been relatively malware-free. This is the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world.

The compromised version of Xcode was hosted on Baidu Pan. It is unlikely that Baidu was aware of the compromised version of Xcode. The company removed the files yesterday when news of the compromise surfaced. Because of slow download speeds from foreign websites in China, many Chinese developers prefer to download apps from domestic websites. Many Chinese also use download software like Xunlei, rather than downloading directly from the official Mac App Store.

According to users reports, many prominent Chinese apps are affected. We have included links to the compromised apps in the list below but DO NOT DOWNLOAD these apps. We are simply linking to them so that users can recognize the apps. Affected apps include:  

Wechat The most popolar messaging app in China 

Wed, Sep 16, 2015



Roya, David, Nick, nweaver, Vern, 和我刚刚完成了关于GFW主动探测系统的研究。这个系统在几年前就被用来探测翻墙工具,比如Tor。我们在之前的博文中介绍过GFW主动探测系统是如何工作的。但有几个问题我们没有回答。比如这个系统的物理结构是怎样的。那些用来主动探测的IP是归GFW所有的么? 有猜测GFW短时间内劫持了部分IP来用来主动探测,但没有证据。这次研究回答了这些问题。


  • 通常来说,如果Tor的某个网桥代理被GFW检测并封锁,它会一直被封锁。但是这意味着网桥代理完全无法访问吗? 我们让中国的VPS一直连接我们控制的网桥代理。我们发现,每25小时,中国的VPS可以短暂的连接到我们的代理网桥。下图显示了这个现象。每个数据点表示中国的VPS试图与网桥代理建立连接。中国联通和中国教育网都有这个周期性现象。有时候,网络安全设备在更新规则时会默认允许所有流量,但我们不知道GFW周期性现象是不是因为这个原因导致的。

  • 我们找到了规律,GFW主动探测的TCP头暗示那几千个IP都来自与同一个地方。下图显示了数据包的初始序号和时间。每个数据点都是一个主动探测连接。如果每个主动探测都是从不同地方发出的,我们应该看到随机的数据点,因为数据包的初始序号是随机选择的。但是下图显示主动探测连接虽然来自不同IP,但是非常有规律。我们认为主动探测的初始序号是按照时间产生的。


Subscribe to our blog using RSS.


Good web site you hav got here.. It's difficult to find excellent writing like yours nowadays.
I seriously appreciate people like you! Take care!!

Take a look at my site - wildlife artists cape town

It is highly recommended to work with those services
as they insure that most of the movers are certified and insured.
This factor makes them reliable and trusted by the clients very much.
Or, you can connect stereo devices, either speakers or headsets, to your i
- Phone and listen to music and videos without the need to plug in headphones.

Look into my web blog - รถรับจ้างขนของ

The yummy fresh chocolates on valentine day are most special gift.
However the quality was often quite poor and some sold for as little as a shilling.
With Valentine's Day rapidly approaching, on
February 14th, many are wondering what to do for that special someone.

my blog post :: valentine day sms

After Daytona Beach Police Detectives finished their investigation of the
incident, the scene was turned over to a site manager for Clean Fuels National, who police emphasized
was not at the scene when the incident happened. It has emerged as one of
the best weekend destinations especially for families.
"Backwater tours for four hours, six hours or eight hours can be arranged for two or more anglers.

my web blog; daytona 500 live streaming

this post is awesome, great msg for us, plz update ur blog for daily basis, i am regular visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website
click here for msg movie

thanks for this post, keep it up for updating us, i am waiting for ur new article.
IPL 2015 Cricket live score
mps computers
Harjinder Singh

thanks again

Α number of people, particulaгly the Indians are really too thrilled,
elated and well over satisfied with the fact that almost all of the worlԀ
cup ϲricket 2011 fits shall be held in the Ιndian sub-continent.

Fanatics haƿpen to be in dream to get hold of announcement regarding the ongoing complement by
way of juѕt ɑbout ɑny dish network cricket woгld cup reference on the
market. The Engliѕh team will miss the services of
their batsman Keѵin Pietersen and faѕt bowler Stuaгt Broad throughout the tournament.

Look at my webpaǥe ipl 8 live streaming

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.