Sina testing subtle censorship ahead of Tiananmen anniversary

What happened?

On May 31, 2013 at 7am, we observed that searching for keywords that are normally blocked, for example, “六四事件” (June 4th incident), surprisingly returned some results and no censorship notice. This temporary lift of censorship ended at 9am but started and stopped a few more times into early afternoon, as if literally somebody was flipping a switch on and off at Sina headquarters.

Update on June 2: Sina is still constatnly swtiching between those two method.

Update on June 8: From June 3-4th and onwards, Sina Weibo seems to switch back to explicit compelte block for those keywords.

Change in Tact

To understand what is happening you need to be familiar with Sina’s various censorship methods. We observed and reported last year that Sina had implemented new tactics to censor particular keyword searches. Just days before the June 4th anniversary, Sina is again tweaking its censorship mechanisms. During the morning hours of May 31, Sina completely abandoned its old style, explicit approach to censorship, which displayed a message but no search results:

“According to relevant laws, regulations and policies, search results for [the blocked keyword] can not be displayed.”

No, Sina has not suddenly decided to fully support freedom of speech. On the contrary, it would appear that Sina is using more advanced and subtler methods to censor search results. All keywords mentioned below are normally explicitly and completely blocked. But each behaved a little bit differently on the morning of May 31.

Strictly filtering

The results we received when we searched for “六四事件” (June 4th incident) showed that the first page of results displayed not all results but carefully selected results. While the first results page seems to indicate that there are more than 50 pages of results, no results are shown when you click through to the next page or any page beyond the first. This censorship tactic was also employed last year for “香港” (Hong Kong) (Solidot story in Chinese).

Keyword example: “六四事件”(June 4th incident)

Delayed censorship

We have also previously reported that Sina has delayed search results for sensitive keywords.

When testing the delayed censorship tactic, we conducted two simultaneous searches of similar keywords, one sensitive and one non-sensitive. In the case of searching for results for “六四” (June 4), we used “五七” (May 7) as a control group, to be sure that search results were indeed intentionally delayed. As suspected, results for “五七” (May 7) displayed posts that were ten minutes old while the most recent June 4 posts were several hours old.

This indicates a marked improvement on Sina’s time delay censorship mechanism. Previously the default time delay was seven days. It is likely that many Sina Weibo users would find this time delay to be odd but could attribute this to a bug or a glitch in the system. With today’s hours-long time delay, most users will likely think that discussion around this topic is ongoing.

This is an example of censorship at its worst - users suspect their search term might get blocked before they search but instead of a censorship notice they are led to believe that what they are searching for is not sensitive plus not many people are saying anything interesting about the keyword anyway.

A good example of this can be found when searching for “天安门事件” (Tiananmen incident). The current search results do in fact bring up quite a bit of information about an incident which occurred in Tiananmen Square - in 1976.

Keyword example “六四” (June 4th), “天安门事件” (Tiananmen incident), 24周年 (24th anniversary) 法轮功 (Falungong)

Implicit complete censorship

Sina now returns a fake “Sorry, no results can be found” message instead of the normal censorship message that we have come to at once love and hate: “According to relevant laws, regulations and policies, search results for [the blocked keyword] can not be displayed.”

Keyword example: “64事件” (64 incident)

Implicit semi-censorship

Sina returned a partial censorship notice from page 2 onwards. The first page looks completely normal, leading users to believe that there are no decent search results for that keyword - why continue searching?

Keyword example: “天安门大屠杀”

V user only censorship

Some relatively low level sensitive words appear to be totally uncensored in this system. Is this the beginning of successful long tail sensitive keyword search on Sina Weibo?

Update: Earlier we said that some keywords appear to be completely uncensored. We have to admit that Sina even fooled us. Actually, all search results come from V users only. V users on Sina are like verified account on Twitter. Those users are more likely to follow the rules as they might face revoke of V status or block of account.

Keyword example: “游行” (demonstration)

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Mon, Jan 26, 2015

An Open Letter to Lu Wei and the Cyberspace Administration of China

January 26, 2015

Beijing, China

 

Mr. Lu Wei

Director of the Cyberspace Administration of the People’s Republic of China 中央网络安全和信息化领导小组办公室主任

Director of the State Internet Information Office 国家互联网信息办公室主任

Deputy Director of the Central Propaganda Department of the Chinese Communist Party 中共中央宣传部副部长

Cyberspace Administration of China,

Floor 1, Building 1,

Software Park, Chinese Academy of Sciences,

4 South 4th Street, Zhongguancun,

Beijing, China, 100190

 

Dear Mr. Lu,

On January 22, 2015, the Cyberspace Administration of China (CAC), which is under your direct control, wrote a response to a story we published about an MITM attack on Microsoft. In the post, your colleague, Jiang Jun, labelled our accusations as "groundless" and  "unsupported speculation, a pure slanderous act by overseas anti-China forces".

We at GreatFire.org take great offense to these comments and we will refute them in this letter.

Mon, Jan 19, 2015

Outlook grim - Chinese authorities attack Microsoft

On January 17, we received reports that Microsoft’s email system, Outlook (which was merged with Hotmail in 2013), was subjected to a man-in-the-middle (MITM) attack in China.

The following screenshot shows what happens when a Chinese user accesses Outlook via an email client (in this case, Ice-dove):

We have tested Outlook to verify the attack and have produced the same results. IMAP and SMTP for Outlook were under a MITM attack. Do note however that the web interfaces (https://outlook.com and https://login.live.com/ ) were not affected. The attack lasted for about a day and has now ceased.

This form of attack is especially devious because the warning messages users receive from their email clients are much less noticeable than the warning messages delivered to modern browsers (see screenshot at the end of this post for comparison).

(Sample error message from default iPhone mail client)

Fri, Jan 09, 2015

GFW upgrade fail - visitors to blocked sites redirected to porn

In the past, the Chinese authorities’ DNS poisoning system would direct Chinese internet users who were trying to access Facebook, Twitter and other blocked websites (without the use of a circumvention tool) to a set of fake IP addresses that are blocked in China or are non-existent. After waiting for some time, Chinese internet users would receive a timeout message if they were trying to access a blocked site.

However, with the new DNS poisoning system, in addition to those IP addresses used before, the Chinese authorities are using real IP addresses that actually host websites and are accessible in China. For example, https://support.dnspod.cn/Tools/tools/ shows that if a user tries to access Facebook from China, they might instead land on a random web page, e.g. http://178.62.75.99

Below is a screenshot by a Chinese user when he was trying to access our GreatFire.org website which was blocked in China. He was redirected to a goverment site in Korea. In essense, GFW is sending Chinese users to DDOS the Korea government's website.

One Chinese Internet user reported to us that when he tried to access Facebook in China, he was sent to a Russian website, unrelated to Facebook. Another user tweeted that he was redirected to an German adult site when he tried to access a website for a VPN.

某墙你这什么意思,DNS 污染返回给我一个德国工口站的 IP,满屏很黄很暴力弹弹弹(

— nil (@xierch) January 4, 2015

Wed, Dec 31, 2014

CNNIC leadership change coincides with blocking of Gmail

On December 26, 2014, in an announcement posted on their website, a new chairperson for CNNIC was directly appointed by the Cyberspace Administration of China. The announcement of this appointment coincided with the complete blocking of Gmail.

Cyberspace Administration of China (中央网信办) is chaired by Lu Wei, “China’s web doorkeeper”. Lu Wei is also the vice chair of the Central Propaganda Department, according to his official resume.

chair.png

This office is directly responsible for the blocking of Gmail and other websites including Facebook, Twitter and Google.

CNNIC is China’s certification authority and operates the country’s domain name registry. 

What are certificates used for?

Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. 

What is a certification authority (CA)?  

Tue, Dec 30, 2014

Gmail completely blocked in China

All Google products in China have been severely disrupted since June of this year and Chinese users have not been able to access Gmail via its web interface since the summer. However, email protocols such as IMAP, SMTP and POP3 had been accessible but are not anymore. These protocols are used in the default email app on iPhone, Microsoft Outlook on PC and many more email clients.

On December 26, GFW started to block large numbers of IP addresses used by Gmail. These IP addresses are used by IMAP/SMTP/POP3. Chinese users now have no way of accessing Gmail behind the GFW. Before, they could still send or receive emails via email clients even though Gmail's web interface was not accessible. 

Google's own traffic chart shows a sharp decline of Chinese traffic to Gmail. 

Below is a ping request to the Gmail SMTP server, which is completely inaccessible in China.

 

Subscribe to our blog using RSS.

Comments

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.