Google Can Bring an End to Censorship in 10 Days. Here's how.

On November 20, 2013, Eric Schmidt, Google’s Executive Chairman, was quoted as saying during a speech in Washington:

“We can end government censorship in a decade. The solution to government surveillance is to encrypt everything.”

Another report on the same speech notes:

He said he thinks there will be movements from Chinese citizens using technology that country’s leaders won’t be able to control or stop, such as the campaigns in favor of gay rights and same-sex marriage that developed within the U.S.

“You cannot stop it if it’s a good idea broadly held,” Schmidt said. “That’s how China will change.”

If we are to take Mr. Schmidt seriously, we must ask what Google is doing in practice in the most censored of all Internet markets: China. The answer, unfortunately, is disappointing. Over the last few years, all that Google has seemingly done in China is to put up a warning to users trying to search for blocked keywords - and even that feature was later removed. What’s more, anti-censorship and anti-surveillance technology that has been rolled out on Google Search in other parts of the world have been withheld from the country where it would matter the most. Encrypted-by-default search was rolled out in the US quickly after the NSA revelations, but not in China where users are not only monitored but thousands of keywords are blocked altogether.

While Google has stopped moving the boundaries in China, other players have made a difference. The code-sharing site Github uses encrypted-only access and, perhaps not intentionally, broke the pattern of Internet control in China. When the website was used for spreading circumvention tools and even an appeal asking the White House to ban anyone working on the Great Firewall from traveling to the US, the authorities predictably moved to block the website. What was not predictable was the outcry that followed, given the importance of Github as a tool to developers and - crucially - businesses. A couple of days later, Github was unblocked, and has remained unblocked since. That set a groundbreaking example for what would become known as Collateral Freedom.

Github is not on a mission to end online censorship in China. We are, and earlier this week, we successfully unblocked the Reuters Chinese website which had been blocked on November 15. We also unblocked the China Digital Times website, which has been blocked in China for years and earlier created mirrors for our FreeWeibo project. Almost immediately, these mirrors got thousands of visits a day from China. But we are just a small team of activists with very limited resources. If anyone has the power to implement this technology widely it’s Google. Here’s what they could do to effectively end online censorship in China, not in ten years, but in just ten days:

1. Google needs to first switch its China search engine ( to HTTPS by default. It has already done this in the US and in other markets but not in China. What this essentially means is that for Chinese netizens using Google, they will be taken to, the encrypted version of the search engine. By using the encrypted version, the great firewall of China cannot selectively block search results on thousands of sensitive terms.

2. While we provide a pretty comprehensive list of websites that are blocked in China, Google holds the best list of blocked websites, everywhere in the world. If the website that a user tries to visit from the search results on Google is blocked in the country that the user is in, Google should redirect the user to a mirrored version of the same website hosted by Google.

That’s it. Two simple steps and Google can end online censorship by the end of this month in China. Quite possibly they could end online censorship just about everywhere in the world before the new year. Forget about not doing evil - this would be something that we could all celebrate.

Critics of our approach will say that the "do it, they might not block you" argument is tenuous at best. But that is not what we are saying. What we are saying is:

“Google! Do it! If they don't block you, freedom wins. If they do block you, there will be much more opposition to censorship inside China and the system will be forced to change, thus freedom wins too!”

Win-win. If the authorities could not stand up to Github - Github!? - then what chance do they have against Google.

We are gambling with Google’s stack that they are big enough and important enough that the Chinese authorities would not dare block it in mainland China completely. They tried it once before and backed down after a day. They have sometimes made Google services like Gmail excruciatingly difficult to use. But given how essential Google’s services are to so many individuals and businesses, blocking the company entirely would have immediate and disastrous economic consequences.

The Github story provides a precedent for our willingness to bet the house. On that morning in January, when developers woke up to find that Github had been blocked, they were outraged. Public pleas were made with the government to restore service. These were not the normal pleas that censorship authorities were used to receiving. This was about dollars and yuan - and everybody in China understands the power of making money. After three days, and a likely confirmation of the economic damage that was being caused, the Chinese authorities restored access to Github.

Github is a very important service for developers around the world. But its importance pales in comparison to Google. Try hard to imagine what it would be like if all of a sudden everything Google just instantly disappeared. Goodbye to search, farewell Chrome, your personal Gmail account is gone and you may not be able to access your work email. You will have to find another translation engine. You will be desperately hunting down important photos (Picasa) and documents (Docs) on your computer. Your clients will be calling you to ask why your website is down at about the same time you notice that yesterday your online store brought in absolutely no revenue.

Our two step approach is not technically complicated. In the past, we have repeatedly asked Google to make its search engine HTTPS by default but it took Edward Snowden and a bunch of files to make Google do this quietly for the US market.

User Input What you get in china What you get in the u.s

Every time somebody conducts a search on Google and clicks a link that should take them to a website only to find that it is blocked, Google knows that the site is blocked within the cross-site tracking of Google analytics. They also have an index of the entire content of the internet. It would be easy for Google to make a change to its search engine, so that when a person clicks on a link that Google knows is blocked, they would redirect that user to an unblocked version of the page, hosted on an unblockable proxy. They could also add a small indication in their search results which would basically say: “This page is blocked in your country, but we have taken the liberty to protect your liberty by redirecting you to a mirror of this page”. Google is already half way there. Google caches most Internet pages and provides them to users. The cache is hosted on a separate domain, which is blocked in China. Google can simply host the cache on a subpath, say (and in country specific domains) to bypass the block. The great firewall will no longer be able to prevent visitors from China accessing this cache without blocking Google entirely.

Again, this is a big gamble on Google’s part. But the Chinese authorities have not moved to block the three mirrors we have created so far for FreeWeibo, Reuters and China Digital Times. The window of opportunity is open for Google to make its move.

We used technology to create our mirrors. It did not take us long to mirror both the Reuters and the China Digital Times websites. Google could do what we did in the blink of an eye. We also believe that they could make Mr. Schmidt’s dream a reality and truly end online censorship once and for all. We estimate it would take a small team at Google about ten days of work - but this is Google we are talking about. They could likely do this over late night tofu pizza.

The simplicity of our solution, however, begs other questions. Why have they not done this before? Google made somewhat of an effort to be diplomatic about their entry into China. When they decided that they would make a partial pullout from China, their announcement was a little less diplomatic. Google knows that they can do this and that there will be nothing that the Chinese authorities can do to stop this short of completely blocking their service. So why have they not pushed the envelope with China, especially when China pushed first?

Google still has three offices in China (in Beijing, Shanghai and Guangzhou). Is Google worried that these offices will be closed down? They may be worried about protecting the safety of their employees in China (as David Drummond alluded to in his March, 2010 blog post). But surely Google could do everything in their power to help employees try to emigrate to other Google locations and, at the very least, they could help their employees find new jobs in China. Are they worried that their employees will be in danger if Google decided to make such a change to how it operates in China?

Is Google worried about the revenue it is generating from clients in China? Perhaps, but their current 3% market share in search pales in comparison to the revenue the company generates in other markets. In reality, if the company does make the changes we are proposing, they will have more chances to make money from advertising in the China market.

There must be Google employees who have already proposed doing what we have suggested above. Why has Google not made this move? Maybe Mr. Schmidt feels that it is his responsibility, as the Executive Chairman of the world’s biggest and most famous internet company, to speak out on causes that he, the co-founders of Google and Google employees feel are important. But peering down from his pedestal. Mr. Schmidt should not lose sight of his company’s own ability to bring about this change.



More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Sep 24, 2015

Apple blocked CNNIC CA months after MITM attacks

In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center (CNNIC). CNNIC was controlled by the Chinese government through the Ministry of Industry and Information Technology and is now under the management of the Cyberspace Administration of China (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.

Wed, Sep 23, 2015

Malicious Xcode could spread via download manager Xunlei

What’s at stake?

We reported last week that popular Chinese iOS apps were compromised in an unprecedented malware attack. We discovered that the source of the infection was compromised copies of Xcode hosted on Baidu Pan. Apple has published an article urging developers to download Xcode directly from the Mac App Store, or from the Apple Developer website and validate signatures. We’ve now discovered that even if a developer uses a download link seemingly from Apple, he might still be possible to obtain a compromised copy of Xcode.

Please note that we do not have evidence that such attacks has happened. But it is an easy attack that anyone can implement.

How does it work?

This compromise happened because of Xunlei. Xunlei is the most popular download manager in China. Much of its popularity is due to the fact they can accelerate download speeds by pulling resources from other Xunlei users as well as cached copies on the Xunlei server. All of this, however, is invisible to users. Users can simply enter a regular http download address into Xunlei  download manager and the download will start. Chinese developers were using direct download addresses such as to download Xcode.

Mon, Sep 21, 2015



Sat, Sep 19, 2015

Popular Chinese iOS apps compromised in unprecedented malware attack

What happened?

According to recent reports, some versions of Xcode used by developers in China have been compromised and are being used to inject tracking codes in iOS apps without developer knowledge. (1,2). Unaware of the injection, those developers then released their compromised iOS apps to the App Store which were then later approved by Apple. At the time of writing this post, the compromised apps are still available in the App store. Any user who has installed and launched these compromised apps will be a victim of these tracking codes.

This is a significant compromise of Apple’s app store. Apple notoriously manually reviews all app submissions and, in comparison to Android stores, has been relatively malware-free. This is the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world.

The compromised version of Xcode was hosted on Baidu Pan. It is unlikely that Baidu was aware of the compromised version of Xcode. The company removed the files yesterday when news of the compromise surfaced. Because of slow download speeds from foreign websites in China, many Chinese developers prefer to download apps from domestic websites. Many Chinese also use download software like Xunlei, rather than downloading directly from the official Mac App Store.

According to users reports, many prominent Chinese apps are affected. We have included links to the compromised apps in the list below but DO NOT DOWNLOAD these apps. We are simply linking to them so that users can recognize the apps. Affected apps include:  

Wechat The most popolar messaging app in China 

Wed, Sep 16, 2015



Roya, David, Nick, nweaver, Vern, 和我刚刚完成了关于GFW主动探测系统的研究。这个系统在几年前就被用来探测翻墙工具,比如Tor。我们在之前的博文中介绍过GFW主动探测系统是如何工作的。但有几个问题我们没有回答。比如这个系统的物理结构是怎样的。那些用来主动探测的IP是归GFW所有的么? 有猜测GFW短时间内劫持了部分IP来用来主动探测,但没有证据。这次研究回答了这些问题。


  • 通常来说,如果Tor的某个网桥代理被GFW检测并封锁,它会一直被封锁。但是这意味着网桥代理完全无法访问吗? 我们让中国的VPS一直连接我们控制的网桥代理。我们发现,每25小时,中国的VPS可以短暂的连接到我们的代理网桥。下图显示了这个现象。每个数据点表示中国的VPS试图与网桥代理建立连接。中国联通和中国教育网都有这个周期性现象。有时候,网络安全设备在更新规则时会默认允许所有流量,但我们不知道GFW周期性现象是不是因为这个原因导致的。

  • 我们找到了规律,GFW主动探测的TCP头暗示那几千个IP都来自与同一个地方。下图显示了数据包的初始序号和时间。每个数据点都是一个主动探测连接。如果每个主动探测都是从不同地方发出的,我们应该看到随机的数据点,因为数据包的初始序号是随机选择的。但是下图显示主动探测连接虽然来自不同IP,但是非常有规律。我们认为主动探测的初始序号是按照时间产生的。


Subscribe to our blog using RSS.


But surely it's trivial for the chinese authorities to just block *.google.* altogether and suddenly you don't even have the option for using google or any of it's services.

This all nothing more than PR. Microsoft and friends can solve censorship in half a day. All they need to do is roll out an update that enable Opportunistic IPSec to all Windows users and server.

This function is already built, the amount of work Microsoft has to do is minimal. It's just a matter of making sure every (or most users and services) enable it.

Of course this will never happen because it wouldn't just mess with the Chinese Great Firewall, it would also interfere with the NSA's work.

The Chinese authorities have made Google unattractive enough that it only has a 3% market share in China. Youtube is completely inaccessible in China. How "crucial" can it be?

Putting the cache under is a security risk for Google because of the cached content will operate under same (sub)domain rules. Just saying; there's no need to get so technical in the article.

Surely google china will be closed entirely. What a stupid idea! You don't Know China.

When I go to Google China, it's https by default. So did they change something in the past few days?

"But surely it's trivial for the chinese authorities to just block *.google.* altogether and suddenly you don't even have the option for using google or any of it's services."

Bingo. As I read this article, I was waiting for this question to be addressed, and it was never really answered to my satisfaction.

Saying "Google is too big and important to block" overlooks two key points:

1) the Party treats control over information as an issue of existential importance, and;

2) there are a number of viable "second-best" options for the Chinese internet user performing a search. Many Chinese friends of mine actually prefer Baidu.

So please explain to me: who is the constituency who would raise a hue and cry such that the Party--confronted with what it would perceive as an existential threat to its existence--would back down and unblock Google's main search page?

I am by no means arguing against efforts to circumvent, damage, or destroy the GFW. I find its existence appalling. But I'm also disturbed by articles such as this one, which present facile solutions to complicated problems, employing lazy logic and unsupported assumptions to cast companies such as Google (which seems at least to be TRYING to do the right thing) in the ill-fitting role of bad guy; or if not bad guy, then at least an enabler.

Was this article run by the advisory board? Given the level of subtlety and understanding on display in Rebecca MacKinnon's writings on the Chinese internet, I find it hard to believe that she would endorse this article's conclusions wholesale.

"existential threat to its existence"

redundancy win is redundant


The mess and the stink were not worth the trouble or the savings.
Not once did we take into consideration the cost of these dragons.
It comes in two forms: juvenile (usually found in ferrets under the
age of 14 months) and classic, which is usually found in middle aged and older ferrets.

Here is my web page - crimsonchilla

Hi, for all time i used to check web site posts here early in the morning, for the
reason that i love to find out more and more.

Check out my web site - agen bola

Thanks for sharing your thoughts about tarnally. Regards

Feel free to surf to my page origin ea

Hey there! I know this is kinda off topic however , I'd figured I'd ask.
Would you be interested in trading links or maybe guest authoring a blog article or vice-versa?
My website discusses a lot of the same topics as yours and I
feel we could greatly benefit from each
other. If you might be interested feel free to send
me an email. I look forward to hearing from you!
Terrific blog by the way!

Also visit my web blog - deer hunter 2014 cheats basis

inspired a lot from this post am following this blog regularly and found very good for bookmarking thanks admin
new year sms in hindi 2015
happy new year sms 2015
happy new year 2015 wallpapers
happy new year 2015 quotes
happy new year 2015
happy new year wishes 2015

How can you write a post about Google ending censorship when YouTube comments is so heavily censored? If you create a comment on the la clippers channel about matchfixing in sport, the comment gets blocked. Surely freedom of speech means being allowed to make any comment. Google/YouTube has actually made commenting highly censored and easier to manage by paid shills.

this post is awesome, great msg for us, plz update ur blog for daily basis, i am regular visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website
click here for msg movie

thanks for this post, keep it up for updating us, i am waiting for ur new article.
IPL 2015 Cricket live score
Harjinder Singh
thanks again

Hello to all, it's really a ice for me tto pay a visit this wweb page, it includes useful Information.

Look at my web blog: steam games

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.