Look Ma! I can see through the great firewall!

Today we have decided to take the battle against online censorship in China to a new level.

On Friday, November 15, we broke the news that the websites for Reuters Chinese and Chinese Wall Street Journal were both blocked in China. Tests on our servers confirmed those blocks. 

It appears that the block is related to the New York Times story published on November 14 concerning the relationship between JPMorgan Chase and Lily Chang (also known as Wen Ruchun), the daughter of former Chinese prime minister Wen Jiabao.

Reuters Chinese published news about the story on November 14, which is probably the reason the site was blocked.

In response to this block, we have just launched a mirror site for Reuters China, which is accessible here:


This website is accessible from within China without the use of any circumvention tools. 

PLEASE NOTE: We have created this mirror website without seeking the approval of Reuters ahead of time. This mirror website was created without Reuters’ knowledge. If Reuters ask us to remove this website, we will do so immediately.

We have already used this method or mirroring for our own blocked website, FreeWeibo.com:


FreeWeibo shows weibo content that has been blocked by Sina and the Chinese government. Our official domain has long been blocked in China. Despite the block, we still have more than 15,000 visitors each day, a majority of which are using Internet circumvention software to get around the great firewall (GFW) of China.

We want to provide internet users in China with unrestricted information access. Internet circumvention software is for the most part stable in China but one needs to have some technical savvy for configuration.

With our new mirror sites, the GFW cannot block FreeWeibo.com any longer without causing significant collateral damage which would also cause significant economic fallout in China.

Our mirror sites are unique because rather than using our own domains, we use a subpath of Amazon and Google’s domains which support HTTPS access. This means that GFW cannot block our mirror websites without blocking the domain of Amazon or Google entirely, namely “s3.amazonaws.com” and “commondatastorage.googleapis.com”.

GFW might indeed go ahead and block these domains but it would risk considerable negative backlash and may cause problems economically for organizations within China that rely on these services. In January 2013, China blocked Github supposedly for having sensitive content. But the block created a fierce outcry in the Chinese developer community. Subsequently, the authorities backed down and stopped blocking the domain.

Our mirror site is not perfect! There are a few minor bugs in what we have created. However, we wanted to quickly put this together so that we could fire a shot across the bow of the Chinese censorship mothership.

The reason why we chose to mirror the Reuters Chinese web site was to show the authorities and Chinese internet users that there are holes in the great firewall. To plug this hole, the Chinese authorities have two options. They can block the Amazon and Google domains, thereby bringing down thousands of websites in China that rely on these web services. This will bring the issue of online censorship to a very large group of people in China. The other option is to force Amazon or Google to remove our sites willingly.  We have previously reported that Apple willingly remove OpenDoor, an Internet circumvention tool, from the China App store and this week there were reports about self-censorship at Bloomberg.  We hope Amazon or Google will not practice the same kind of self-censorship.

There is a third option. Mr. Xi Jinping, we hope you are listening. Just let this episode slide. Pretend it did not happen. Do nothing to stop this. Or, better yet, lift the block on these two websites and the hundreds of others. Do it in one swift movement. You will catch everybody off guard. And you will create your own lasting legacy as a true reformer.

We have participated in OpenITP’s report “Collateral Freedom: A Snapshot of Chinese Users Circumventing Censorship” and we fully agree with their conclusion:

The essence of the Internet freedom debate in China is segmentation, not blocking. When crucial business activity is inseparable from Internet freedom, the prospects for Internet freedom improve.


But, we would argue, a healthier response might move in the opposite direction, toward even greater integration between Internet freedom and business. Rather than working with particular online platforms, which may be individually vulnerable to censorship, the best long term answer might be to move anti-censorship deeper into the network infrastructure, incorporating it within the systems that large network operators use to exchange their traffic. Ideally, we might aim for a situation in which secure web access generally (rather than access to any particular platform) is inseparable from Internet freedom.





More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Sep 24, 2015

Apple blocked CNNIC CA months after MITM attacks

In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center (CNNIC). CNNIC was controlled by the Chinese government through the Ministry of Industry and Information Technology and is now under the management of the Cyberspace Administration of China (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.

Wed, Sep 23, 2015

Malicious Xcode could spread via download manager Xunlei

What’s at stake?

We reported last week that popular Chinese iOS apps were compromised in an unprecedented malware attack. We discovered that the source of the infection was compromised copies of Xcode hosted on Baidu Pan. Apple has published an article urging developers to download Xcode directly from the Mac App Store, or from the Apple Developer website and validate signatures. We’ve now discovered that even if a developer uses a download link seemingly from Apple, he might still be possible to obtain a compromised copy of Xcode.

Please note that we do not have evidence that such attacks has happened. But it is an easy attack that anyone can implement.

How does it work?

This compromise happened because of Xunlei. Xunlei is the most popular download manager in China. Much of its popularity is due to the fact they can accelerate download speeds by pulling resources from other Xunlei users as well as cached copies on the Xunlei server. All of this, however, is invisible to users. Users can simply enter a regular http download address into Xunlei  download manager and the download will start. Chinese developers were using direct download addresses such as http://adcdownload.apple.com/Developer_Tools/Xcode_7/Xcode_7.dmg to download Xcode.

Mon, Sep 21, 2015



Sat, Sep 19, 2015

Popular Chinese iOS apps compromised in unprecedented malware attack

What happened?

According to recent reports, some versions of Xcode used by developers in China have been compromised and are being used to inject tracking codes in iOS apps without developer knowledge. (1,2). Unaware of the injection, those developers then released their compromised iOS apps to the App Store which were then later approved by Apple. At the time of writing this post, the compromised apps are still available in the App store. Any user who has installed and launched these compromised apps will be a victim of these tracking codes.

This is a significant compromise of Apple’s app store. Apple notoriously manually reviews all app submissions and, in comparison to Android stores, has been relatively malware-free. This is the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world.

The compromised version of Xcode was hosted on Baidu Pan. It is unlikely that Baidu was aware of the compromised version of Xcode. The company removed the files yesterday when news of the compromise surfaced. Because of slow download speeds from foreign websites in China, many Chinese developers prefer to download apps from domestic websites. Many Chinese also use download software like Xunlei, rather than downloading directly from the official Mac App Store.

According to users reports, many prominent Chinese apps are affected. We have included links to the compromised apps in the list below but DO NOT DOWNLOAD these apps. We are simply linking to them so that users can recognize the apps. Affected apps include:  

Wechat The most popolar messaging app in China 

Wed, Sep 16, 2015


英文原文来自 https://blog.torproject.org/blog/learning-more-about-gfws-active-probing...

Roya, David, Nick, nweaver, Vern, 和我刚刚完成了关于GFW主动探测系统的研究。这个系统在几年前就被用来探测翻墙工具,比如Tor。我们在之前的博文中介绍过GFW主动探测系统是如何工作的。但有几个问题我们没有回答。比如这个系统的物理结构是怎样的。那些用来主动探测的IP是归GFW所有的么? 有猜测GFW短时间内劫持了部分IP来用来主动探测,但没有证据。这次研究回答了这些问题。


  • 通常来说,如果Tor的某个网桥代理被GFW检测并封锁,它会一直被封锁。但是这意味着网桥代理完全无法访问吗? 我们让中国的VPS一直连接我们控制的网桥代理。我们发现,每25小时,中国的VPS可以短暂的连接到我们的代理网桥。下图显示了这个现象。每个数据点表示中国的VPS试图与网桥代理建立连接。中国联通和中国教育网都有这个周期性现象。有时候,网络安全设备在更新规则时会默认允许所有流量,但我们不知道GFW周期性现象是不是因为这个原因导致的。

  • 我们找到了规律,GFW主动探测的TCP头暗示那几千个IP都来自与同一个地方。下图显示了数据包的初始序号和时间。每个数据点都是一个主动探测连接。如果每个主动探测都是从不同地方发出的,我们应该看到随机的数据点,因为数据包的初始序号是随机选择的。但是下图显示主动探测连接虽然来自不同IP,但是非常有规律。我们认为主动探测的初始序号是按照时间产生的。


Subscribe to our blog using RSS.






Significant economic fallout ? Wow, who told you that? Given the current circumstances, any one who cares about reliability in mainland china will choose not to use AWS or GCS, for the exact reason of not taking the risk that these will be blocked.
I think what you are doing is not helping but instead another reason for GFW to block these services. Google and Amazon would suffer more.

You can also make a downloadable offline mirror version of any website. I don't think GFW can really monitor what you have on your computer!

do you mind to share how do u mirrors the websites using amazon/google?
Appreciate your reply!

I think this is one of the most important information foor me.
And i am glad reading your article. But wana remark on some general things,
The website style is great, the articles iss really excellent : D.
Good job, cheers

Loook at my web blog dietaparadiabeticos.es

Many people have misconceptions about beauty, fed mostly by media images. This isn't a good idea because these people aren't realistic at all. You need to figure out what beauty is to you. This article can help you with some smart beauty tips.

WOW just what I was searching for. Came here by searching for Banquet
Halls St. Joseph Mo

Feel free to visit my web page missourideejay.com

There's definately a great deal to learn about this topic. I really like all the points you have made.

My blog post :: American Business and Technology University Complaints

Good day! I could have sworn I've been to this website before but after
reading through some of the post I realized it's new to me.

Nonetheless, I'm definitely happy I found it and I'll be
bookmarking and checking back often!

Also visit my blog post ... engine optimization seo

inspired a lot from this post am following this blog regularly and found very good for bookmarking thanks admin
new year sms in hindi 2015
happy new year sms 2015
happy new year 2015 wallpapers
happy new year 2015 quotes
happy new year 2015
happy new year wishes 2015

Upon pressing the lower reset button, the large sweep
second hand and mini registers will go back to their original positions with the
former on the reset position and the latter indicating zero.

Today you can play a number of these game consoles' games
on the Wii Virtual Console, and also as part
of SEGA compilation packs such as the SEGA Genesis Collection on
the Play - Station Portable. Yes Bankruptcy Lawyer Charlotte and
Bankruptcy Lawyer Daytona are a right answer for you.

Review my blog :: daytona 500 live streaming

Have you ever thought about including a little bit more than just
your articles? I mean, what you say is important
and everything. However just imagine if you added some great photos
or videos to give your posts more, "pop"! Your content is
excellent but with images and videos, this site could undeniably be
one of the greatest in its field. Amazing blog!

My weblog: counterstrike global offensive hack

With the install complete you should now be looking at the Piriform CCleaner Application box.
It is also way for the consumer to know which is a good product
and what are definitely the things other users say and have
experienced using the certain registry cleaner software.
Moreover, the fragmented registry keys, embedded keys that are generated
and also the malware programs, traces of faulty uninstallation - pretty much all these make
the registry size broad as well.

Also visit my blog :: Ccleaner Pro Key

When someone writes an piece of writing he/she maintains the image of
a user in his/her mind that how a user can be aware of it.
So that's why this piece of writing is perfect. Thanks!

this post is awesome, great msg for us, plz update ur blog for daily basis, i am regular visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website
click here for msg movie

thanks for this post, keep it up for updating us, i am waiting for ur new article.
IPL 2015 Cricket live score
Harjinder Singh
thanks again

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.