Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Mon, Jun 03, 2013

China's Internet: Now a giant invisible cage

Our story last Friday about new Sina Weibo censorship tactics has attracted a lot of attention. In this story we ask the harder questions: Why would Sina start testing new censorship tactics at this time and what prompted this action?


In summary, Sina's new censorship controls will:

  • mitigate user criticism of Sina's censorship policy
  • block information without exposing the importance attached to the information by the authorities through the mere act of censorship
  • block information in a way where users will likely not actively try to get around the block because they won't know it exists
  • create an image of Sina Weibo (and perhaps the Chinese Internet) as an open and welcoming forum with little censorship and bucketfuls of freedom of speech

Zhu Ling

It looks like the authorities finally learned their lesson after blocking information about the Thallium poisoning case of Zhu Ling. The censorship of this case is extremely interesting as the original incident took place in 1994. It aroused interest again after news about a recent poisoning incident at Fudan University. Strangely, authorities began to delete news articles posted on major Chinese media and blocked searches on Weibo and Google. This act of censorship actually creating more outcry than the case itself. Many Weibo users believed that the authorities were covering up discussion about the issue to protect the suspect, who comes from a family that has held senior posts in the government. After all, why would the authorities censor discussion about a 1990s murder case?

Wikipedia drops the ball on China - not too late to make amends

What happened?

From October 2011, Wikipedia started to fully support HTTPS connections on all language versions. This meant that for the Chinese language Wikipedia, the Great Firewall of China (GFW) could not selectively block sensitive content. This also meant that hundreds of articles that are blocked on the HTTP version of Wikipedia, were freely accessible to Chinese internet users if they simply added an ‘S’ behind HTTP.

On May 31, 2013, GFW began to block the encrypted version of Wikipedia through port blocking. HTTPS connections are usually established on port 443 while HTTP connections are on port 80. GFW only blocks Wikipedia’s IP on port 443.

All language versions of the encrypted version of Wikipedia are also blocked. See the testing data on our system for Chinese WikipediaEnglish Wikipedia and Wikipedia.

Consequence of the block

The HTTPS version of Wikipedia is blocked while the HTTP version is not. This method forces users inChina to use the unencrypted HTTP version, which is subject to keyword filtering; hundreds of articles are blocked including articles on Tiananmen Square protests.


It surprises us that GFW took one and a half years to respond to the support of HTTPS on Wikipedia. One explanation of the slow reaction is that Wikipedia by default uses HTTP and only a minority of visitors to the site would use HTTPS.

Fri, May 31, 2013

Sina testing subtle censorship ahead of Tiananmen anniversary

What happened?

On May 31, 2013 at 7am, we observed that searching for keywords that are normally blocked, for example, “六四事件” (June 4th incident), surprisingly returned some results and no censorship notice. This temporary lift of censorship ended at 9am but started and stopped a few more times into early afternoon, as if literally somebody was flipping a switch on and off at Sina headquarters.

Update on June 2: Sina is still constatnly swtiching between those two method.

Update on June 8: From June 3-4th and onwards, Sina Weibo seems to switch back to explicit compelte block for those keywords.

Change in Tact

To understand what is happening you need to be familiar with Sina’s various censorship methods. We observed and reported last year that Sina had implemented new tactics to censor particular keyword searches. Just days before the June 4th anniversary, Sina is again tweaking its censorship mechanisms. During the morning hours of May 31, Sina completely abandoned its old style, explicit approach to censorship, which displayed a message but no search results:

“According to relevant laws, regulations and policies, search results for [the blocked keyword] can not be displayed.”

No, Sina has not suddenly decided to fully support freedom of speech. On the contrary, it would appear that Sina is using more advanced and subtler methods to censor search results. All keywords mentioned below are normally explicitly and completely blocked. But each behaved a little bit differently on the morning of May 31.

Sat, May 18, 2013





• 危害国家安全,泄露国家秘密,颠覆国家政权,破坏国家统一的;
• 损害国家荣誉和利益的;
• …....
• 含有法律、行政法规禁止的其他内容的信息。
腾讯公司有权依法停止传输任何前述内容,并有权依其自行判断对违反本条款的任何人士采取适当的法律行动, 包括但不限于…并且依据法律法规保存有关信息并向有关部门报告等.

• 地理位置信息:你的地理位置信息短期内会被我们的服务器储存。如果你提出删除要求,我们会人工删除你的地理位置信息。

• 手机通讯录信息:...你的手机通讯录会加密保存在由腾讯管理的服务器上。储存的信息会和你的微信帐号相关联。...



Sat, Apr 20, 2013

Internet dissidents in China

Retweet this! Arrests and online censorship in China.

Please find below a list of Chinese who are or have been imprisoned in China often for “inciting subversion of state power” using the internet as a means of information dissemination. In many cases, the internet properties which these activists were using were complicit in police investigations and provided full access to these accounts. Wikipedia has an excellent list of all dissidents in China which is surprisingly not blocked by the great firewall (even in Chinese!) at the time of publication. Much of the information which follows was gathered from that list.

Wed, Jan 30, 2013

China, GitHub and the man-in-the-middle

What happened?

At around 8pm, on January 26, reports appeared on Weibo and Twitter that users in China trying to access were getting warning messages about invalid SSL certificates. The evidence, listed further down in this post, indicates that this was caused by a man-in-the-middle attack.

What is a man-in-the-middle-attack?

Wikipedia defines a man-in-the-middle-attack in the following way:

The man-in-the-middle a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

We go into detail about what happened later in this post, but first we will explore why we think this happened.


At the time of writing, there are 5,103,522 repositories of data on GitHub and as many possible theories as to why the Chinese authorities want to block or interfere with access. We will focus on one of these theories however please note that this is pure speculation on our part.

On January 25, the day before the man-in-the-middle attack, the following petition was created on

People who help internet censorship, builders of Great Firewall in China for example, should be denied entry to the U.S.

Wed, Jan 23, 2013

GitHub blocked in China - how it happened, how to get around it, and where it will take us

What happened?

Update: On January 23, was unblocked again.

On January 18, or possibly the day before (though our test data doesn’t cover this), the Great Firewall began to reset connections containing “*”. As a result, code sharing projects hosted on a subdomain of GitHub, such as, were blocked in China. The main GitHub website was mostly unaffected, for two reasons. Firstly, it’s hosted on, without a subdomain. Secondly, it serves encrypted content only, thus preventing the Great Firewall from resetting connections based on keywords.

A day later, the block was extended through the inclusion of, without subdomains, in the list of keywords causing connections to be reset. Chinese users could still access GitHub as long as they manually typed in in their browser (notice the https). Strangely the host was DNS poisoned, but not any other hosts. The www subdomain is not used by GitHub.

On January 21, DNS poisoning was extended to all hosts including the root domain as well as all its subdomains. In effect, all of GitHub was blocked in China.

Interestingly, the blocking of GitHub has seemingly not been censored on social media. The keyword “github” has not been blocked on Sina Weibo, and we have not detected any deleted posts containing “github” on FreeWeibo.

For further information on how the blocking was introduced, including data references, see the Timeline at the end of this article.

Wed, Jan 09, 2013

The Real Reasons Behind Google's China Censorship Kowtow

On January 4 we broke the story about Google backing down on their online censorship position in China. Sometime between December 5 and December 8 last year, Google decided to remove a feature which had previously informed users from China of censored keywords. At the same time, they deleted the help article which explained how to use the feature, indicating a new development in the relationship between the Chinese government and Google.

Our original article warrants further elaboration and analysis and we also felt it necessary to address some issues raised by the media who reported on this story.

Is this about making Google shareholders happy?

Is this just another China growth story? This could be the simplest answer as to why Google would make such a change and it would have been hastened by the Chinese government’s decision to block Google for one day last November.