GFW or the Great Firewall of the China is the subject of this article. As you might guess we will discuss the basics you need to understand of how it works. After reading this you should be able have a discussion about the GFW. Aside you will be able to continue a deeper research on how to avoid colliding with it head on.
Update: June 8, 2021
How do you know about this GFW thing?
If you are from the western world or anywhere but china mainland. Likes are that you never dealt much with anything similar to the GFW. Well unless your employer wanted to block social media or something like that. Saving the differences.
I as a “young and naive” engineer moved to China. Then the firs thing I did at landing time was try to message my family and friends using a regular western Social media App. To my surprise It was “not possible”. Then after a day or two I figured it out. The Chinese Governement created this BEAST they call the GFW (The great firewall of China), the job of this “machine” is to block stuff that they do not want Chinese people to access.
What is blocked by the Chinese GFW?
Well, if you had the control freak boss trying to get you not to use FB during work. You know more or less what the GFW is, it differs from the the regular little bit controlling employers wanting to block some website(s). Meaning that I later learned many things about how the Chinese networks and internet policies work. In fact it has the full power and resources of the Chinese government behind. There are researchers and security engineers working full-time, has current AI algorithms to adapt and figure out where people are going why and make decisions on the fly. Finally not to make it too long it’s a sophisticated machine.
What is blocked by the GFW?
A few million websites, but more most known include the following; Facebook, Google, Twitter, Youtube, Netflix, ALL The biggest international newspapers in the world that are not controlled and protected by the Chinese government. This includes part of our cloud storage, file sharing and collaboration systems and more even when we are no youtube and well OOOH!!! SO MUCH MORE…
To be clear in this article, I would like to explain how Chinese Mainland is controlling their Internet. As I would call it, Chinese Mainland is running a “Mainland Intranet” which is protected by The Great Firewall of China (GFW).
At Sesame Disk / Nihao Cloud we have had a long history of dealing with this “Beast” called the GFW. Give us a try.
Mini Office Firewall
We can compare this with your office or home where your router protects your computers. Meaning the router has local “Parental” like settings that gives access to the Internet. Aside it also controls or blocks websites with possible harmful content for your kids. At least that’s how some companies block Facebook during office hours as well.
Bigger Router- Bigger Wall
The GFW works similar but on a much larger scale. Instead of just dealing with your small office, the GFW is filtering much of the traffic going in and out of Chinese Mainland.
here I will explain how Internet Traffic works in a short and simple way. By the way you don’t need to be a geek to understand it :).
Understanding Internet Traffic Rules.
Question like. So how does an actual E-Mail gets sent or received over the Internet? Furthermore, how can we browse websites or stream movies?
What happens is more or less the following. First when you request a site or service or movie to load; the data to travel fast back and forth it has to follow Internet traffic rules. Second, using these rules all the data gets divided then sent and delivered in “little” IP packets. Where IP is like a packaging mechanism for internet communications. For instance, lets imagine we want to look at a funny cat video on Youtube. Right away we click to load the video. Internally Youtube server dissembles that video into thousands of little packets and sends it to your laptop, PC or mobile. Then these packets get reassembled back into a video again. This happens very fast, that is why you normally do not notice.
All you need to know from this, that all Internet Traffic travels in little packets.
So how did Youtube know where to send those little packets? On the Internet every destination: computer, website or cellphone has to have an IP Address to send and receive data on the Internet. Google for “my IP” and you can see your own IP address. IP addresses are a bunch of numbers because computers can then convert them into 1’s and 0’s but we need domain names so we can memorise it.
Otherwise, instead of sesamedisk.com, you would see 184.108.40.206. Not the most memorable web address right?
Whats is DNS?
For the “Internet” to understand those Domains names, we have Domain Name Service (DNS). DNS servers translate domain names back into an IP addresses.
Meaning (sesamedisk.com → 220.127.116.11). There are thousands of those DNS Servers that translate Domain Names into IP Addresses. How it works internally is not that important now.
OK, enough of dry and boring theory and back to how does the Great Firewall of China and how it works.
The first and most efficient way to block websites is by DNS spoofing or “Domain name system poisoning”.
So let’s go back to our cat video. When we type youtube.com on the browser, DNS Server receives a request to check what youtube.com means and send you to the right IP address. This process happens to any Internet communication like web browsing etc.
Now, DNS requests for websites outside of Chinese Mainland will be taken to a Deep Package Inspection (DPI) by the GFW. This means, that each little IP Package will be opened and checked for the content like a customs control.
If any pattern found in that Package matches unwanted content, domains like the list of services provided before. Then the GFW returns a bogus IP Address and therefore the Website will not open.
That’s why if you are in China and try to reach Youtube.com you will receive this website:
What they do in many cases is that they take your request for let say nihaocloud.com and resend it to another IP that is also in their list of DNS poisoning like Facebook, then the FB site tells you that this nihaocloud.com is not there.
This is a very simplified way to explain it, but it has the basics.
VPN & Encrypted Traffic
Even though GFW knows that this traffic is encrypted but it can only can guess what is inside. Here lies one of the biggest opportunity to get the traffic across the GFW. Now, GFW is UNCERTAIN, whether this is a simple Youtube access which can be blocked, or this is the most important connection for the financial transactions where by cutting this connection could cause huge damage to the economy. Sometimes they get happy trigger and just block much of what is encrypted, but then they have to relax it afterwards for the economy. This tends to happen when there are protests, commemorations of historical events that are not to be talked about in China, etc.
In other words you need an encryption that is good enough not to be penetrated by current algorithms, as the GFW has deep inspection algorithms. Uses AI to “guess” what is inside packages, etc.
UNCERTAINTY- that’s the biggest headache for the GFW.
The keyword here is “Collateral Damage” which could be caused by blocking encrypted packets. This Collateral Damage has to be kept to a minimum.
- understand collateral damage as the term invented by the Americans to describe questionable things that happened under their watch in the Middle East.
So what is the GFW is doing with this?
As we can imagine the staff behind the GFW are not stupid and came up with an “Active Probing” mechanism. The GFW is now looking for the encrypted traffic and guessing the encryption / VPN Protocols.
Then a Probing Servers at GFW takes encrypted packets and forwards the Package to the receiver then waits for the reply. From those replies, the GFW can decide what to do with that Package, drop it or let it go through. This decisions are sometimes evaluated with historical data, response data, volumes and many other metrics. Later on all the data is taken and analyzed in some cases by an AI algorithm that decides what is to be done ultimately.
So to sum it up the GFW is working in 2 ways:
One more interesting thing to know is that different networks in Chinese Mainland are running through different filtering. While public Networks like China Unicom or Telecom have strongest filters, Networks for Universities (eg the CERNet – China Education and Research Network) is filtered less harshly.
We should keep in mind that the GFW is a very dynamic Beast. It is always trying to find the optimal balance between Collateral Damage and efficiently blocking the Internet. So some Services can be blocked today, but not tomorrow and again blocked the day after.
Those who live in Chinese Mainland know that during big public events or holidays the GFW is controlling much tougher than usual. Also, the GFW is learning and being constantly developed and improved. So what we understand today might change tomorrow. The Chinese Government invests on it as if their lives dependents on it. At the end… Who knows?
All we know can be found by research and testing but nobody will explain how it really works. I would also like to mention that this article is not only based on our accumulated years IT experience in Chinese Mainland but also on a Research, presented at the annual Conference of the CCC –Chaos Computer Club Hamburg.
So there will be always a battle between the GFW and VPN Providers and there will always be the problem of Collateral Damage and nobody wants to hurt the economy. Notice that is valid to mention that the GFW has also created an alternative economy that grows year after year.
The GFW is well prepared and will always be as far as the Chinese government is concerned. Also, do not forget that Chinese Mainland also has placed legal notices to fight this battle offline.
UPDATE: Sesame Disk / NiHao Cloud was interviewed by BBC Business daily, about China’s Internet Privacy Clampdown. You can listen to the full episode here.
3 replies on “GFW; How does it work?”
[…] UPDATE: This article is outdated. The new version is on our NEW website here. […]
[…] as the government of china considers having it ilegal in many cases, check out our post about the GFW. Therefore we aim to create a service that is NOT blocked in China or anywhere […]
[…] The Great Firewall of China is an example of DNS poisoning on a very large scale. One of the primary methods of query filtering that the GFW relies on is DNS response poisoning. When a query is poisoned by the GFW, the infected result is returned. This is applied to the caches as well. […]