The Great Firewall (GFW) is China’s infamous internet censorship program, designed to prevent ordinary Chinese citizens from accessing international websites (the “open web”).
Ostensibly there to protect citizens from “corrupt” Western ideas and influences, the GFW exists primarily as a means for the Chinese Communist Party (CCP) to exert political and economic control over the country’s some 700 million internet users (approximately a quarter of all internet users on the planet).
Learn more about the Great Firewall and how it works
Although often patchy and far from infallible, the GFW is the most sophisticated, far-reaching, and effective censorship system ever created. No one has developed a way to consistently and reliably bypass it (although some solutions are at least partially effective some of the time).
Now, a leak of more than 100,000 documents(ventana nueva) shows that a little-known Chinese company called Geedge Networks has been exporting advanced GFW censorship technologies to authoritarian governments around the world, including Kazakhstan, Ethiopia, Pakistan, Myanmar, and another unknown country.
In addition to this, a job ad(ventana nueva) (in Mandarin) posted by Geedge Networks references China’s Belt and Road Initiative(ventana nueva) and seeks English speakers willing to travel to Pakistan, Malaysia, Bahrain, Algeria, and India — all regimes with histories of censoring the internet.
Notably, one of the co-founders of Geedge Networks is Fang Binxing(ventana nueva), a man famously dubbed “Father of the Great Firewall”.
The leaked documents
The documents are mainly in Chinese, but they have been analyzed by security researchers(ventana nueva) at InterSecLab in collaboration with several human rights and media organizations, including Amnesty International, Justice For Myanmar, Paper Trail Media, The Globe and Mail, and the Tor Project.
What they show is that Geedge Networks is offering authoritarian governments a sophisticated, easy-to-use, and easy-to-install mass censorship tool called Tiangou Secure Gateway (TSG) that can be readily deployed at scale in datacenters around a country.
This tool can analyze and filter all traffic that’s routed through it, giving censors in a country’s network the following capabilities:
- They can monitor and analyze unencrypted traffic and easily extract sensitive information, such as website content, passwords, and email attachments.
- Censors can also monitor traffic encrypted using HTTPS(ventana nueva) (which is most modern internet traffic) with deep packet inspection (DPI) techniques. This lets officials extract potentially damaging metadata, such as who is connecting to which website or service and when, although they cannot see the content of the data. Worryingly, the InterSecLab report notes that “government clients are able to look back at an internet user’s past activities to see if they have visited a website that is later blocked”.
- DPI can also usually determine whether additional encryption has been added to protect the data. This includes VPN protocols, such as WireGuard and OpenVPN, as well as other anti-censorship technologies, such as Tor and Psiphon(ventana nueva).
The documents make it clear that Geedge Networks maintains a list of VPN services and the known IP addresses of their servers, which its clients can flag connections to or block as they wish. And once VPN connections to unknown IP addresses are discovered using DPI, they can simply be added to the list.
Also referenced in the document is how some deployments use a “reputation score” tied to individuals that government officials can use to permit or limit access to certain online resources.
Data is sent back to China
The TSG system is managed remotely by Geedge Networks employees in China, which means that large volumes of potentially extremely sensitive data are sent to China in violation of data sovereignty(ventana nueva) principles (that data should be subject to the laws of the country where it was generated and collected).
Even more worrying is that this data is shared with students at Mesalab (Massive and Effective Stream Analysis), a research laboratory at the Chinese Academy of Sciences (CAS) that Geedge Networks has a close working relationship with. It uses the data provided by Geedge Networks to study internet censorship circumvention methods with the aim of obstructing them.
CAS is under the direct influence and oversight of the CCP(ventana nueva) through internal Party committees, Party leadership roles(ventana nueva) in its governance, ideology and conduct rules, and alignment with Party policy(ventana nueva). This means its work is closely tied to the state’s strategic goals and Party priorities.
State censorship as a commodity
Tiangou Secure Gateway and other technologies sold by Geedge Networks provide authoritarian regimes with a simple but highly effective way to spy on their citizens and restrict their access to international sources of information.
One leaked document shows that it’s now used in Myanmar to spy on some 81 million people, and as Amnesty International notes(ventana nueva) with regard to Pakistan, “Geedge Networks is a commercialized version of China’s ‘Great Firewall’, a comprehensive state censorship tool developed and deployed in China and now exported to other countries as well”.
While Geedge Networks is a private company, it should also be considered an important participant in CCP policy. The documents also show that it has a history of working with provincial Chinese governments, including that of Xinjiang, which performs extensive surveillance(ventana nueva) on its ethic minority Uyghur population. Factor in Geede Networks’ close working relationship with Mesalab at the CAS (which is directly overseen by the CCP), and it seems highly unlikely that Geedge would be permitted to sell technology viewed as critical to China’s national security without the CCP’s knowledge and, most likely, active cooperation.
The mass surveillance technologies peddled internationally by Geedge Networks only serves to further this China’s approach to the internet, which is to strictly police any dissident voices online. This growing censorship capability further threatens the free exchange of information and freedom of speech that the internet was founded upon.
