Make your website work in Mainland China – Part 1 – The Great Firewall

June 21, 2018

Here at Takehan, we have decades of experience building and growing online businesses in the Asia Pacific internet ecosystem. If there’s one thing we’ve learned over time its that China is different. When it comes to delivering a website, app, or any sort of internet bound service China requires far more planning and investment than any other market in the world today.

The internet is global by design. For most organizations, the infrastructure used to deliver a website in France is the same infrastructure used to deliver a website in Germany.  China however, has its own version of the internet. If your website, app, or business serves a mainland Chinese audience you need to understand the  differences between the internet you are used to v.s. the internet ecosystem in the People’s Republic of China. Here are 5  differences technology professionals need to plan for.

Note: When “China” is mentioned below I am referring to Mainland China. This excludes parts of “greater China” such Hong Kong and Macau.

The Great Firewall of China (GFoC)

The most famous of difference in Internet Infrastructure is “Project Golden Shield”, or what is colloquially known as the “Great Firewall of China” (GFoC).

The GFoC is China’s censorship apparatus. Its goal is to filter and block content and services from reaching the Chinese mainland that the government has deemed against its interests. Some examples being:

  • Foreign (non China) media websites such as the New York Times, CNN, The Guardian.
  • Foreign Social media platforms such as Twitter, Facebook or SnapChat.
  • Foreign messaging apps such as Skype, Facebook messenger, WhatsApp.
  • Gambling websites of any kind
  • Pornography websites of any kind
  • Wikipedia
  • Websites disparaging or satirizing government figures or sowing public discontent / unrest. This includes content related to the Dalai Lama, or Falun Gong.
  • In addition to the criteria above, any website which the censors employed by “Project Golden Shield” deem to be offensive.

Wikipedia has a more detailed list, of sites which are actively blocked, but it is far from exhaustive.

Although often described as a discrete network service, the GFoC is really a collection of technologies deployed by Chinese hosting providers, Major Chinese Tech companies, Telecom providers and the Government itself. Through these technologies the GFoC can:

  • block a website URL via DNS poisoning
  • Deny traffic to and from a port, IP address, or IP address range via TCP resets or simply dropping the traffic
  • Filter content by keywords in URL’s
  • Block or interrupt services to VPN’s
  • Intercept and block or monitor unencrypted communications and even some encrypted information via “Man in the middle” attacks

Interestingly GFoC blocking is not always black and white. In my experience working with various businesses in Asia Pacific – it’s common for some sites to be available during one time, and unavailable during others.  It’s also possible to be blocked in one region, and not another. Many online businesses make the mistake of running a few tests from mainland China and assuming if it works once, it works always. Nothing could be further from the truth.

It is also important to note that the GFoC’s methods of blocking are not obvious. At no time is a user in China presented with a dialog or message that a site has been blocked. It simply does not work. This is a very important distinction because to a user in Mainland China, a site or app simply fails to load. The perception will likely be that the site or service is broken, not that the GFoC has stopped it from working. In other words, potential users will likely blame you, not their Government or ISP.

To avoid being blocked by the GFoC ensure these basic precautions are taken:

  • Do not offer ANY content or service which the GFoC would find offensive. It may work temporarily, but if you gain any sort of audience or sizable traffic within China – they will find it, and it will be blocked! This is not an “if”, but a “when”.
  • Even if your site or product is absent of content the Chinese government finds offensive, certain words or content types can raise additional scrutiny. Any media, social media, or video content will be watched with extreme caution and possibly banned without warning.
  • Encrypt your entire site using TLS whenever possible. This reduces the chances of false positives, and typically speeds up most sites as encrypted content cannot undergo proxy filtering or deep packet inspection GFoC perimeters employ.
  • Avoid domains and URL’s which contain “unsafe” words related to banned content. This could include video, media or even seemingly harmless Chinese in-jokes like whinny the poo.
  • Apply for an ICP license. This is really the only way to ensure your content is allowed to be served within China. Technically ANY SITE without an ICP license can be banned at any time, without warning or explanation.

We hope this has been a useful summary of the “Great Firewall of China” and, its goals and how it works. For more information about the technical differences in the Chinese Internet read on in Part 2 – Hosting, ICP Licensing and Network Connectivity.