The Great Firewall of China

China's Great Firewall is crude, slapdash, and surprisingly easy to breach. Here's why it's so effective anyway.

Illustration by John Ritter
Interview: "Penetrating the Great Firewall"
James Fallows explains how he was able to probe the taboo subject of Chinese Internet censorship.

Depending on how you look at it, the Chinese government's attempt to rein in the Internet is crude and slapdash or ingenious and well crafted. When American technologists write about the control system, they tend to emphasize its limits. When Chinese citizens discuss it—at least with me—they tend to emphasize its strength. All of them are right, which makes the government's approach to the Internet a nice proxy for its larger attempt to control people's daily lives.
Disappointingly, "Great Firewall" is not really the right term for the Chinese government's overall control strategy. China has indeed erected a firewall—a barrier to keep its Internet users from dealing easily with the outside world—but that is only one part of a larger, complex structure of monitoring and censorship. The official name for the entire approach, which is ostensibly a way to keep hackers and other rogue elements from harming Chinese Internet users, is the "Golden Shield Project." Since that term is too creepy to bear repeating, I'll use "the control system" for the overall strategy, which includes the "Great Firewall of China," or GFW, as the means of screening contact with other countries.
Breaking it:
A VPN, or virtual private network, is a faster, fancier, and more elegant way to achieve the same result. Essentially a VPN creates your own private, encrypted channel that runs alongside the normal Internet. From within China, a VPN connects you with an Internet server somewhere else. You pass your browsing and downloading requests to that American or Finnish or Japanese server, and it finds and sends back what you're looking for. The GFW doesn't stop you, because it can't read the encrypted messages you're sending. Every foreign business operating in China uses such a network. VPNs are freely advertised in China, so individuals can sign up, too. I use one that costs $40 per year. (An expat in China thinks: that's a little over a dime a day. A Chinese factory worker thinks: it's a week's take-home pay. Even for a young academic, it's a couple days' work.)
As a technical matter, China could crack down on the proxies and VPNs whenever it pleased. Today the policy is: if a message comes through that the surveillance system cannot read because it's encrypted, let's wave it on through! Obviously the system's behavior could be reversed. But everyone I spoke with said that China could simply not afford to crack down that way. "Every bank, every foreign manufacturing company, every retailer, every software vendor needs VPNs to exist," a Chinese professor told me. "They would have to shut down the next day if asked to send their commercial information through the regular Chinese Internet and the Great Firewall." Closing down the free, easy-to-use proxy servers would create a milder version of the same problem. Encrypted e-mail, too, passes through the GFW without scrutiny, and users of many Web-based mail systems can establish a secure session simply by typing "https:" rather than the usual "http:" in a site's address—for instance, To keep China in business, then, the government has to allow some exceptions to its control efforts—even knowing that many Chinese citizens will exploit the resulting loopholes.
Because the Chinese government can't plug every gap in the Great Firewall, many American observers have concluded that its larger efforts to control electronic discussion, and the democratization and grass-roots organizing it might nurture, are ultimately doomed. A recent item on an influential American tech Web site had the headline "Chinese National Firewall Isn't All That Effective." In October, Wired ran a story under the headline "The Great Firewall: China's Misguided—and Futile—Attempt to Control What Happens Online."
Let's not stop to discuss why the vision of democracy-through-communications-technology is so convincing to so many Americans. (Samizdat, fax machines, and the Voice of America eventually helped bring down the Soviet system. Therefore proxy servers and online chat rooms must erode the power of the Chinese state. Right?) Instead, let me emphasize how unconvincing this vision is to most people who deal with China's system of extensive, if imperfect, Internet controls.
Think again of the real importance of the Great Firewall. Does the Chinese government really care if a citizen can look up the Tiananmen Square entry on Wikipedia? Of course not. Anyone who wants that information will get it—by using a proxy server or VPN, by e-mailing to a friend overseas, even by looking at the surprisingly broad array of foreign magazines that arrive, uncensored, in Chinese public libraries.
What the government cares about is making the quest for information just enough of a nuisance that people generally won't bother. Most Chinese people, like most Americans, are interested mainly in their own country. All around them is more information about China and things Chinese than they could possibly take in. The newsstands are bulging with papers and countless glossy magazines. The bookstores are big, well stocked, and full of patrons, and so are the public libraries. Video stores, with pirated versions of anything. Lots of TV channels. And of course the Internet, where sites in Chinese and about China constantly proliferate. When this much is available inside the Great Firewall, why go to the expense and bother, or incur the possible risk, of trying to look outside?
Read more from