China is Blocking Circumvention Tools With Help of Cloud Service Providers

The Great Firewall of China. Image from Digital Trends.

The Great Firewall of China. Image from Digital Trends.

In their long-standing effort to eliminate the unauthorized use of online circumvention tools like proxy services and VPNs, Chinese state regulators have recently turned their attention to cloud storage providers for content delivery networks.

VPNs, web proxies and other such tools are often described together as “circumvention technologies” — tools that help Internet users get around obstacles in online networks. Obstacles could include various forms of targeted censorship, but also things like slow speed or technical malfunctions.

It has been estimated that about 1-3% of China's internet users are using circumvention tool to visit overseas websites. Currently there are more than 650 million internet users in China, which means at least a few millions have access to the open Internet.

Content delivery networks (CDNs) are third-party servers that deliver content to end-users with a certain guarantee of high availability and high performance. Although they are relatively invisible for most regular Internet users, CDNs play a key role in ensuring smooth flows of online traffic, particularly when it comes to large files.

It appears that Chinese regulatory authorities are now actively asking these middle men to aid in this effort. In response to recent pressure from Chinese regulatory authorities, Microsoft Azure China, which provides cloud storage for leading CDNs, issued a letter to its clients recommending that they remove all illegal circumvention, proxy and VPN services hosted on their server.

The letter circulated on Twitter and tech blogs read:

According to the telecom regulations and the requirement of MIIT and Internet supervision agency, no company or individual can provide hosting service for illegal “over the wall” proxy sites, or illegally mount any VPN service to abroad. Recently, the regulators have found several Windows Azure customers violated the related regulations and demanded immediate shut-down of the service deployment.

We will continuously receive notification from the regulators to close such sites or shut down service deployment. In order to avoid unnecessary risks and losses, we recommend that you conduct self-examination and rectification immediately. In case you have involved in any above illegal behaviors, please stop immediately. Otherwise, you would assume all the consequences of such violation.

The effort to remove circumvention tools from the offerings of local content providers may be a response to efforts by researchers of China’s censorship system, who some years ago sought to deploy a “collateral freedom” strategy in which they proposed that the world's leading CDNs serve as hosts to proxy and circumvention services. This made it difficult for censors to block the services without disrupting entire networks and bringing economic consequences.

Thus far, the Chinese government has made several attempts to block circumvention tools hosted on CDNs. In one prominent example, the targeted DNS poisoning of the project resulted in the blocking of thousands of sites.

Azure China has been one of the major platforms for hosting circumvention proxy and VPN service. Most of these circumvention services are not politically motivated but rather geared towards expediting the streaming of foreign online games and television network programs. The letter suggests that, instead of detecting and blocking circumvention servers, the Chinese censor is adopting another strategy to press service providers to remove illegal circumvention services.

Since January 2015, the services of multiple VPN providers, including Astrill and StrongVPN, have been blocked. In response to the blockage, Fang Binxing, the father of China's so-called Great Firewall, suggested that companies running VPN businesses in China should register with the Ministry of Industry and Information Technology (MIIT). A top official from MIIT also said foreign sites must abide by Chinese laws and that the “new method” must be introduced to tackle the problem. The “new method” is a system intended to govern the registration and inspection of Internet software and hardware providers for security purposes.

Under the 2015 amendment of the Criminal Law that took effect on November 1 2015, newly stipulations regarding failure to implement information security, the illegal use of Internet, and assisting with committing an Internet crime have provided legal grounds for prosecuting unauthorized circumvention tool developers, circumvention service providers, as well as circumvention service hosting providers.

Even before the amendment was passed, circumvention tool developers were forced by police to withdraw their source code from GitHub. The platform was later attacked by the Great Cannon for hosting the Great Fire project. The attacks have been viewed as an aggressive turn in China's censorship practices.

Two weeks after the the criminal law amendment passed and one week after the November attacks in Paris, mobile service providers shut down the mobile service of residents in the ethnic minority region of Xinjiang, many of whom use VPNs on their mobile phones. Their services could only be reactivated after they reported themselves to the police.

The Azure China letter indicates that service providers are now actively responding authorities’ requests. As the draft Cyber Security Law, which will further rationalize censorship and surveillance practice, is set to pass later this year, foreign service providers may be compelled to take more proactive measures to assist authorities in tracking down their customers’ personal details. Indeed, this may become yet another price one pays upon entering the Chinese market.


Join the conversation

Authors, please log in »


  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.