Inside China’s Great Firewall with Jackson Sippe - Software Engineering Daily Recap

Podcast: Software Engineering Daily

Published: 2026-02-19

Duration: 58 min

Summary

In this episode, Jackson Sip discusses China's Great Firewall (GFW), a complex censorship system that limits citizens' access to global internet content and evolves to counteract circumvention efforts. He shares insights from his research on the GFW's techniques and implications for internet freedom.

What Happened

Jackson Sip, a PhD researcher at the University of Colorado Boulder, joins host Gregor Van to explore the intricacies of China's Great Firewall (GFW). The GFW is an extensive censorship mechanism designed to filter and restrict access to the internet for Chinese citizens. Jackson explains that the GFW employs various techniques to monitor and block different internet protocols, affecting everything from DNS to TLS traffic. He highlights the Great Cannon, a lesser-known tool used in 2015 to launch a massive denial-of-service attack on GitHub, which exemplifies the GFW's aggressive tactics against non-compliant services.

The discussion shifts to the challenges of researching the GFW, particularly the logistical difficulties in obtaining access to vantage points within China to observe censorship in action. Jackson notes that researchers often lack the necessary insights into the GFW's operations because it functions as a black box, making it hard to ascertain the true nature of the censorship. He emphasizes the importance of understanding how the GFW impacts citizens' attempts to access information abroad, as many are motivated to circumvent these restrictions using proxies and VPNs. This leads to a cat-and-mouse game between censorship technologies and circumvention efforts, with the GFW continually adapting to block newly developed protocols and tools.

The conversation also touches on a significant incident in November 2021 when the GFW deployed a new technique to detect and block fully encrypted protocols. This development sparked a wave of research into how proxy developers could create less detectable connections. Jackson explains that developers attempted to mimic legitimate traffic to evade detection, which required a deep understanding of how the GFW identifies and blocks various internet protocols. This evolving landscape presents ongoing challenges for researchers, developers, and policymakers interested in promoting an open internet.

Key Insights

• The Great Firewall is a sophisticated censorship system affecting over a billion people in China.
• The GFW uses various techniques to detect and block encrypted protocols, complicating circumvention efforts.
• Researching the GFW poses significant challenges due to limited access and the opaque nature of the censorship system.
• The cat-and-mouse dynamic between censorship technologies and circumvention strategies continues to evolve.

Key Questions Answered

What is China's Great Firewall?

China's Great Firewall (GFW) is a complex censorship mechanism that filters citizens' access to the global internet. As described by Jackson Sip, it employs a variety of techniques across different protocols, including DNS and TLS traffic, to restrict information deemed undesirable by the Chinese government. This system impacts how citizens within China interact with online content and services, effectively shaping their digital landscape. The GFW serves as a critical tool for the Chinese Communist Party (CCP) to control the flow of information and maintain social stability. Jackson highlights that the GFW has evolved over time, adapting to new technologies and circumvention methods that citizens attempt to use to bypass restrictions.

How does the Great Firewall detect and block traffic?

The Great Firewall employs various detection techniques to identify and block traffic that it deems undesirable. Jackson Sip explains that one approach involves monitoring encrypted protocols and attempting to identify traffic patterns that indicate the use of proxies or VPNs. By analyzing the characteristics of this traffic, the GFW can apply blocking measures to prevent users from accessing restricted content. Additionally, Jackson points out that proxy developers have had to innovate to avoid detection by mimicking legitimate traffic. This includes making their protocols appear similar to standard TLS traffic to evade the GFW's monitoring capabilities. However, as the GFW continues to adapt, it remains a challenging environment for developers aiming to maintain access to the open internet.

What are some notable incidents involving the Great Firewall?

One significant incident discussed in the podcast was the Great Cannon attack on GitHub in 2015. Jackson Sip describes how the GFW used a technique to inject JavaScript requests into HTTP traffic, effectively creating the largest denial-of-service attack directed at GitHub. This was a response to GitHub's role in enabling proxy services that allowed users to circumvent the GFW's censorship. This incident illustrates the lengths to which the Chinese government will go to enforce compliance with its censorship laws and highlights the evolving tactics employed by the GFW to maintain control over internet access.

What challenges do researchers face when studying the GFW?

Researchers like Jackson Sip encounter several challenges when studying the Great Firewall. One of the primary difficulties is gaining access to vantage points within China to observe the censorship in action. Since the GFW operates as a black box, researchers often lack the necessary context to understand the intricacies of its operations fully. Moreover, Jackson emphasizes that without being part of the Chinese government or the CCP, it is challenging to determine the ground truth of what is being blocked. This leads to a reliance on experimental methods to ascertain whether observed phenomena are indeed the result of GFW actions or merely artifacts of the network.

How has the GFW evolved from 2021 to 2023?

The evolution of the Great Firewall from 2021 to 2023 has been marked by the introduction of new techniques for detecting and blocking encrypted protocols. Jackson Sip highlights a particular incident in November 2021 when the GFW deployed a new method to counteract fully encrypted traffic, which sparked renewed interest and research into proxy circumvention technologies. This incident illustrated the ongoing adaptation of the GFW in response to citizen efforts to bypass censorship. As a result, proxy developers have had to continuously innovate, creating less detectable connections and employing various mimicry strategies to blend in with legitimate internet traffic. This cat-and-mouse dynamic continues to challenge both researchers and users seeking to maintain access to unrestricted information online.