What Is The Great Firewall Of China?
In order to properly understand the Great Firewall of China, we first have to talk about the so-called Golden Shield Project, which is also known as the National Public Security Work Informational Project. The project includes criminal information system, security management information system, supervisor information system, exit and entry administration information, and traffic management information system. The Great Firewall of China is just a part of this nationwide network-security construction developed by the Chinese e-government.
The initial phase of the Great Firewall was finished in 2006 and its scope and complexity have significantly increased since, narrowing down Internet access into and out of China to only 3 access points. The policing of the Internet is currently performed by more than 50,000 cyber-intelligence officers.
The Great Firewall implements a wide range of technologies to “safeguard” Chinese citizens from inappropriate or dangerous content. These include DNS filtering, IP blocks, packet filtering, URL filtering, and more. Moreover, Chinese censors also use deep packet inspection to foil any attempts at bypassing these blocks.
What is interesting about the Great Firewall is that it focuses so much on preventing individuals from accessing international websites that it completely omits to block domestic social media platforms and websites. It does, however, heavily monitor its sites for any signs of potential political dissent. On top of that, the government actively uses these platforms to discredit its opponents and spread propaganda.
China is indeed a very big country, which means that the Great Firewall can’t prevent every single person from accessing “dangerous” online content. Usually, a site that is blocked in one province is widely available just around the corner, that is, in another province. The sites that are theoretically banned in China include all Google services, including WhatsApp and YouTube, Chinese Wikipedia, Facebook, Twitter, Instagram, Dropbox, Pinterest, Vimeo, The Independent, Bloomberg, Tor Project, News Media, Tinder, GitHub, Snapchat, Skype, Flickr, and Wall Street Journal.
Are VPNs Legal In China?
This is one of the fundamental questions when it comes to online security and privacy in China. The simple answer is yes – VPNs are currently legal in China.
Having said that, the Chinese government has talked about an imminent ban on all VPN usage on numerous occasions over the years. Recently, it announced that all non-state sanctioned VPNs would be banned in April 2018. The government offered no further explanation regarding the implementation of the ban, so all we can do is wait and see how it all unravels.
Another question that everybody’s asking is why the Chinese authorities haven’t banned all VPNs already since they can obviously do it whenever they please. The answer to this question is very simple. VPNs are an integral part of doing business, especially for major international companies located in China. VPNs encrypt their international online traffic and correspondence and keep their confidential information and company secrets away from the rest of the world. Since international companies use VPNs on a regular basis, if China were to shut them all down, it would severely compromise the ability of these companies to do their business in China.
Corporate VPNs aside, there were reports of individuals going to prison simply for using a VPN. This happened in politically sensitive areas like Xinjiang and Tibet, though. However, these reports have never mentioned foreigners getting in any trouble for using a VPN in China. Bottom line, using a VPN is technically legal in China, but there are a lot of gray areas depending on the particular location and political tensions in the region.
Will China Block All VPNs?
As we already mentioned, we witnessed numerous announcements and alleged orders issued by the Chinese government to block certain or all VPN traffic and even individual access to VPNs. For the reasons we already stated, none of these grim premonitions actually came to pass.
Chinese authorities are known for this kind of rhetoric, but they usually stop at blacklisting the domains and IP addresses of known VPN servers outside Chinese borders. In the past, this resulted in shutting down some VPNs (Astrill, for example) for all users on the mainland, but now it only causes temporary downtimes until VPN providers update their software and server addresses.
At this point, these types of threats resemble the story about the boy who cried wolf. Of course, there’s always a possibility that the next announcement will be the “big one,” but we believe VPN companies have sufficient experience and knowledge to avoid pretty much any obstacle thrown their way. Additionally, as we already stressed, China is also not interested in blocking VPNs altogether, so it’s not very likely the country will ban all VPNs; not in 2019, not ever.
Using A VPN In China
If you’re heading over to China, you should buy, download, and install your VPN software before getting there. This is recommended for two main reasons:
- To make sure your VPN setup is working as it should outside of China. Without checking this, you won’t know the origin of the problem if you can’t connect in China. In other words, you won’t know whether you’ve messed up your setup or China is blocking your VPN traffic.
- Alternate VPN websites are usually accessible from China, but you have no guarantee this will be the case once you’re there. To put it simply, you won’t be able to access the relevant websites, which will prevent you from buying a VPN from China in the first place. This doesn’t happen often, but the fact that it happens at all means you should definitely be ready for this possibility.
If you pick one of the best VPNs for China from our list, you can rest assured they will work until the moment China finally decides to ban all Internet traffic within its borders, which will probably never happen.
On the other hand, mediocre VPN services are far more likely to be blacklisted and blocked. If this happens, there’s pretty much nothing you can do to make your VPN work. Cheaper VPN services often share IP addresses between thousands of different users, making it much easier for the Chinese government to detect VPN traffic. You can follow some instructions found online and mess around with different ports, but nothing will ultimately help if the Great Firewall pegs you as a VPN user. The only thing you can do at that point is to change your VPN provider.
Another point to consider is that the Chinese government doesn’t want to ban VPNs altogether, but it does want to put all VPN traffic under its control. Battling Chinese censorship is an ongoing war for VPN providers all over the world and they are constantly discovering new ways of defeating the anti-VPN measures put in place. Knowing the situation, you cannot expect your VPN to function perfectly in China, so having moderate expectations is one of the key points when choosing a VPN that still works in China in 2019.
Do I Need A VPN In Hong Kong, Macau or Taiwan?
Hong Kong and Macau are Special Administrative Regions of China, meaning they are not under the control of the Chinese government. Since they are autonomous, they don’t have any anti-VPN security measures in place, so you don’t need a VPN to access your favorite websites from these regions.
However, you should note that there are indications of traffic monitoring by the authorities in both regions, so you should probably protect yourself if you’re about to do something the government may not like.
If you’re currently staying in Taiwan, you’re free to do whatever you want on the Internet. China can impose no Internet usage restrictions there.
What Makes A Good VPN For China?
For the purposes of our list of the best VPNs for China, our testing circuit included VPN providers that offer the most impressive set of security and privacy features. In order to paint a better picture of why we chose the companies on the list, we’ll share some of our most important ranking criteria with you.
To secure a place on our list of the best VPNs for China, VPN providers have to feature:
If you want to use your VPN in China, AES-256 cipher is the minimum you should go with. AES-256 cipher is also known as “bank-grade” or “military-grade” encryption, which means that the banks and the military both use this encryption to scramble their online traffic. Currently the best cipher available, AES-256 is literally uncrackable. Some companies offer AES-128 as well, which is technically weaker but still uncrackable. So, you can go with either one without any fear of your Internet traffic being compromised.
AES-256cipher is usually accompanied by RSA-2048 handshake and SHA-256 authentication, which represent the trifecta of a perfect online security setup. Some companies feature RSA-4096 and SHA-512, but this is not really necessary, not even in China.
Secure Connection Protocols
When it comes to VPN connection protocols, more experienced users can tinker with their settings and increase the overall connection speed by choosing faster but less secure protocols. However, since we are talking about China, the only possible choice you can make is OpenVPN.
OpenVPN is the most secure protocol out there, period. It’s highly configurable, open source, compatible with a multitude of encryption algorithms, and most importantly, it can bypass the Great Firewall of China. It can be a bit tricky to set up, especially if you’re new to VPNs, but you can find a ton of comprehensive, easy-to-follow guides and manuals on the Internet.
PPTP, L2TP, SSTP, and IKEv2 are not recommended in China since they are mostly outdated or lack adequate security features.
Strict No-Logging Policy
Every country in the world can demand your personal data from your VPN provider. It is, therefore, essential that your chosen VPN maintains a strict zero-log policy.
VPNs can protect you from hackers and other third parties looking to interfere with your connection and steal your data. They can, however, do absolutely nothing except hand over your personal information if the government requires them to do so. The best VPNs for China have strict no-logging policies, which means they don’t have any data to hand over even when served an appropriate warrant.
There are two types of logs your VPN provider can keep:
- Connection logs – These logs are the more benign type of the two and include your real IP address and the one assigned by your VPN, connection time stamps, and data transferred during your sessions.
- Usage logs – Keeping logs is never good for your privacy, but usage logs are especially invasive and harmful. They include the sites you visit, the files you download, and the software or protocols you use.
An Internet kill switch is one of the crucial elements of the best VPNs for China. This feature is developed to stop you from accidentally exposing your real IP address in case your VPN disconnects for whatever reason.
This is a very simple feature that monitors the behavior of your VPN and kills your Internet connection the moment it detects something is wrong. If you disable your kill switch, once your VPN connection drops, your device will re-establish a regular connection automatically through your ISP, which will expose your true location.
A kill switch is basically a tripwire that monitors your connection, constantly looking for any IP or status changes. The software will unblock your connection when your VPN comes back online, so you don’t have to worry about doing anything manually.
If your VPN is registered in a country with mandatory data retention laws, it cannot implement a zero-log policy since it is required to log your data by law. If the government ever asks for your personal information, the company has to hand it over. Countries with mandatory data retention laws include Latvia, France, Portugal, Italy, Austria, Estonia, Greece, and others.
Additionally, your VPN shouldn’t be in a country associated with the 5/9/14 Eyes Alliances, including the US, the UK, Australia, Canada, New Zealand, Denmark, France, the Netherlands, Norway, Germany, Belgium, Sweden, Spain, and Italy. Their known close partners include British territories overseas, Israel, Japan, South Korea, and Singapore.
Best VPNs For China
We have chosen the best VPN services that satisfy all of our selection criteria. Now it is time to explore our top picks in greater detail and find out which one is the best fit for you. Read the mini-reviews below, discover the key features of our top-rated VPN services for China, and decide which one is the right match for your needs.
Surfshark is a great choice for VPN users looking to bypass the Great Firewall of China. Just like its fans across the globe, its users in China report great speeds and reliability. The service operates 800+ servers in 50+ countries worldwide and its list of server locations includes Hong Kong.
With Surfshark, you have your data encrypted with unbreakable AES-256 cypher and you can choose between OpenVPN and IKEv2 protocols. No logs are ever kept, so you do not have to worry about your personal data being compromised.
For increased security and privacy, the service offers a range of useful features, including an Internet killswitch, leak protection, multi-hop connections, zero-knowledge DNS on all servers, Camouflage mode that additionally masks your VPN connection, and CleanWeb, which blocks ads and keeps you safe from malware and trackers.
Surfshark accepts cryptocurrencies for maximum privacy and offers a 30-day money-back guarantee on all subscriptions.
NordVPN is currently the best VPN for China on the market. It is known for maintaining a fine balance between simplicity and complexity. Namely, it is very user-friendly, so even absolute beginners shouldn’t have any difficulties with the software, but it’s also a pretty powerful VPN with a wide range of exceptional features, also catering to the needs of advanced VPN users.
NordVPN is based in Panama, which is an excellent location for all VPN users in China. The Internet connection throttle is barely noticeable, so you’ll be able to stream in HD and download torrents quickly without any problems.
The software supports OpenVPN connection protocol, as well as IKEv2/IPSec. It’s also the only VPN that encrypts your traffic twice. NordVPN keeps absolutely no logs and comes with a convenient auto kill switch feature. NordVPN features 5,100+ servers in 90+ countries, allows up to six simultaneous connections, accepts Bitcoin, and offers a 30-day money-back guarantee.
CyberGhost is one of the most powerful VPN services on the market both in terms of security and speed/coverage. This allows it to bypass the Great Firewall even though the company doesn’t officially condone it. In other words, you CAN use it to go over China’s online censorship, but the company states that you’re doing it at your own risk since VPNs are currently illegal in China.
Note that OpenVPN, which we always recommend as the safest connection protocol, is by far the worst option to use in China. However, with CyberGhost, you have manual workarounds at your disposal that allow you to connect using the L2TP protocol. Admittedly, using L2TP in 2019 is not ideal, but it is one of the rare options that still work.
Apart from being able to connect you with the rest of the world from China, CyberGhost also comes with AES-256 encryption, an auto killswitch, a strict no-logging policy, DNS and IP leak protection, unlimited traffic/bandwidth, and access to more than 4,600 servers. The software supports up to 7 simultaneous connections and comes with a generous 45-day money-back guarantee.
ExpressVPN is a stellar representative of the best VPNs for China in spite of its location (British Virgin Islands). The company is mostly dedicated to providing its users with incredible connection speeds without sacrificing their online security. ExpressVPN supports OpenVPN but also PPTP, SSTP, and L2TP/IPsec. When it comes to encryption, it features the highly praised AES-256 cipher.
The company keeps no usage logs whatsoever but does log some anonymous data for statistics and to further improve its service. It’s important to mention that these logs can’t identify you as an individual or determine your actual address. An auto kill switch functionality is also there.
ExpressVPN currently has more than 3,000 VPN servers spread across 90+ countries. It allows up to three simultaneous connections, protects you against potential DNS leaks, accepts Bitcoin, and offers a full 30-day money-back guarantee, which is more than enough to test the software and see if it fits your personal needs and expectations.
5. Pure VPN
PureVPN is a respected VPN provider that primarily focuses on connection speed without making any compromises when it comes to security and privacy, so you’ll be able to enjoy your favorite video and audio content in HD while bypassing the Great Firewall of China.
PureVPN covers OpenVPN, PPTP, SSTP, L2TP/IPsec, and IKEv2 connection protocols and encrypts your data with 256-bit cipher. It keeps no traffic logs but, similarly to ExpressVPN, it does record some connection logs, which cannot be traced back to you. The company’s based in Hong Kong, which is an independent Special Administrative Region in China.
With PureVPN, you will have more than 2,400 servers across 140+ countries at your disposal. The company allows up to five simultaneous connections, accepts Bitcoin payments, provides an auto kill switch, and has a 31-day money-back guarantee.