It is getting harder than ever for VPNs to break through the Great Firewall of China
The censorial Great Firewall of China is famed throughout the world for the restrictions it places on Chinese citizens. Internet users play a game of cat and mouse, seeking tools and methods for slipping through the censoring and spying that the government enforces.
But it is getting harder and harder to evade the Great Firewall. VPNs that once allowed unfettered access to the greater internet are quickly stomped on by the Chinese government, just as happens in Russia. At the end of March, a new update to the firewall blacklisted hundreds of VPN servers and now fewer VPN tools than ever work in China. So which is the best VPN for those fighting the Great Firewall?
- Cloudflare announces free VPN service, Warp, to complement its 220.127.116.11 DNS resolver
- BullGuard adds to its product line with a VPN
- Russia orders NordVPN, ExpressVPN, HideMyAss and other VPNs to block numerous sites
To see just what options were still available to people in China, researchers at Comparitech.com set about testing 60 VPN providers. The firm rented a server in Shenzhen and worked through the VPNs to see which were able to bypass government censorship and regional web blocks -- which, as Comparitech.com editor Paul Bischoff notes, are wide-reaching:
As the world's most advanced surveillance state, the Chinese government does not like online anonymity or privacy. Any part of the internet beyond Chinese authorities' control that allows private communication or the spread of information by users is blocked by the Great Firewall.
Likewise, any popular online content that disparages China or the Communist Party is promptly censored. VPN services, which can bypass these restrictions, are largely blocked as well, but a handful have the resources and knowledge to give users reliable access to the free and open internet.
Researcher Aaron Phillips developed an automated testing suite with UiPath and added all 60 VPN providers. He tested them in the US before copying them to the Shenzhen server to see how they fared in China.
Just 13 of the 60 VPNs worked.
Those that fared best were those that offered additional encryption options as the Chinese government has already clamped down on the OpenVPN protocol many tools are based on. The previously successful alternative of using L2TP over IPSec is becoming les reliable.
Phillips says ShadowSOCKS is a short-term solution:
ShadowSOCKS is a VPN-like service designed in China to circumvent the state's control of the internet. Some providers recommend using it instead of a VPN, because the government has not yet put resources into widespread detection and shutdown of ShadowSOCKS servers.
Unfortunately, Chinese internet policy over the past decade leads me to believe it's only a matter of time until ShadowSOCKS is on the chopping block. Evading detection by the GFW is critical; even though the protocol was designed to defeat exactly the sort of DPI China uses to identify and blackhole servers, it was designed in 2012.
There is a bright spot for ShadowSOCKS, though. There are already modules that can scramble its traffic similar to how the most successful VPN providers in China do today.
Here are the results of Phillips' research, and you can read his full report over on Comparitech.com:
|Avast Secureline VPN||DOWN|
|Buffered||DOWN||Buffered has previously been reported as up, but I could not get a connection after the March 31 update|
|HideMyAss||DOWN||Freedom mode tested|
|Kaspersky Secure Connection||DOWN|
|McAfee Safe Connect||DOWN|
|NordVPN||UP||Up using an obfuscated server|
|Norton WiFi Privacy||DOWN|
|Private Internet Access||UP||Up and running despite some initial issues with DNS|
|ProtonVPN||UP||Up but many individual servers are down|
|PureVPN||UP||Works in both standard and Internet Freedom mode, IF mode recommended|
|Windscribe||UP||Most servers are accessible in China|