Researchers from the censorship monitoring platform Great Firewall Report (GFW Report) published an investigation last week that “sounds the alarm” about the emergence of regional online censorship in China. They noted that in August 2023, netizens in Henan began reporting an uptick in inaccessible websites that were accessible elsewhere in the country. Their investigation found no evidence of region-specific censorship in the other areas analyzed—Beijing, Shanghai, Guangdong, Zhejiang, Jiangsu, and Sichuan—but did find that Henan censored a massive amount of content beyond that blocked by China’s national-level Great Firewall. GFW Report authors Mingshi Wu, Ali Zohaib, Zakir Durumeric, Amir Houmansadr, and Eric Wustrow provided more detail on the scale, targets, and potential motivations of Henan’s firewall:

China has long orchestrated its Internet censorship through relatively centralized policies and a unified implementation, known as the Great Firewall of China (GFW). However, since August 2023, anecdotes suggest that the Henan Province has deployed its own regional censorship. In this work, we characterize provincial-level censorship in Henan, and compare it with the national-level GFW. We find that Henan has established TLS SNI-based and HTTP Host-based censorship that inspects and blocks traffic leaving the province. While the Henan Firewall is less sophisticated and less robust against typical network variability, its volatile and aggressive blocking of second-level domains made it block ten times more websites than the GFW at some points in time. Based on the observed parsing flaws and injection behaviors, we introduce simple client-side methods to bypass censorship in the Henan province. Our work documents an alarming sign of regional censorship emerging in China.

[…] During our measurement period, we cumulatively observed 25,441 domains censored by the GFW, while 175,925 domains were blocked at least once by the Henan Firewall. Of the domains censored by the Henan Firewall, our analysis identified 104,100 domains with blocking periods under 21 days, while 163,083 domains experienced blocking durations shorter than 51 days.

[…] An interesting point that we note here is that the Henan Firewall targets Business, Economy, Computer and Internet Information domains more than the GFW. More than 35% of the total domains appearing on the blocklist of the Henan Firewall were from these two categories. To find the reason behind the focus on these categories, we hypothesize that the province of Henan has been a center of a lot of financial controversies, with the most prominent being the mass protests in 2022 that were a result of a financial scandal involving local lenders. Given the financial scandals targeting state-controlled financial institutions, it is very probable that the state wants to limit access to information that is relevant to the economy of the area. On the other side, it could be a part of the national policy to censor critics of the country’s business and economic policies.

The GFW on the other hand, targets more of the news and media, as well as adult content domains. This is in line with the long-standing understanding of the GFW that it aims to limit more of the news, morally sensitive and politically sensitive content. [Source]

The authors hypothesize that Henan’s economic-related censorship may have been triggered by a scandal that began in April 2022, when several banks in the province froze the accounts of some one million customers after one of the bank’s shareholders became embroiled in serious financial crimes. Hundreds of customers then attempted to travel to Henan to protest and access their accounts, but their COVID-19 health codes suddenly turned red. Numerous state-media outlets strongly condemned the alleged abuses by local authorities.

GFW Report adds to previous research on the decentralized features of China’s censorship apparatus. In a report last year, the U.S.-China Economic and Security Review Commission noted that the “day-to-day online content management is not enacted directly by the Party-state but rather is undertaken proactively by publishers, internet service providers (ISPs), website owners, and mobile application platforms seeking to avoid incurring penalties.” By assigning legal liability to these actors, the Party-state has driven them to “maintain their own network content management systems or subcontract that work to third-party moderators” in order to censor content on their platforms. In March of this year, the Open Technology Fund published a report highlighting the rise of censorship-related jobs in China between 2015 and 2022, arguing that the bulk of censorship implementation remains a labor-intensive task performed by human workers in the private sector.

GFW Report also offered strategies to circumvent Henan’s firewall. VPNs are one tool that netizens have often relied on for circumventing censorship in China, but it has become increasingly difficult to safely use them. (See the bottom of this CDT post for a list of incidents when individuals were punished for circumventing China’s Great Firewall.) In the latest example, Yuanyue Dang at the South China Morning Post reported last week on an annual policing tech expo which showcased next-generation surveillance tools that use AI to target Telegram and VPN users in China:

The Third Research Institute of the Ministry of Public Security showcased a tool that it claimed could monitor Telegram, a widely used instant messaging app known for its privacy and security. It said the tool could monitor Telegram accounts registered with Chinese mobile phone numbers, which have strict real-name requirements.

To date, the tool has collected more than 30 billion messages and monitored 70 million Telegram accounts, as well as 390,000 public channels and groups, according to the institution.

A promotional video from the institution showed how drug transactions could be monitored in group chats by logging into Telegram with a hacked Chinese mobile phone number.

It also said that messages on Telegram involving topics related to politics and Hong Kong could be monitored. The institute cited the widespread use of Telegram by anti-government protesters in Hong Kong in 2019 as one of the reasons for developing the tool.

In mainland China, internet users have to use virtual private networks (VPNs) to access Telegram, as well as the website for the South China Morning Post. But a technology company from the eastern city of Nanjing showcased a tool capable of detecting such use. [Source]

AI has increasingly been used to power censorship and surveillance in China. In March, researchers found a database that demonstrates how the Chinese government and tech giants are likely using AI large language models (LLMs) to enhance their censorship capacity. In February, OpenAI reportedly detected a Chinese-origin network that used its ChatGPT chatbot to build a tool for harvesting social media content on sensitive issues and marketing it to Chinese authorities. In January, upon the rollout of DeepSeek’s AI chatbot, users discovered that the chatbot self-censors its content in order to, in its own words, provide “government-aligned responses.” In an older example from 2023, the People’s Daily unveiled its new AI censorship product, “Renmin Shejiao,” allowing clients to upload material to the platform for review by AI and a team of censors that will help flag content considered politically sensitive. Around the same time, Weibo censors deleted a photograph of a flowchart demonstrating how Chinese security software company Qihoo 360 censors its AI product.