IV. Evading the Locknet

Jessica Batke
Senior Editor for Investigations at ChinaFile
Laura Edelson
Assistant Professor of Computer Science at Northeastern University

In February 2022, American-born skier Eileen Gu became an internet sensation in China when she competed at the Beijing Winter Olympics as part of the People’s Republic of China (PRC) national team. During her time in China, Gu made multiple posts about her Olympic experiences on Instagram, a platform banned in the mainland. Just before Gu’s freeski big air event, an irked Instagram user asked Gu: “Why can you use Instagram and millions of Chinese people from mainland cannot, why you got such special treatment as a Chinese citizen. That’s not fair, can you speak up for those millions of Chinese who don’t have internet freedom.” Gu’s response betrayed how little she understood of the Locknet: “anyone can download a vpn its literally free on the App Store 👍.”

VPNs , in fact, were not and are not available in China’s app stores—at least not for average users, who didn’t have access to the Olympics’ special limited-time, restricted-user internet network. Just as it does with many foreign communication and social media apps, China forbids companies from offering VPNs and other circumvention services in the mainland versions of their app stores, or at least forbids them from offering VPNs that aren’t “government-approved and surveilled.” As one Chinese internet user wrote on Weibo in a retort to Eileen Gu, “Literally free, actually, technically and practically forbidden.”

Most people can’t just take a quick flight abroad to install their preferred circumvention app, and in some cases, as for many Uyghurs and other Turkic peoples in northwest China, even having such apps on one’s phone can be cause for detention. This means that individuals who want to evade network-level censorship —which is what people in China are generally trying to do with their VPNs—have to do some extra work to make it happen. Who are these people, and what is it they want to access abroad that makes them willing to break the law, albeit an unevenly enforced one?

Who Uses Circumvention Tools?

The Chinese government, unsurprisingly, doesn’t provide statistics about citizens who try to circumvent the Locknet. Outside estimates of circumvention tool usage often rely on small sample sizes, online surveys, or don’t explain their methodology at all, but they are still the best information we have. According to estimates from 2015 and 2018, about 30 percent of China’s internet users avail themselves of circumvention tools. Beijing, however, launched a crackdown on both domestic and foreign VPNs starting in 2017, making it harder for average users to evade network-level censorship. An estimate from 2022 suggested that the number of users was closer to 3 percent. If that figure is true, even sharp spikes in usage—like a doubling of users in 2023, according to Voice of America—would still put the percentage of users well below 10 percent. We suspect that a large share of VPN users are concentrated in wealthier, urban areas, where they would be more likely to encounter visiting foreigners and thus give the impression that VPN usage is more common than it is, though we know of no recent studies that confirm this.

The apparent drop-off in circumvention tool usage likely stems from Beijing’s crackdown. But successful platform substitution—whereby easily-available, domestically-censored apps replace harder-to-reach foreign ones—has no doubt also stifled demand. “There is a massive population who are blissfully unaware that [the] outside internet exists,” a circumvention tool provider told scholars as part of a recent study about censorship circumvention included at the USENIX Security Symposium. “There’s a complete domestic ecosystem [such] that people almost never accidentally stumble upon a website that’s censored.” A separate survey of Chinese internet users from 2015 showed that about a fifth of respondents weren’t even aware “that foreign websites such as Google were not accessible.” Even for people who would otherwise seek to avoid censorship, platform substitution has made circumvention less attractive. A circumvention tool user told the researchers,

I tried to persuade my parents to use [a circumvention tool] but it was not as appealing to them. We set up a family chat on Signal, but it was hard to switch just for [the] three of us while everything else is happening on WeChat. My mom thinks censorship is not good, but she simply doesn’t have [the] motivation to circumvent.

Those individuals who do choose to circumvent the system are not necessarily hard-core political dissidents. Lots of them just want to watch foreign TV. In 2018, one industry analysis stated that 54 percent of Chinese VPN users were hoping to “access better entertainment content.” This tracks with what Patrick Boehler, a media researcher studying circumvention in China, who has received Open Technology Fund support for other work, has observed: “You’ll typically see international content streaming services, and access to international gaming platforms, are highly popular.”

A History of Circumvention in China

As long as the Chinese government has been censoring the internet, Chinese citizens have tried to find ways to bypass that censorship. In the 2000s, censorship circumvention did require some technical know-how, but the relative simplicity of the government’s blocking mechanisms meant that effective circumvention tools could be similarly rudimentary. Diaspora websites hoping to beam their messages into China, for example, might frequently change their IP addresses or domain names to foil the government’s IP and DNS blocklists.

These comparatively simple techniques no longer work against China’s beefed-up network-level censorship system. And, in addition to keeping circumvention tools out of the country’s app stores, Beijing also tries to prevent its citizens from even learning that alternate circumvention methods exist. Since about 2010, the Party-state has put a special premium on hunting down and blocking information about circumvention tools. Recent research suggests that authorities have even deployed HTTPS middleboxes whose primary job is to block domains associated with censorship circumvention providers. Such blocking significantly affects how many people use these tools, since the tools rely on “discoverability” to attract users. Though a number of circumvention tools do still function in the mainland, they require that potential users first learn about them and download them, something that is increasingly difficult on China’s networks. (It is worth mentioning that Chinese authorities do not block every single possible circumvention tool. Bowing to economic necessity, the government maintains a list of approved circumvention technologies that allow foreign businesses and others to sidestep the censorship system in order to send secure emails or visit blocked websites. These approved circumvention tools also almost certainly allow the government to surveil communications sent within them.)

Even though the vast majority of its citizens won’t ever learn about them, the Chinese government also seeks to neutralize any emerging circumvention techniques. A significant portion of the Chinese government’s network-level censorship is designed to detect the use of circumvention tools. This means that even if someone were to download a VPN while abroad, they might not be able to use it once back in China; the network-level censorship system would recognize certain traffic signatures associated with VPN use and block them. The last two decades have seen an ever-escalating arms race between the censors and circumvention tool developers, who try to adapt their circumvention mechanisms after each new block.

Many of these mechanisms rely on a simple premise: showing a false destination to the censor. The censor sees the false destination, thinks it’s ok, and lets the traffic through to the false destination. The false destination then forwards on the internet traffic to the real destination. China’s censors, therefore, have focused on identifying and obstructing these false destinations.

Many of the most popular mechanisms to evade censorship in China rely on proxy servers. Proxy servers, or proxies, are simply machines that serve as middlemen—they accept and forward on traffic that is ultimately meant for another server . Different organizations may set up their proxy networks in different ways, but they all fundamentally involve a user, a destination, and at least one proxy server in between the two, relaying traffic between the user and the destination. Services and tools such as The Onion Router (Tor), Shadowsocks, and NordVPN all function by making use of proxy servers. (For our purposes here, you can think of a VPN as a type of proxy service—many people use the terms “proxy” and “VPN” interchangeably to describe a technology that helps evade censorship.)

Someone in China hoping to read The New York Times (which is banned in China) might try to use a proxy server to connect. Using the proxy software of their choice, they would type in “www.nytimes.com.” Instead of doing a DNS lookup right there from the computer in China, the proxy software would send this request to a proxy server—so all the packets sent from the user to the proxy server would have the proxy server’s IP address on them. A Chinese government middlebox inspecting the packets would only see an innocuous IP address totally unrelated to The New York Times. Once the packets reached the proxy server, the proxy server would take all the steps necessary to fetch The New York Times homepage. Finally, the proxy server would send The New York Times homepage information back to the user—again, with all the packets appearing to come from the proxy server, not from The New York Times.

This system works as long as the Chinese authorities do not realize that the proxy server is, in fact, a proxy server. Once they recognize the proxy server for what it is, they can easily add the proxy server’s IP address to a blocklist.

For a while, authorities didn’t have to look far. To counteract Tor, a popular free service that depends on volunteers to run its proxy servers, in 2009 China’s censors simply read Tor’s publicly-available list of proxy servers and blocked all of their IP addresses. Tor then attempted to better hide their proxies’ IP addresses, but by 2016, the censors were downloading the source code for every new release of Tor software and blocking the proxy IP addresses they found within it—all before anyone in China had a chance to use them.

The PRC’s censorship system also works to detect proxy servers that aren’t so obviously enumerated. Since at least 2011, the PRC’s censors have employed several automated mechanisms to detect and confirm the identity of previously unknown proxy servers. These mechanisms are on the lookout for multiple different circumvention protocols. First, a middlebox monitoring the connection checks for packets with certain tell-tale features, such as strings of characters that are too uniformly random to be coincidence. These features serve as a tip-off that the packets are destined for a proxy server and are trying to disguise themselves to slip past the censors. Sometimes, on the basis of these tell-tales alone, the censorship system decides to block the suspected proxy’s IP address . In other cases, the system goes on to send “probes” to the suspected proxy server, pretending to be a legitimate circumvention tool user, seeing how the server responds, and then deciding whether or not to block the IP address. These probes come from a wide range of IP addresses that change frequently. This means that circumvention providers can’t simply keep a list of the probes’ IP addresses and configure their proxy servers to ignore them—there are simply too many IP addresses to keep track of, and there is a decent chance that a legitimate user might eventually be assigned one of them.

For a few years in the 2010s, a practice called “domain fronting” offered a censorship workaround to websites and apps (like Telegram and Signal) otherwise banned in China. Similar to using proxy servers, domain fronting tweaks the standard settings for HTTPS packets, making sure that a censor only sees a false destination (a “front”) and hides the real destination deeper inside the HTTPS encryption. The “front” destination is, ideally, a website or service that China would prefer not to block, and one that is already primed to receive and forward traffic without any knowledge it is being used as a “front.”

For example, someone in China using a domain fronting tool might address their packets to an unwitting Amazon Web Services (AWS) server (AWS, as a major cloud service provider, handles a large amount of internet traffic). In this case, the AWS server acts as the “front.” Upon receiving, unpacking, and reading the domain name on the inner portions of these packets, the AWS server would realize the packets were actually meant for the encrypted messaging app Signal. The AWS server, configured to automatically forward on such erroneously-addressed traffic, would simply send the packets to Signal. Thus, companies that host large quantities of web traffic, such as Amazon/AWS, Google, and Microsoft/Azure, became important, if largely passive, players in the censorship circumvention ecosystem. Technologies that relied on domain fronting, like Telegram and Signal, benefited from the resulting “collateral freedom.”

The vulnerability in this technique, however, lies with the companies themselves. The companies don’t have to forward on traffic not actually directed to them—they can choose to stop serving as “fronts.” Over the past decade, that is exactly what has happened. Some observers credit Russia (another major nation-state censor) with applying enough pressure to Google and Amazon specifically that they reconfigured their systems to disallow domain fronting in 2018. Now, despite attempts to resuscitate it, domain fronting at scale is no longer the censorship solution it had been just a few years ago. The death of domain fronting shows that successful censorship circumvention isn’t always about “good guy” hackers outsmarting “bad guy” censors. It also involves understanding and navigating the concerns (financial ones, for example) that businesses or other third parties might have about their role in the process.

And it’s possible China’s government will take even more invasive steps towards rooting out inveterate circumvention tool users. According to anecdotal reporting on an online tech forum, in 2023 one user found that their newly-installed, telecom-provided modem suddenly prevented them from accessing their circumvention tool—and that the police called them shortly after they tried to access it, mentioning the specific website by name. Academic research confirms that this kind of in-home surveillance via home internet equipment is indeed possible.

China’s continued efforts to hunt down and block new circumvention tools show just how threatening the censors believe unfettered internet access can be.

Circumvention Goes Further Underground

China’s aggressive stance towards circumvention tools has left many providers, particularly those that offer their services for free, on the back foot. The international circumvention tool provider Lantern, which had served more than 4 million users each month in China at the beginning of 2023, had less than half a million users by the beginning of 2025. In some cases, providers may have been the victims of their own success: “The problem with [circumvention tools] in China,” one interviewee told the authors of the USENIX Security Symposium study on censorship circumvention, “is that once the service scales up to a level where it becomes widely known, it attracts the censor’s attention for blocking.” Finally, censorship watchdog GreatFire recently found that even VPNs that do manage to work inside China may now function at much slower speeds than they had previously.

This has led to a burgeoning underground market of tools to access blocked websites and services, with information being passed around by word of mouth or on “Telegram groups dedicated to things like sharing proxy details and selling this information for money.” One Chinese user told the scholars, “I paid this anonymous person on WeChat and they provided me with their tools and account info. I don’t know if the service has a name. It is not an app I can find in mobile or PC app stores.”

These black-market circumvention services are euphemistically known as “airports” in China, because they connect users to a foreign internet. Such black-market services “always exist when there are barriers to and obstacles to what people want to do, and there’s an opportunity to arbitrage against that with a superior product,” notes Boehler, the media researcher. It’s hard to get a precise fix on how many such “airport” providers are out there—dozens? hundreds?—but the advertisements they post offer some insights into the scale of the market. For one, the advertised prices are quite low, with monthly fees ranging from 15 to 188 renminbi (approximately U.S.$2 to U.S.$26). “If you’re doing something that’s illegal, and the pricing is really low, that is an indication it’s so widespread you can monetize it at that level.” For another, the variety of offerings suggests a highly sophisticated, diversified, and “kind of pervasive” market. “There’s a lot of pricing competition, competition around features, countries you can tunnel into, the amount of servers they have, the throughput in terms of traffic,” Boehler explains.

Individual airports can serve thousands or even tens of thousands of customers, according to local governments that have prosecuted sellers. They can also provide the technical know-how to less tech-savvy users in order to successfully set up their services. “That’s exactly why [airports] exist,” says Boehler. “They don’t require any technical knowledge or paperwork or anything. You just go to Taobao or wherever, you buy a box and connect the box to your WiFi, and you have streaming services on your TV.” In fact, the relative ease of using these services “means that people might not be aware that they’re using airports. They might think they just bought a box. [They’re not thinking] ‘I’m subverting the Communist Party,’ but ‘I just want to watch Netflix.’ [The providers] don’t have to put a warning label, like ‘You’re committing a crime!’” (The unofficial nature of the airport market also gives scammers ample opportunity to bilk money from would-be users.)

Circumvention Is Dead, Long Live Circumvention

The continued functioning of some commercial VPNs , and the robust black market for “airports,” reinforce two key truths about the Locknet. First, the system is not watertight. Cracks in the dike will always exist, it’s just a matter of how big or widespread they are. Second, the more popular and user-friendly an anti-censorship mechanism is, the more likely it is to draw authorities’ attention and get shut down. The crackdown on circumvention tools started with major providers and app stores, and now almost certainly targets the larger and more successful among the airports. Even if the Party-state has the technical capacity to eradicate every single airport, it may not judge the effort worth its time. Beijing’s overarching strategy seems focused on preventing citizens from having easy access to intuitive, full-suite encryption or circumvention apps, knowing that accessibility or usability barriers are enough to discourage many people from bothering to try any harder. (Some people may think that circumvention isn’t even possible. In the 2015 survey of Chinese internet users, “nearly 20 percent [of participants] indicated that it was impossible to access” foreign sites like Google.)

But evading the Locknet doesn’t just mean trying to access foreign websites. After all, the Locknet aims to control both foreign and domestic content. Users hoping to avoid censorship on domestic platforms have their own tricks—ones that are far less technical than trying to install a black-market VPN.

By definition, users who want to post content on a domestic platform hope to actively use the platform, not circumvent it. Service-level censorship evasion techniques, therefore, revolve around disguising content, rather than disguising internet traffic. A 2024 survey of Chinese internet users categorized service-level censorship evasion tactics into five groups, including wordplay (use of homophones and similar coded language), visualization (such as posting images of text, including one respondent who “once created a one‐meter‐long image”), decontextualization and recontextualization (like using allegories or historical figures to covertly discuss current events), and link-sharing (posting URLs that point to content hosted on a cloud service). The fifth category, throwaway accounts, may become less sustainable over time as companies continue to implement the government’s real-name registration rules.

In meatspace, however, knowing how to safely defy the authorities can be tricky. The vast majority of people who circumvent censorship, either at the service or network level, will never suffer any serious harm because of it. The Party-state metes out its punishments somewhat arbitrarily, and the most serious repercussions, like paying a million renminbi or going to jail for using a VPN, are extremely rare. But it’s the arbitrariness that makes real risk assessment so challenging—not to mention the fact that anyone facing such punishment has no effective means of legal recourse. Very few people who use a VPN will be sent to jail, but anyone could be.