The Locknet
The continued functioning of the Locknet remains existential for the Chinese Communist Party—it’s a must-have, not a nice-to-have. Control over information, and thus influence over what citizens know and believe, forms part of the bedrock on which the Party edifice stands. In the modern world, this necessarily involves internet censorship. As General Secretary Xi Jinping said in a 2018 speech, “Without internet security there is no national security, economic and social stability do not function, and it becomes difficult to safeguard the interests of the majority of the people.” Of course, in China, “internet security” doesn’t just mean keeping one’s data safe. It means content control.
This precept limits what kinds of changes the Locknet is likely to undergo in the coming years. There’s simply no reason for the Party to allow wide-scale access to uncontrolled online information flows, even if it might have some economic benefits—an improved economy doesn’t mean much to a regime that’s been deposed. A serious recession, or a slightly less autocratic General Secretary, might alter this calculation somewhat, but the vast majority of the Party’s political imperatives point exactly in the direction of the status quo: ever-tightening content controls. The Party won’t become more lax on censorship of political or social issues for almost any reason other than its own collapse.
But even as the CCP’s motivations will likely remain constant, the internet itself will continue to evolve. Of course, the internet isn’t any one thing. It’s a combination of plastic, metal, standards, and software, any piece of which can be extended, added onto, or otherwise fiddled with. The internet’s extensibility remains the key to its adaptability and longevity. It also presents opportunities and risks, both to the Locknet and to those who seek to evade it.
So, what shape will the Locknet take in the coming years? We can glean a partial answer simply by looking back at how it has changed, and how it has remained the same, over the previous decades. Regardless of the technical approach used to achieve it, we believe that censorship in the coming years will indeed largely look the same to average users in China: despite some porousness, overall regulation and enforcement will continue to tighten. From a political perspective, the need for censorship has only increased as China has entered a period of economic and demographic difficulty; the censorship ratchet can only turn one way. Though some banned content will always make it through, the Locknet will remain comprehensive enough to be effective, and will adapt over time to changes in technology as well as in politics.
In contrast to the early years of the internet, when the U.S. President Bill Clinton famously declared that controlling the internet was akin to “nailing Jell-O to the wall,” China’s Party-state now maintains a firm, if not perfectly watertight, grip on its domestic cyberspace. A big part of its success results simply from physical access: it has direct or indirect control over the real-world equipment that carries internet traffic within mainland China, and it has kept the number of exchange points with the outside world relatively limited. Outsiders trying to send information in, or provide Chinese users with circumvention tools, just don’t have this kind of physical access. We expect Beijing to continue consolidating this control outside its borders, building new backbone infrastructure over which it has a similar level of influence.
Barring changes to domestic internet infrastructure, Beijing will continue to rely on the private sector to carry out
service-level censorship
. Companies implementing this censorship will necessarily have to keep pace with changing modes of communication, incorporating new technologies into their processes. Large language models (LLMs) exemplify this trend.
LLMs currently feed into censorship in two main ways. First, they serve as an internal tool with which online platforms can automate the reviewing of user-generated content. As LLMs have become larger and more sophisticated, they have been able to incorporate contextual information. This means LLMs aren’t just looking for offending keywords, they’re analyzing how a word or sentence appears in context, whether in a paragraph, a series of posts, or even a days-long online discussion. Companies making use of LLMs with these contextual capabilities will augment their ability to conduct automated censorship, requiring fewer humans to carry out “second-line” reviews.
This promises to substantially reduce the costs of service-level censorship, making it easier for small or young companies to implement. However, LLMs are unlikely to eliminate the need for human reviewers entirely. The phenomenon known as “semantic drift,” in which words’ meanings change as people begin using them differently, will always demand some level of human intervention to ensure that users aren’t sneaking something by the automated gatekeepers. In addition, given that the government constantly changes what it wants censored, some number of humans will always be needed to update what the LLMs are looking for.
Second, public-facing LLM chatbots produce novel content that must itself be censored. Chatbots can distort information in multiple ways. On the least nuanced end of the spectrum, they can offer up falsehoods. A slightly more nuanced approach might omit certain facts. The most nuanced method involves providing all of the facts but selectively emphasizing some and downplaying others. The more nuanced the distortion, the harder it is for either average human users or fact-checking software to detect. As LLMs, including Chinese-made ones, move toward these more nuanced forms of interaction, it will become harder to tease out true from false.
And, as the Chinese government continues to encourage the development of LLMs, we should expect more China-made chatbots to be in use the world over. DeepSeek’s relatively low-cost LLM will be very attractive to international businesses, some of which have already incorporated it into their global products. For most LLM use cases, the current methods of censorship, particularly the “post-training” mechanism that reviews a chatbot’s initial output and deletes it if it isn’t up to snuff, should be fast and efficient enough to keep up with user needs. However, if super high-speed applications should come into use, the “post-training” review mechanisms would likely struggle to function at a pace to ensure sufficiently bowdlerized answers.
New technologies often offer censors the ability to make censorship more covert. For example, algorithmic social media feeds, which determine what users see when they open up TikTok, Douyin, or any other such app, function in a covert manner. They do not tell users why they are seeing certain kinds of content and not others. This allows covert, government-imposed censorship to occur in tandem with run-of-the-mill feed curation. We expect censors to continue making their censorship more covert as opportunities arise.
In order to continue doing business in China, American and other foreign companies will continue to facilitate censorship. One key way this happens is via meta-censorship, such as Apple’s keeping particular apps and services out of the Chinese version of its app store. Meta-censorship has become an increasingly important part of China’s censorship regime, shifting the battle from the technical sphere to the social and economic, where China undoubtedly has a strong advantage. The phenomenon is particularly acute for iPhone users, because Apple, unlike other device manufacturers, doesn’t allow users to install non-Apple app stores on their devices (and Apple’s app store does not make VPN software available in China). So while your iPhone may be technically capable of running a VPN to circumvent censorship, the lack of VPNs available in Apple’s China app store means you have no way of actually downloading one.
Other foreign tech companies will almost certainly continue to seek inroads to the Chinese market, trying to find ways to make their products palatable to the censors—even at the cost of implementing censorship, as both Google and Facebook have (unsuccessfully) attempted to do in the last decade.
Platform substitution—permitting more tightly controlled domestic platforms while banning foreign ones—has largely succeeded in corralling Chinese citizens onto apps that are subject to the Party-state’s censorship rules. We expect platform substitution to remain a key plank of China’s online censorship strategy, as it boosts domestic firms’ bottom lines at the same time it holds “dangerous” information at bay.
We wonder if companies may implement more online identity verification measures at Beijing’s behest. A next logical step, following the more stringent application of real-name registration regulations, would be requiring biometric proof of identity before, say, opening a new social media account. We have no evidence that this particular change is forthcoming, but it is both technologically feasible and fits in with the general trend of more closely tracking internet users.
We also anticipate continued moves toward further “personalization” of censorship. “Personalization” means that particular individuals, or individuals in certain areas, will experience censorship differently than others. This may be positive for the individual (a “trustworthy” person working in a state-sponsored research lab may get reliable access to Github for their work, for example), or it may be negative (people logging on from the Xinjiang Uygur Autonomous Region in northwest China may find themselves unable to access services they can use elsewhere in China). Personalization has been happening for years—it’s how certain people, like the outspoken pro-CCP journalist Hu Xijin, are able to openly post on X (formerly Twitter). It’s also how individuals in Henan province are already subject to double censorship, with both provincial-level and national-level censorship constricting what they can access online.
In any event, personalization does not mean widespread, unfettered access to the “fun” foreign internet. It instead gives certain individuals access to certain resources that serve the Party-state’s larger goals. For Hu Xijin, personalization allows for propaganda to flow directly from an informal spokesperson to foreign internet users. For a software engineer, personalization can help improve code. The changes we foresee taking place largely revolve around a more fine-grained implementation of personalization—more detailed categories of people able to receive such personalization, and more specific types of content made available to them. In some cases, this might happen through the use of state-approved
VPNs
, tailored to meet the needs of the individual user or company to which they have been sold. The downside of personalization is cost. It’s not free to keep track of various categories of users and tailor the resources available to them. But it can be worth the cost if it achieves other ends, be those economic or geopolitical.
Some within the Chinese government system have instead called for a broadening of censorship personalization. A member of the Shanghai municipal People’s Congress recently suggested that the city should open up internet access in “free-trade zones, financial districts, and universities” to promote more global exchange—a suggestion which was then quietly removed from the Party-affiliated newspaper website on which it appeared. Similarly, an official at an élite university in China called for certain regions to begin the slow dismantling of
network-level censorship
. (Notably, neither of these calls for reduced censorship addressed the issue of
service-level censorship
—they only suggested that access to the rest of the world be less restricted.) Yet, as one expert on Chinese security and foreign policy notes, “the feasibility of such initiatives is questionable . . . [they run] counter to China’s current trajectory of information control, which is becoming increasingly stringent rather than more permissive.”
The suggested region-based approach to loosening censorship conflicts with how the Party-state generally grants greater internet access. Currently, authorities allow trusted (or at least economically important) individuals or organizations to connect to otherwise banned online resources. This permission is based on the recipient’s identity, not their location. In fact, in the cases we know of, when authorities differentiate internet access between regions, they impose more restrictions, not fewer. Anecdotal reports suggest that one city even implemented an allowlist system for a time—allowing users to access only pre-approved sites and services, rather than allowing most information through and only blocking forbidden sites. Allowlisting could indeed become an additional weapon in the personalization arsenal, levied against certain localities during “sensitive” events, for example, or against particular individuals deemed to be troublemakers.
At the network level, we anticipate Beijing will follow the same playbook it has for decades, bolting on additional
middleboxes
(or other mechanisms) as needed when new and uncensored communications technologies appear. Sometimes authorities may wait for years to install such middleboxes, as they did with HTTPS, balancing cost against fear and only moving when a given technology reaches a certain tipping point in terms of prevalence.
At the same time, Beijing may sometimes decide to forgo this lag entirely by pre-emptively blocking some new network-level technologies wholesale. Authorities will likely only do this if they deem the technologies adequately threatening, and if the global community has not yet adopted them widely. Authorities have already done this with
ESNI
(encrypted server name identification)—after recognizing its ability to successfully hide a packet’s content, origin, and destination, they stopped allowing any ESNI traffic in China. They will likely apply the same strictures against a newer version of ESNI known as Encrypted Client Hello (ECH), if and when it becomes widely used. Similarly, a mechanism known as an encapsulated TLS handshake, used by many circumvention tools, can be easily identified and blocked entirely. We should expect that Chinese censors will implement such a block as it allows them to stop unapproved
VPN
traffic with very little collateral damage.
China’s
network-level censorship
has always maintained a “good enough” approach to blocking online traffic, as described in “Father of the Great Firewall” Fang Binxing’s 2010 paper “Information Content Security on the Internet: The Control Model and its Evaluation.” The system behaves probabilistically: It doesn’t inspect each piece of traffic inside and out, but makes decisions based on the likelihood of that traffic being “bad.” The more likely the traffic is “bad,” the more likely it will get blocked. In a probabilistic system, perfection is never the goal. Some “bad” traffic will always manage to slip through, a fact the system’s designers know and account for. (This “good enough” approach can befuddle outsiders who expect authoritarian systems of control to operate cleanly, precisely, and with rigid conformity to a grand, balanced design, as though part of a Leni Riefenstahl film. But a probabilistic system isn’t designed to be pretty. It’s designed to work cheaply and efficiently.)
Probabilistic behavior is not unique to China’s network-level censorship system; intrusion detection systems around the world use the same framework to defend against cyber attacks. The ubiquity of probabilistic behavior, and the fact that it is relatively cheap and easy to repeat a billion times a day, means we should expect future censorship technologies to continue to rely on it. And though the system integrates new mechanisms as needed, it has mostly relied on the same core technologies for the last 20-odd years. This additive (and inherently reactive) strategy simply builds upon the existing substrate; without a major shift in how the internet functions, it will likely continue to rule the day.
A major shift in internet functioning, at least in China, may be on the horizon. IPv6+, a modified version of the alternative internet architecture Huawei introduced in international standards bodies seven years ago, fundamentally changes how the internet behaves at the network level. IPv6+ doesn’t necessarily change what censorship looks like to the end user—a blocked message is still a blocked message. But IPv6+ does change what
network-level censorship
looks like to the censors. IPv6+ systems write some content information on the outside of
data packets
, so censors don’t have to spend the time and money to unwrap them and peer inside. This, in turn, allows censors to more easily and directly jettison packets that contain prohibited content. In other words, with these new technical specifications in place, Beijing would rely less on technologies that subvert the normal functioning of the internet in order to implement censorship. It would instead simply make use of the new, censorship-friendly technical specifications it had already built in.
Yet, this type of censorship only works on traffic generated by IPv6+ systems. Other systems don’t write content information on the outside of packets, so packets generated abroad on non-IPv6+ systems and sent into China wouldn’t get censored by this particular method. But any traffic generated by a domestic IPv6+ system and sent fully through IPv6+ networks could be censored—meaning that if these networks become widely used in China, they would allow the government to rely less on platforms to censor domestic traffic for them. “There are quite a few indications that suggest that China, and especially the government, is thinking about how to make censorship sustainable in some way,” says MERICS Senior Analyst Antonia Hmaidi. She likens the potential of IPv6+ to the national real-name online ID system Beijing will implement in July: “This points in the same direction, wanting to take power away from the platforms and collecting power with the government directly.”
IPv6+ is not just a conceptual model being batted around in the international marketplace of ideas. Huawei and China Unicom already use IPv6+ in some of their own infrastructure in China, like networks serving financial institutions, coal mining companies, hospitals, and schools. A 2023 government directive, looking forward over the next two years, called for the creation of more than 1,000 IPv6+-compatible networks nationwide and of more than 50 “IPv6+ Innovation Cities,” with each city responsible for presenting more than 20 “outstanding examples” of IPv6+ applications. Such government incentives have had their intended effect. In 2024, Shanghai announced a plan to significantly increase use of IPv6+ in areas such as government service, broadcasting, manufacturing, finance, medical care, traffic control, education, and energy. Cities in other provinces are following suit.
The central government in 2013 also decreed the construction of a “high speed railroad” for the country’s internet. Completed in January 2025, the China Environment for Network Innovation (CENI) allows participants, like telecom companies, universities, and research institutes, to test new internet-based technologies. CENI’s network infrastructure covers 40 “core” cities and 133 secondary cities. Like IPv6+, CENI explicitly rejects the internet’s current default architecture in favor of a more efficient, but less privacy-preserving, framework. Indeed, in the 2013 document that mandated CENI, the Chinese government itself stated that existing internet protocols could “no longer meet the needs of future development by relying on increasing bandwidth and incremental improvements,” necessitating the deployment of new ones.
Similarly to the various IPv6+ projects underway throughout China, CENI does not yet operate as a general-purpose network that the public can connect its devices to. Instead, it supports more industrial or specialized applications, like a doctor in Shandong operating on a patient more than 120 miles away, or a major state media outlet creating a super-high-resolution streaming system. However, such “islands” of implementation could allow for broader deployment in the future.
Some local government services already use IPv6+, but it’s very hard to tell from the outside whether or not it is currently abetting government censorship. Beijing wouldn’t “need to do a big push to change the infrastructure,” says Hmaidi. “It’s not replacing anything, it’s just a software update by the
ISPs
. This is also what makes it difficult to understand the extent of use.”
Beijing will almost certainly continue the crackdown on non-state-approved circumvention providers, with a focus on preventing large players that can provide such technologies at scale. For international providers with anti-censorship missions that offer their tools for free, Beijing’s sustained onslaught presents specific challenges. Countering the system’s organized and well-funded defenses requires a significant outlay of resources, and, as one provider told scholars, “[c]urrently, there is no such thing as a unified entity that recognizes or supports those doing this kind of work. At the end of the day, this operation doesn’t pay one cent, and our resources are limited.” Even if such providers wanted to charge their customers, laws related to payment methods (both in China and in other jurisdictions) mean that doing so would expose developers, providers, and users to privacy and security risks. And though the user base for circumvention tools may wax and wane, we don’t believe the demand will ever fully disappear. Some version of the “airport” market—which does monetize its user base—will likely continue to allow users in China to watch foreign TV shows or access Instagram, even though providers can’t individually serve all that many users.
In fact, the airport market may offer some clues as to how to keep connections with China alive, at both the technical and human level. Patrick Boehler, the media researcher studying circumvention in China, says that airports help answer questions like, “What needs is a government information structure unable to meet? What does that tell you about that country, the people, the blind spots of that autocracy? It allows us to see where there are still bridges to Chinese society.” Rather than simply mirror the concerns of the Party-state, circumvention researchers and providers can meet Chinese users where they are—generally just trying to access fairly quotidian services related to entertainment, privacy, or workplace collaboration tools. “The state is hyper-focused on the so-called freedom fighters. There’s an opportunity there to work around that,” Boehler says. “If we reduce ourselves to that narrative, we’re just as dumb as the bureaucrats who are implementing the mandate.” This means that successful circumvention tools are going to be the ones that try to serve relatively large, relatively persistent, and less politically sensitive markets, like gambling, porn, or even cryptocurrency. Just as classified sections used to help fund newspaper journalism, the less decorous markets for circumvention tools might be what helps other users maintain access to uncensored news.
Airports also underscore the need for continued motion and churn. As Beijing hunts down new instances of circumvention tools, successful providers will be the ones who don’t depend on just one means of distribution, but have many different storefronts or other constantly-changing channels that they use to supply their digital goods.
Research into circumvention methods faces both opportunities and challenges in the present environment. New technologies may aid in several ways. First, machine learning could help researchers when developing a response against any new blocks Beijing implements, as it drastically reduces the time required to devise and test novel countermeasures. This somewhat ameliorates the massive resource advantage enjoyed by the censors. Second, because it takes time for Beijing to implement censorship measures against new technologies—think of the years it took for authorities to start censoring
HTTPS
traffic, or the months to censor the voice chat app Clubhouse—circumvention tools can make use of the latest tech to try to stay slightly ahead of the censors.
At the same time, however, academic research, which helps providers to keep engaging in the circumvention arms race, can be disconnected from the actual needs of users and developers. “Existing general-purpose [tools] . . . were rarely designed with the censorship threat model in mind,” noted the scholars who interviewed circumvention tool providers and users, “and their architects often show little interest in engaging in the cat-and-mouse game.” Novel academic research findings, they write, “often fall short of translating into tangible, deployable solutions that address the simpler, practical needs of users facing censorship.” Moreover, researchers often can’t work in countries with strict censorship, meaning they’re “trying to solve a problem [they] don’t experience or understand.” In China, a solution to the censorship problem might mean many different, constantly evolving circumvention options, rather than a more traditional one-and-done development model.
And yet, Beijing will continue to benefit from the fruits of international research while simultaneously attempting to shield itself from external observation. We know that engineers working on
network-level censorship
in China read international computer science literature and tweak the system to mitigate vulnerabilities they discover there. But information generally does not flow in the opposite direction—foreign researchers learn much of what they know about the current censorship system by conducting their own experiments, rather than from publicly-available accounts from the censors themselves.
And, censors may be taking steps that make such foreign experiments less reliable. International researchers have historically relied on the bidirectionality of China’s network-level censorship—that is, knowing that the same censorship rules apply to all traffic, whether it is entering or leaving the country—to conduct experiments outside the mainland and draw conclusions about the system’s overall behavior. But one scholar’s recent work suggests that Beijing has scrapped bidirectionality, at least for some types of connections. “If you send
packets
from the U.S. to Beijing, it would look like all domains are blocked. But that’s not the case,” says Zohaib, the Ph.D. student at UMass Amherst. Sending packets in the other direction, from Beijing to the U.S., would yield entirely different results. This means that, for the connections Zohaib studies, “bidirectionality is no longer in place.”
The loss of something as obscure as “bidirectionality” may seem trivial. However, it has the potential to upend how international computer scientists study China’s network-level censorship, because conducting computer science experiments from machines within the mainland has also become harder. It is increasingly difficult to configure an experimental setup that reflects that of an average Chinese user; foreign researchers who study the Chinese internet often use
proxies
that don’t accurately replicate a real person’s internet connection. Ethical concerns often prevent researchers from taking the next logical step to get representative internet access: asking Chinese citizens themselves to visit banned sites from their own devices and locations.
Thorny ethics questions also dog researchers who have managed to successfully collect data. Researchers who discover a vulnerability that could harm internet users, a company, or some other entity generally hold off on publishing their experimental results until the entity in question has had a chance to remedy the problem—a practice known as “responsible disclosure.” However, things become more complicated when the entity in question is a government censoring its citizens. “If you find a vulnerability in the Great Firewall, and if it’s not fixed some cyber criminals could intrude into a network and get private information, I believe that falls into the realm of responsible disclosure,” says Amir Houmansadr, a professor of computer science at the University of Massachusetts Amherst. “On the other hand, if we find a vulnerability in the censorship mechanism such that if we report it, it can only help the censors enhance their censorship and blocking capabilities, then we should not.” But, sometimes a vulnerability can lead to both of these outcomes, in which case “It’s a hard decision. Are the benefits of disclosing greater than the risks of disclosing?”
The question of benefits and risks also pertains to the safety of the researchers themselves. “Maybe the research you did was ethically correct, but publishing this paper could put some researchers, or some universities, at risk,” says Houmansadr. “Is it still ethical? Maybe the answer is no.” Compounding these difficulties is a lack of concrete procedures for researchers to turn to when they’re unsure what to do. “There are some guidelines, some papers, but there’s no protocol to follow.”
But perhaps the biggest problem plaguing international research is a dearth of long-term projects monitoring the censorship regime consistently over time. The scientific and academic research systems prioritize novel methodologies and findings, not the routine revisiting of previous experiments. With a few notable exceptions, our knowledge comes from experiments performed once and not repeated. Such a research cadence provides only snapshots of online censorship at a particular time. It can’t fully capture all aspects of such a dynamic system, which is more akin to the tides or the weather than to a static wall. As noted by several computer scientists nearly two decades ago, “maintaining a censorship ‘weather report’” provides better insight into the online censorship system than a series of one-off studies.
For many years, observers have worried that the open, globally connected internet would fracture into a collection of fragmented networks controlled by governments or corporations—a “splinternet.” This has, in fact, already happened in China: the Locknet is a splinternet. What observers did not necessarily expect was that a splinternet could interface so smoothly with the global internet. Within the Locknet, Beijing has tampered with some of the internet’s most basic protocols—including the
DNS
and
IP
systems—while still maintaining intercompatibility with international systems. In so doing, China has managed to reap the benefits of a splinternet while minimizing the costs.
These twin motivations—maintaining domestic information control within the Locknet while preserving congruity with the internet—will continue to guide Beijing’s goals in the international arena. We expect Chinese technology companies to continue expanding their presence in international internet standards bodies, advocating for protocols that prioritize efficiency at the expense of individual users’ privacy and security. (Though commercial entities, not the government, participate in international standards bodies, the proposals they proffer often dovetail with Beijing’s own interests. IPv6+, for example, was part of a strategy formulated by the Ministry of Industry and Information Technology in 2017.) No matter who proposes them—Chinese companies, U.S. companies, or anyone else—standards that pave the way for easier surveillance and censorship will continue to represent a threat to internet freedom worldwide.
The internet, for all of the cold, unfeeling metal and plastic it’s made of, is still a deeply human endeavor. Though bound by the laws of physics—the speed of light constrains how fast we can send cat memes to one another—the internet’s existing architecture did not evolve under the constraints of the natural world. Instead, humans constructed the internet for human ends, inevitably imbuing some human values into its technical design. Several key elements of the internet’s architecture reveal its designers’ assumptions, assumptions which align neatly with Western (and often specifically American) liberal values. In the notion that users’ messages remain unopened and unaltered by anyone other than the intended recipient: an echo of the right to privacy. In the expectation of unregulated contact and communication: a presumption of freedom of expression and assembly. And in the way that the system’s layers pass information to each other, ensuring that no one layer has too much insight into or command over the others: a belief that federated control averts tyranny. As Vint Cerf, one of the “fathers of the internet” wrote in a 2002 memo titled “The Internet Is for Everyone”:
Internet is for everyone—but it won’t be if Governments restrict access to it, so we must dedicate ourselves to keeping the network unrestricted, unfettered and unregulated. We must have the freedom to speak and the freedom to hear [. . .] Internet is for everyone—but it won’t be if its users cannot protect their privacy and the confidentiality of transactions conducted on the network.
But if humans constructed the internet, humans can change how it operates. None of the original assumptions about the internet’s purpose need hold forever—and therefore, neither do all aspects of its technical design. Internet architecture that supports privacy, assembly, and expression actively frustrates the Chinese Communist Party’s efforts to ensure its grip on power. The Party will keep trying to reshape internet norms, standards, and infrastructure—if not tearing down existing arrangements, then retro-fitting them in order to ensure its own survival and comfort.
In China, the internet is not for everyone. The internet is for the Party.
Additional reporting by Wenhao Ma.
