Great Firewall of China

China enforces a national firewall to block access to foreign websites, apps, and online services. The Communist Party of China leverages IP address blocking and deep packet inspection (DPI) to prevent access to Western platforms it considers a threat to state control. Even encrypted traffic is subject to inspection, which is why most VPN connections fail inside China.

China’s censorship machine is known as the Great Firewall of China (part of the broader Golden Shield project). This sophisticated system of internet censorship is enforced throughout Mainland China. It combines legal controls, activity monitoring, and automated ISP-level filtering to impose widespread internet blocks.

You can bypass the Great Firewall using a VPN for China. However, you must use a specialized VPN with obfuscation (stealth protocol), which conceals VPN traffic as normal HTTPS bound for a website.

Learn how the Great Firewall works and how to use a VPN to access Google, YouTube, WhatsApp, Facebook, Instagram, Wikipedia, and other restricted sites in China.

What is the Great Firewall of China (GFC)?

The Communist Party of China (CPC) has been in power since 1949. After winning the Chinese Civil War, it took control of the country and established the People’s Republic of China. It has remained in power ever since and has relied heavily on censorship to maintain control over the regime’s cultural values and ideology.

Since the rise of consumer internet use in the early 1990s, the CPC has maintained a staunch stance against its potential use for dissent. This led to the development of the Golden Shield project, a system designed to implement internet access controls and widespread online surveillance.

When did the Great Firewall of China commence?

China’s surveillance and censorship first started rolling out in the mid-2000s. At that time, it served as a loose patchwork of filters installed at international gateways (the points where internet traffic enters China from the rest of the world). It leveraged IP blocking, DNS tampering, and simple keyword-based content filtering to restrict access to any website or service that the CPC felt might lead to the dissemination of ideas, theories, or news that was critical of the government or China’s cultural and political beliefs.

Since then, the Great Firewall has evolved and upgraded to stop users from leveraging technologies such as basic proxies to change IP addresses and conceal access to restricted content. The GFC now actively restricts international internet traffic through a small number of tightly controlled gateways.

As a result, China’s sophisticated censorship system combines ISP-level filtering, deep packet inspection, traffic fingerprinting, IP, domain, and SNI blocking, DNS poisoning, and AI-assisted tools.

These systems actively monitor users, track activity, harvest communications metadata at scale, enforce profiling, and block attempts to bypass censorship using VPNs.

How does the Great Firewall work?

Much of what is known about the Great Firewall comes from long-term analysis, academic research, and testing by security researchers inside and outside China. As a result, current understanding is based on side-channel observations rather than official documentation, as the Chinese government does not publish guidelines or technical specifications explaining how the GFC operates.

The Great Firewall goes beyond basic filtering based on keywords and domains. It relies on a combination of sophisticated tracking and blocking techniques to restrict access to websites and services deemed incompatible with local laws and cultural norms.

Below, I have outlined the key regulations and technical controls used to restrict access to the global internet. These measures are designed to limit exposure to information and viewpoints that fall outside state-approved narratives.

What regulations in China allow for censorship and surveillance?

Numerous regulations allow the Communist Party of China to engage in online surveillance and censorship, including the use of the Great Firewall of China to block international access.

According to the most recent Freedom House report, China continues to rank among the least free countries in the world for internet access. In 2025, China scored just 9/100 due to widespread restrictions, state surveillance, and punishment for online speech critical of the government or considered a threat to the peace.

Freedom House China scores

Here are the main laws and regulations that provide the legal basis for censorship, data control, and tracking of users online in China:

Cybersecurity Law (CSL)

The Cybersecurity Law was passed in 2017. It requires platforms to censor “illegal” content, localize user data, cooperate with state inspections, and block foreign threats, with expanded AI surveillance powers and fines of up to RMB 10 million for non-compliance.

Provisions on the Governance of the Online Information Content Ecosystem

Issued in 2019 and effective March 1, 2020, these rules require online platforms to deploy technical systems and human moderation to detect, suppress, and remove “illegal” and “negative” information, including politically sensitive content. They also place responsibility on content producers and platforms to proactively promote material aligned with China’s Core Socialist Values.

Internet Information Service Algorithmic Recommendation Management Provisions

Implemented in 2022, this regulation governs recommendation algorithms, requiring the promotion of “positive energy” content and the suppression of dissenting narratives.

Public Security Administration Punishment Law

This law came into effect January 1, 2026. It expands police monitoring powers and allows detention for sharing prohibited online content, including in private communications.

National Intelligence Law

Passed in 2017, this law compels all organizations and individuals to support state intelligence work, including mandatory data sharing and surveillance assistance.

Data Security Law (DSL)

Enacted in 2021, the Data Security Law classifies data by sensitivity and restricts the transfer of “important” or “core” data outside China without government approval.

Personal Information Protection Law (PIPL)

Introduced in 2021, PIPL regulates personal data processing while requiring companies to provide access to user data for national security and law enforcement purposes.

Counter-Espionage Law

Amended in 2023, this law broadens the definition of espionage to include data collection and digital activity, granting authorities expanded powers to inspect devices and seize information.

As you can see, China leverages a multiplicity of laws to crack down on freedom of access online. This ensures that the government can easily monitor, control, and penalize citizens who try to escape censorship or express dissenting opinions.

How does China enforce technical blocks and prosecutions?

Enforcement of China’s internet controls is handled by multiple state bodies.

The Cyberspace Administration of China (CAC) is responsible for censorship rules and platform compliance. The Ministry of Public Security (MPS) handles investigations, arrests, and prosecutions related to online activity deemed harmful.

Internet service providers in China are required to enforce these rules at the network level. This includes IP blocking, DNS interference, and traffic inspection.

The end result is a single, coordinated system that combines legal pressure, technical enforcement, and the threat of punishment. This creates a classic Panopticon, where netizens self-censor to avoid criticism from fellow citizens and potential consequences from the MPS.

How does China block websites?

Below, I have outlined the technical controls China uses to restrict access to foreign websites and prevent the use of circumvention tools such as VPNs.

  • Restricted international gateways: The state routes all international internet traffic through a small number of tightly controlled gateways. This architecture allows authorities to inspect or block most cross-border traffic before it reaches users inside China, making centralized filtering and surveillance easier to enforce.
  • IP address blocking: The Chinese government blocks entire IP address ranges. This action makes websites and services inaccessible from within China unless users connect through a VPN.
  • URL filtering: Transparent proxies actively scan URLs, HTTP headers, and HTTPS Server Name Indication (SNI) fields for banned keywords and domains.
  • DNS poisoning: Authorities instruct Internet Service Providers to block or redirect DNS requests for banned websites, which prevents domains from resolving correctly.
  • TCP reset attacks: Network controls deliberately interrupt connections to restricted websites, preventing pages or services from loading.
  • Deep packet inspection (DPI): DPI plays a central role in monitoring and blocking encrypted connections across the network, including detecting and blocking many VPN connections.
  • Fake SSL root certificates: Chinese Certificate Authorities have issued unauthorized SSL certificates in the past, enabling man-in-the-middle attacks on HTTPS traffic. For example, Google publicly identified unauthorized certificates in 2015 that the Chinese CA CNNIC issued. This tactic remains rare but worth bearing in mind, as authorities could use it for targeted attacks.
  • Active probing: Authorities actively scan connections to identify and block VPN servers, Tor bridges, SOCKS5 proxies, and other anti-censorship tools.
  • Blocking access to VPN and Tor downloads: Authorities block websites and app stores that distribute VPNs or Tor, and Apple has removed major VPN apps from the App Store in China.

Do these techniques help to block VPNs?

Yes. When combined, these techniques allow authorities to identify, disrupt, and blacklist circumvention tools at scale. This is why most standard VPN connections fail inside China.

Later in this guide, I explain which VPN features still work in China and recommend providers capable of bypassing the GFC.

Is Hong Kong affected by the GFC?

No, but surveillance and censorship are increasing nonetheless.

Hong Kong and Macau are technically Special Administrative Regions (as defined under Article 31 of China’s Constitution and their Basic Laws). This means that Hong Kong and Macau retain the right to govern themselves independently, including offering access to the internet that mainland China’s Golden Shield project does not affect. As a result, citizens in Hong Kong can access many websites that authorities block elsewhere in China.

However, things are changing. Local governments in Hong Kong and Macau now face increasing pressure to comply with Chinese surveillance practices. While this pressure has not led to a full rollout of a national firewall, it has expanded surveillance powers and increased censorship through local courts.

The 2020 Hong Kong national security law, for example, allows authorities to try Hong Kong citizens in mainland China if they commit crimes related to serious offenses such as secession or sedition. The law also expands surveillance powers related to investigations into crimes that affect national security.

Following the 2020 National Security Law, Hong Kong police can order platform-specific blocks and restriction requests and require ISPs to enforce them. ISPs and individual platforms comply with these requests selectively.

What websites are blocked in China?

Are you living in or visiting China? Want to know which websites, apps, and services are blocked? Below is a list of commonly blocked websites and services in China:

Social Media and Communication Apps

Google Ecosystem

  • Google services and apps are all blocked: Gmail, Calendar, Docs, Google Maps, Play Store, Drive, Search, Translate, Photos, etc.

Streaming and Gaming

News Outlets

  • BBC
  • CNN
  • New York Times
  • Wall Street Journal
  • Reuters
  • Bloomberg
  • The Guardian
  • Time
  • Hong Kong Free Press
  • ABC
  • Medium

Productivity and Cloud

  • Dropbox
  • OneDrive
  • Slack
  • Pinterest
  • Quora
  • Wikipedia (most pages blocked; limited access via mirrors)
  • iCloud

Search, AI, and Privacy Tools

If you want to access any of these services in China, you will need a reliable VPN. 

Best VPNs for bypassing China’s Great Firewall

Below are the best VPNs I recommend for bypassing the Great Firewall of China:

  1. NordVPNThe best VPN overall for China TIP In our testing we found that the cheapest NordVPN plan (Standard) works perfectly for China.
  2. SurfsharkBest for users on a budget
  3. ExpressVPNBest for users who want a premium VPN
  4. Hotspot ShieldGood choice for streaming with dedicated servers
  5. VyprVPNLarge global network with decent speeds
  6. PureVPNIdeal for users connecting in restrictive countries
  7. PrivateVPNIdeal for torrenting with free port forwarding
  8. UltraVPNWide choice of servers in Asia
Get NordVPN - the #1 VPN for China
Warning

Many VPNs claim to protect your privacy and offer a fast, reliable connection but most (especially free VPNs) limit your connection speed or leak information.

We regularly test the top 70 VPNs for security and speed and this list only includes VPNs which are fast, reliable and are highly rated for privacy and security. Plus we only recommend VPNs which offer a full-money back guarantee allowing you to try them risk free.

How to bypass the Great Firewall of China with a VPN

Using a VPN to bypass blocks is easy as long as you stick to a recommended VPN. My top picks have all been tested to bypass China’s censorship. These VPNs are reliable, fast for streaming, and offer the privacy features needed to conceal your activities from local networks, ISPs, and government snoops.

New to VPNs? I have included all the steps needed below: 

  1. Choose a VPN that still works in China. Most consumer VPNs are blocked by the Great Firewall. I recommend NordVPN for its strong obfuscation and reliability, Surfshark as a cheaper option with unlimited device connections, and ExpressVPN as a premium alternative known for its native obfuscation on OpenVPN.
  2. Subscribe to the VPN before entering China if possible. VPN websites are often blocked inside China. Signing up in advance avoids unnecessary complications. You will receive a significant discount by following the links above, thanks to my special coupon code. All three VPNs also offer money-back guarantees, so you can test them risk-free.
  3. Install the VPN app on your device. The VPNs in this guide have apps for Windows, macOS, Android, and iOS. If possible, I recommend installing these apps before you head to China. If you live in China and have any trouble accessing the VPN’s website, remember that you can email your VPN to gain direct access to the APK file or Windows VPN download.
  4. Enable obfuscation. Obfuscation (sometimes called a stealth VPN) disguises your traffic as regular HTTPS. This allows the VPN to connect and bypasses deep packet inspection and traffic fingerprinting used by the Great Firewall. Without this enabled, most VPN connections will fail.
  5. Enable the kill switch. A kill switch prevents your real IP address or DNS requests from leaking if the VPN connection drops or is interrupted. This ensures that you don’t leak your web activities to your ISP if the VPN connection drops. Hugely important to prevent your activity from singling you out as suspicious.
  6. Connect to a server outside mainland China. Choose servers in Hong Kong, Japan, Singapore, Taiwan, or South Korea to gain the best possible speeds. Alternatively, connect to a server in a specific country if you want to access a particular streaming service, such as the UK, to watch BBC iPlayer from China.

WANT TO TRY THE TOP VPN RISK-FREE?

NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use the VPN rated #1 for China with no restrictions for a month.

There are no hidden termsjust contact support within 30 days if you decide NordVPN isn't right for you, and you'll get a full refund. Start your NordVPN trial here.

Is it legal to use a VPN in China?

No law bans using a VPN for basic online privacy in China. Simply having a VPN subscription is not, by itself, illegal. However, authorities officially permit only government-approved VPN services. These services must register with the relevant authorities, log user activity, and provide access to data upon request.

Some multinational companies operate government-approved enterprise VPNs for internal use, but these services do not focus on privacy and do not bypass the Great Firewall. For privacy reasons, the VPNs I recommend do not register in China.

In practice, it is how you use a VPN rather than having one that could get you in trouble. Using an unapproved VPN to bypass the Great Firewall may violate Chinese internet regulations. Authorities can treat access to censored websites and services as a compliance risk. For this reason, using a highly reliable VPN is essential. A strong VPN helps prevent local networks and ISPs from detecting VPN use.

Note: I am not an attorney, and nothing in this guide should be taken as legal advice. Always check local laws before using a VPN to bypass blocks. VPN use is a personal decision and is undertaken at your own risk.

Frequently asked questions

Why doesn’t China allow Google?

In 2010, Google stopped complying with state censorship requirements and withdrew its search services, which led to a nationwide block on Google Search, YouTube, Gmail, and other Google services.

Why doesn’t China allow Facebook?

Facebook became blocked in 2009 after it was used to organize protests during unrest in Xinjiang. When authorities requested access to user data linked to protesters, Facebook refused. This resulted in a crackdown throughout mainland China.

Why doesn’t China allow Twitter?

Twitter was blocked at the same time as Facebook in 2009. Authorities cited its use for protest coordination and rapid information sharing during the Ürümqi riots as the reason for the ban.

Does China allow social media?

Yes, but only domestically operated social media platforms that are hosted and registered in China. International services such as Facebook, Instagram, Twitter (X), and Quora are blocked nationwide.

Chinese platforms like WeChat and Weibo remain fully accessible. However, these services are legally required to comply with government data requests and censorship rules. As a result, users should assume that social media activity on domestic platforms is monitored and subject to state surveillance.

Do tools like DoH, DoT, ESNI, Tor, or Shadowsocks bypass the Great Firewall?

These circumvention tools are sometimes suggested as alternatives to VPNs, but they are not suitable to bypass the GFC without being tracked.

Encrypted DNS methods like DoH (DNS over HTTPS) and DoT (DNS over TLS) only protect DNS lookups and do not hide the websites you visit from local networks or ISPs. This means your activity can still be monitored, which may draw attention.

ESNI (Encrypted Server Name Indication) is a browser-based feature that hides the destination website name during HTTPS connections. It works independently of VPNs, does not conceal where your traffic is going from local networks or ISPs, and does not prevent the Great Firewall from detecting or blocking VPN or proxy traffic using deep packet inspection.

Shadowsocks can work in some cases, but requires technical setup and is increasingly blocked. That said, a few leading VPN providers also include a SOCKS5 proxy, which you can test as a fallback while in China. Just bear in mind that a Shadowsocks or SOCKS5 proxy does not provide the same level of privacy or protection as an obfuscated VPN connection.

A VPN with obfuscation and a kill switch remains the most practical option for bypassing blocks privately within China.

See also: How to get a Chinese IP address