Joel Tope

Joel Tope

August 16, 2017

The Great Firewall of China has disrupted yet another popular application, as it tightens its grip on foreign communications services. WhatsApp, an incredibly popular voice and text app with over a billion active users in more than 180 countries, is no longer functioning at full capacity within Chinese borders. This is believed to be due to governmental filtering and censoring.

WhatsApp was originally released in 2009. Facebook acquired it in 2014 for nearly $20 billion. As an integrated messaging service, it gives users access to an entire communications platform that far surpasses simple SMS and audio call capabilities. This cross platform application also allows users to make video calls, share files and share images. However, one of WhatsApp’s key features is end-to-end encryption, which prevents Internet Service Providers (ISPs), governmental authorities and hackers from intercepting and reading messages as the raw data traverses the internet.

Given that social networking giant Facebook is still inaccessible, and that many consumer grade encryption services have been blocked by The Great Firewall of China, it should come as no surprise that the Facebook-owned messaging service has also been partially blocked. In fact, prior to recent events, WhatsApp was the only Facebook service that was fully accessible. Many users now repor that they are unable to send video and photo contents. Some report an inability to send basic text messages. It does seem, however, that portions of WhatsApp services are being only partially filtered.

The precise reasons for the blockage aren’t known. However, many speculate that economic motives, in large part, spurred the decision. International technology and app industries are highly competitive. WeChat, which was developed in China, stands to gain a massive competitive advantage. This is not the first time that the government has guided the growth and development of domestic services. It is not unlike the Google filter that was activated to expedite the growth and maturity of Baidu.

WhatsApp Security and Encryption Specifications

If you’ve ever used a VPN connection, you’re probably familiar with industry standard encryption technologies such as Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP)/Internet Protocol Security (IPSec), AES-128, and AES-256, among other popular protocols. Most consumer grade services openly state the type of encryption technologies used to secure data on landing pages. Doing so helps give users the peace of mind that their data is being responsibly safeguarded.

To learn more about the encryption used in WhatsApp, however, you have to do a little digging in a white paper on its End-to-End Encryption page. This page also includes a handy guide that details the process of verifying the encryption algorithm is working properly. As for technical details, the encryption key part of the technology is simply called Signal Protocol, which was developed by WhatsApp’s partner, Open Whisper Systems.

Interestingly enough, the entire process uses six different keys, as follows:

  • Identity key pair
  • Signed pre key
  • One-time pre keys
  • Root key
  • Chain key chains
  • Message key

Many of the keys facilitate overhead requirements to reliably and privately exchange payload encryption keys. The message key is of particular interest, since it’s an 80-byte value (640 bits) comprised of an AES-256 key (Advanced Encryption System), an HMAC-SHA256 key (Hash-Based Message Authentication Code and Secure Hash Algorithm) and a 16-byte IV (Initialization Vector).

If you don’t know what these protocols are, understand that Signal Protocol’s underlying technologies are encryption standards commonly used in military applications and the banking industry. They are extremely strong. If you’re still using WhatsApp on a semi-functional basis, know that your data isn’t being sent in plain text. Nevertheless, it is still beneficial to use a VPN tunnel.

Accessing WhatsApp in China

VPN tunnels are more difficult to access in China than other countries. However, many consumer-grade VPNs are still able to tunnel through the Great Firewall of China. Features that obscure metadata and payload information help to mitigate the risk of deep packet inspection (DPI) and help to protect privacy and anonymity. It is still possible to use VPN tunnels to fully access and utilize WhatsApp, though there is a large caveat.

Your contacts may also need to use a VPN tunnel, depending where they are physically located and where your VPN tunnel is terminated. Otherwise, it is highly likely that message delivery errors will occur as transmissions pass through Chinese firewalls. Nevertheless, a VPN is still useful, even outside the scope of WhatsApp, since a VPN tunnel can also help unblock foreign social media services like Facebook, and even filtered news and streaming content.

Chinese firewall policies are extremely dynamic in nature. They can change at the drop of a hat. For that reason, it’s difficult to try to predict which services will be available in the future, and whether or not the authorities will implement new policies that bar the use of VPN technologies. For the present, you can check our best VPN in China guide for the most current analysis.

Finding Geographically Relevant Servers

VPN tunnels can have the unfortunate drawback of tacking on latency to your internet connection. This can make it undesirable to connect to a server halfway around the globe. Thankfully, most VPN service providers strategically place servers across Asia. Just about every high quality provider places servers in Hong Kong and Tokyo. I recommend starting with connections to those two locations.

If you’re unsure about governmental censorship in a foreign country where a VPN server is located, then I highly recommend the Reporters Without Borders 2017 Press Freedom Index. The index ranks each country in terms of internet and press freedoms, availability of information, and accessibility of information, to give you an idea of how free internet censorship in foreign countries is.

Hong Kong may not be the most free and open region on the list, but it’s ranked at 73, and is better than most other options throughout Asia.

Final Thoughts

It still isn’t known how long WhatsApp will be blocked in China. There have been times in the past when blocked websites were later unblocked. This could be the case for WhatsApp. For now it just seems that it is being filtered. It isn’t yet illegal to access WhatsApp with VPN technologies. Nevertheless, it’s always better to use a VPN tunnel as you access the internet in China, to help prevent third parties and hackers from capturing your data or tracking online activities.

Image Credit: Ink Drop/

Joel Tope
May 30th, 2018

Joel Tope is a technology writer with a smattering of active certifications, such as the CCNP, and experience as a network engineer. Though passionate about security, he has an eclectic understanding of information technology. In his free time, he loves to run marathons, travel, and dig into the latest thriller novel.

3 responses to “Facebook’s WhatsApp Service Filtered in China

  1. It’s not China blocking Whatsapp, it is Whatsapp moving its servers from IBM servers to Facebook servers. These servers are blocked.

    1. Hmm, that’s a good point Sven. So while it is true that Facebook moved servers from IBM to Facebook’s own in-house servers, every report I read (including trustworthy sources like the New York Times) reported that the issue was due to changes in governmental censorship and blocking WhatsApp itself.

  2. wow china sure is making sure they are in control of their people both on and off the internet. Thank god VPNs exist for me I presonally use FrootVPN its fast and secure

Leave a Reply

Your email address will not be published. Required fields are marked *