China has recently stepped up its efforts to block the use of VPN to evade censorship restrictions, so in an effort to provide the best and most up-to-date information available, we have scoured the internet and heeded the helpful advice of our readers who are ‘on the ground’ in mainland China, to update this article. Readers should be aware, however, that even more so than usual, the situation at the moment is very fluid…
Despite opening up economically and embracing capitalism, China remains firmly under the control of an oligarchic Communist Party who want the economic benefits of capitalism, without the nuisance of having a politically empowered population who can engage the free flow of ideas with the rest of the world, which it sees as a threat.
In order to ensure that its population remains as uncontaminated as possible by ‘dangerous’ and ‘un-Chinese’ foreign influences (such as notions of democracy, freedom of political and religious expression, the right to uncensored access to information, etc.), the Chinese government has developed the most ambitious, sophisticated, and effective mass censorship system in the world – the ‘Great Firewall of China’ (GFW).
One of the most effective ways for both nationals and visitors to mainland China to bypass the GFW is by using a VPN service, although as we shall explore later in this article, even with this technology, evading Chinese state censorship remains a challenge.
Positives: Fast speed boosted for China, servers in 78 countries, operates on all devices, multiple VPN protocols, 256-bit OpenVPN, 30 day money back guarantee, ‘stealth’ servers in Hong Kong, no usage logs, 2 simultaneous connections, phenomenal customer support
Negatives: Not the cheapest VPN
A big international company with servers just about everywhere (Hong Kong, Japan, Taiwan and West Coast US), ExpressVPN is fast, has great apps for iOS and Android, and sports a 30 day money back guarantee. ExpressVPN does not keep traffic logs and is specifically engineered to be reliable from anywhere in China. More importantly, ExpressVPN runs ‘stealth servers’ located in Hong Kong and elsewhere, which are designed to hide the fact that VPN is being used. All in all ExpressVPN offers a good balance of features, with lots of bells and whistles, and reliability.
While ExpressVPN is a few dollars more expensive than other providers, it’s well worth the money if you need a reliable and fast VPN option in China. With their 30 day money back guarantee, you have plenty of time to try it out risk free and make sure it works well for you.
Positives: no logs, fast, great OSX and Windows software, P2P: yes, 2 simultaneous connections, ‘CloakRouted’ servers Hong Kong and West Coast US , website not blocked at time of writing
Negatives: 128-bit Blowfish OpenVPN encryption could be stronger
This Malaysia based VPN provider is in a good position to serve users in China, as it provides ‘CloakRouted servers’ designed to allow access through the GFW, and for some reason the website does not appear to be blocked at time of writing. As a provider, BolehVPN impresses us with a no logs policy, great Windows and OSX VPN software, and excellent connection speeds, so it is little surprise that this relatively small provider is very popular throughout South East Asia.
Positives: no logs at all, transparent service, accepts Bitcoin, , 256-bit AES encryption, dynamic port forwarding, real-time user and server statistics, support for Tor over VPN and VPN through SSL and SSH tunnels, good speeds, 3 day free trial, uses shared IPs, P2P: yes, 3 simultaneous connections, server in Hong Kong
Negatives: website blocked by GFW
We know that AirVPN is a slightly odd choice to recommend given that its website is blocked in China, but if you can get around this (by signing-up before visiting China, or using one of the VPN alternatives listed in the discussion below), then when it comes to censorship busting technology, AirVPN is very hard to beat. It supports VPN through Tor, as well SSH and SSL tunneling (which conceals that fact that VPN is being used by hiding the OpenVPN traffic inside a regular looking SSH or SSL tunnel, which are very resistant to the kind of deep packet inspection used by the GFW), and we are always impressed by AirVPN’s dedication to privacy, reliability, and connection speeds. Edit: We are told that if you email the AirVPN team, they can provide access to the AirVPN website through a URL that is not blocked in China.
Positives: No logs, very fast, shared IPs, SSH tunnelling, DD-WRT routers, server status information P2P: yes, servers in Hong Kong, Japan, West Coats US
Negatives: Encryption on most servers a bit meh, customer service could be better, jurisdiction uncertain
According to our latest reports, TorGuard remains uncensored in China, especially when using its obfuscation technology, which TorGuard explained to us as follows,
‘[We] run an adaption of obfsproxy for OpenVPN which acts as a bridge between client and server. In this way the end user’s traffic is transformed into regular looking HTTP traffic making it virtually impossible to be filtered by firewalls seen in China or Iran. We have recently acquired many new clients behind the great firewall of China and as a result have also started offering secure SSH tunnel services.’
TorGuard has servers in all sorts of useful locations, and although the encryption it uses on most of its servers is somewhat uninspiring, it is a solid provider.
Positives: fast, 160-bit and 256-bit OpenVPN encryption (Pro only), Android app, iOS app, servers in Hong Kong, 7 day money back guarantee, up to 3 simultaneous connections, no usage logs, ‘Chameleon’ anti-GFW system
Negatives: P2P:no, pricey
VyprVPN is one of the most polished and technically proficient VPN providers out there, although the fact that it records and keeps a lot of metadata, and is based in the US, means the service is not ideal for privacy fanatics. This is not, however, something that should worry most people simply seeking to evade censorship in China, who can take full advantage of VyprVPNs know-how, and especially its ‘Chameleon’ anti-0censorship technology which ‘scrambles OpenVPN packet metadata to ensure it’s not recognizable via deep packet inspection, while still keeping it fast and lightweight. The Chameleon technology uses the unmodified OpenVPN 256-bit protocol for the underlying data encryption’ to access international websites unhindered.
Other VPN providers reported to be working are MyVPN, PureVPN, and Hide My Ass (HMA) (reviewed) and TigerVPN and MoleVPN (not reviewed by us). IronSocket also offers stealth servers.
Before we discuss using VPN to evade censorship in China, there are couple of important points to note. The first is good news – to the best of our knowledge evading (or trying to evade) censorship in China will not get you in trouble. The Chinese government does its best to block censorship evasion technologies such as VPN, but does not persecute those who try to use them. If one service or method does not work, there is therefore little to be lost by trying another until you find one that does.
On a less positive note, the situation in China is continually changing, so what works one day may not work the next (although the reverse is also true). In addition to this, BestVPN is not based in China, so we have no direct way of testing how well the services discussed in this article actually work, and have to rely on anecdotal evidence, and the experiences our readers share with us. We do, however, strive to keep our information as accurate and up-to-date as possible.
The Great Firewall of China
More correctly known as the ‘Golden Shield’ project, the first phase of the GFW was completed in 2006, but it has since grown in complexity and scope, restricting internet access into and out of mainland China to only three access points, and employing up to fifty thousand cyber-intelligence specialists, who employ tactics such IP blocking, DNS filtering, URL filtering, and packet filtering, to police the data-waves.
Actual implementation of the GFW, however, is very patchy and inconsistent, with websites that are blocked in one province or jurisdiction often accessible from one next door, and many totally innocuous websites that are apparently devoid of political or otherwise objectionable content finding themselves blocked. Sometimes even widely blocked websites such as Google+ are occasionally accessible.
If you wish to check whether a given website will work in China, excellent free tools are available here and here.
Using VPN to defeat the GFW
VPN is a fantastic anti-censorship tool, but this is something the Chinese government is very well aware of, and has therefore gone to considerable lengths to prevent the use of.
One important thing for visitors to note is that it is much easier to setup a VPN service before traveling to China than it is once there, as while China blocks access to many VPN websites, their servers can often still be used by the VPN software if already installed on a device.
An important new development is that a number of VPN providers have adapted the obfsproxy technology used for Tor (or have developed something similar of their own), which allows them to offer censorship-busting ‘stealth severs’, usually located in Hong Kong.
Speaking of Hong Kong, despite the recent upset caused by the pro-democracy protests, the Special Administrative Region remains one of the most free and uncensored places to access the internet in Asia, which of course makes it a fantastic location for VPN servers (although users closer to Taiwan or Japan may obtain better speed using servers based in in those countries). Users looking to stream content from the US should of course look out for providers who offer servers on the West Coast (most do).
If you find that a VPN service is blocked, then it is worth switch VPN protocols (for example from OpenVPN to L2TP or PPTP. Windows users (Vista SP1+) also have the option of using SSTP if the provider supports it (although most don’t).
At least as secure as OpenVPN (and often sporting 2048-bit SSL encryption), the SSTP protocol is very difficult to block as it uses the same TCP port 443 as SSL, meaning that to block it would effectively hamstring the internet. While we are sure that China is not above doing this, it has not done so this far. OpenVPN can also be configured to use TCP port 443 if a provider supports port forwarding.
One last point is that the GFW sometimes indulges in the practice of DNS spoofing (also known as DNS poisoning – blocking IP request results or redirecting them to other servers). We strongly suggest that all users in China change their DNS settings from their ISP’s default (a guide to doing this in Windows is included here.)
In this article we discuss other ways to access the internet from inside China, and while none of these methods provides the speed or functionality of VPN, they can be used to signup to a blocked VPN service and download its software. In addition to Tor and SSL (discussed in the article), other options include:
obfsproxy – this is in fact a tool used by Tor to wrap data into an obfuscation layer, making it difficult to detect that Tor is being used. An increasing number of VPN companies are now also using obsfsproxy (or something similar) to hide OpenVPN use as well
VPN Gate – a free, non-commercial ‘Academic Experiment Project’ developed by the University of Tsukuba, Japan. It is effectively a volunteer-run VPN network, using strong encryption, and with many nodes located throughout Asia (making it very useful for users in China)
Lahana – one of the biggest problems with using Tor is that the GFW routinely blocks all known exit nodes. Lahana uses a similar technology (derived from Tor), but makes setting up nodes ‘stupidly easy’, so the beauty of the system is that with nodes being so easy to set up, any attempt to block them will be very difficult as more can be readily created. It was designed to defeat censorship in Turkey, but should also work well in China
Psiphon – this free anti-censorship tool uses a combination of VPN, SSH and obfuscation technologies to bypass GFW style censorship. If you encounter a block when using VPN, for example, you can switch to SSH or obfuscated SSH (SSH+) instead. One of the best things about Psiphon is that if you find the Psiphon website blocked, you can request the software be sent to you via email (contact email@example.com).
Despite its very best efforts, defeating the GFW using VPN services is very doable (and popular). It can however be something of a cat and mouse game, where the rules change all the time. Nevertheless, with a little patience and flexibility there should be no need to find your internet censored while in mainland China.