Inside China's Great Firewall with Jackson Sippe

Jackson Sippe, a PhD researcher, unveils the inner workings of China's Great Firewall (GFW), one of the world's most sophisticated censorship systems. His team's groundbreaking research exposed a "pop count" based algorithm that blocked fully encrypted proxy protocols from November 2021 to March 2023, and they developed circumvention techniques to restore access. The discussion highlights the GFW's dynamic nature, the cat-and-mouse game of censorship, and the broader implications for global internet freedom.

✨ Key Takeaways

• 1
  PopCount Detection

  The GFW used a novel "pop count" algorithm to detect and block fully encrypted traffic by measuring the bit density of payloads, specifically targeting traffic with 3.4 to 4.6 set bits per byte.

• 2
  Circumvention Strategies

  Researchers developed effective techniques like pop count manipulation (adding bits to payloads) and prepending HTTP/TLS headers to bypass the GFW's detection, successfully implemented in tools like ShadowSocks.

• 3
  Dynamic Censorship

  A significant blocking event from November 2021 to March 2023 targeting fully encrypted protocols ceased, possibly linked to political events or computational intensity — showcasing the GFW's evolving and opaque nature.

• 4
  The "Great Bottleneck"

  Beyond direct censorship, China experiences a "Great Bottleneck" — slow international download speeds attributed to a lack of international infrastructure, which implicitly encourages use of domestic services.

• 5
  Global Censorship Export

  Chinese corporations like GEDGE are actively commercializing and exporting censorship software and hardware to other nations, including Kazakhstan and Myanmar, indicating a global spread of national-scale internet control.

💬 Notable Quotes

• "And ultimately, what we found was that they were determining the entropy of the payload based off of the number of bits that had been set in the total payload… they were doing a pop count on each byte and if it was roughly 50% of bits set, they would consider that to be high entropy traffic and ultimately block those connections."

  — Jackson Sippe

• "Cat and mouse is the term that we frequently use — how are we going to get just one step ahead this week?"

  — Jackson Sippe

• "I think it is truly just a lack of international infrastructure in China."

  — Jackson Sippe