How to Get Around China’s Great Firewall

How to Get Around China's Great Firewall

Thousands of essential sites such as Google are blocked in China due to its infamous internet censorship. Find out how to get around the Great Firewall like the locals do.

Last Update: November 16, 2019

Personally, the single biggest headache when traveling in China is its internet censorship. The majestic Great Firewall of China. Thousands of essential websites and apps are blocked in China like Google, Gmail, Google Map, Facebook, Twitter, YouTube, Dropbox, etc.

You can check whether the sites you need access to are blocked here.

Even if the websites are not blocked, I found the connections are extremely slow. I got dropped off constantly. Even a task as simple as sending off a work email was difficult.

Most business travelers get around the firewall issue by tethering to phone with international data roaming. If you don’t have the luxury to afford this or if the connection is still too slow, you may want to consider how to bypass the firewall once and for all.

If you research this issue online, you’ll find most sites recommend you using a paid VPN service in China. That’s what we did, thinking there must be an easy solution as long as you are willing to pay. We chose NordVPN as they said they were the “only VPN that works in China”. Guess what? IT DID NOT WORK. Another popular VPN said to work is ExpressVPN. I have not tried it but have seen conflicting reviews. In any case, I’m sure there are many VPNs out there that indeed work from time to time, but be warned that Chinese government is keen on blocking these so there’s no guarantee that these paid VPN services would actually work when you need it.

I ended up spending an entire day in China desperately trying to figure out how to get a reliable and decent connection. The solution I found: Shadowsocks.

I’m not getting any money from recommending this. Shadowsocks is an open-source application and with a bit of planning and work, you may be able to solve the firewall problem for free or just a couple of dollars.

What is Shadowsocks?

An open-source SOCKS5-based proxy project, Shadowsocks is an intermediary mainly designed to bypass censorship. It was first released in 2012 by its creator, a Chinese programmer under the pseudonym “clowwindy”.

In 2015, the programmer announced that they were retiring from the project due to pressure from the Chinese police. Since then, Shadowsocks has remained open source, maintained and improved by many collaborators.

This article explains in more details on how Shadowsocks works:

Shadowsocks is based on a technique called proxying. Proxying grew popular in China during the early days of the Great Firewall—before it was truly “great.” In this setup, before connecting to the wider internet, you first connect to a computer other than your own. This other computer is called a “proxy server.” When you use a proxy, all your traffic is routed first through the proxy server, which could be located anywhere. So even if you’re in China, your proxy server in Australia can freely connect to Google, Facebook, and the like.

But the Great Firewall has since grown more powerful. Nowadays, even if you have a proxy server in Australia, the Great Firewall can identify and block traffic it doesn’t like from that server. It still knows you are requesting packets from Google—you’re just using a bit of an odd route for it. That’s where Shadowsocks comes in. It creates an encrypted connection between the Shadowsocks client on your local computer and the one running on your proxy server, using an open-source internet protocol called SOCKS5.

How is this different from a VPN? VPNs also work by rerouting and encrypting data. But most people who use them in China use one of a few large service providers. That makes it easy for the government to identify those providers and then block traffic from them. And VPNs usually rely on one of a few popular internet protocols, which tell computers how to talk to each other over the web. Chinese censors have been able to use machine learning to find “fingerprints” that identify traffic from VPNs using these protocols. These tactics don’t work so well on Shadowsocks, since it is a less centralized system.

Each Shadowsocks user creates his own proxy connection, and so each looks a little different from the outside. As a result, identifying this traffic is more difficult for the Great Firewall—that is to say, through Shadowsocks, it’s very hard for the firewall to distinguish traffic heading to an innocuous music video or a financial news article from traffic heading to Google or some other site blocked in China.

It’s important to note that unlike VPN, Shadowsocks isn’t designed for privacy and anonymity. While both VPN and Shadowsocks encrypt data, Shadowsocks is much more lightweight. VPN uses many layers of military-grade encryption protocols to completely hide the traffic on its servers. Shadowsocks makes data ‘blank’ to look more like HTTPS traffic, so that it can move around unrestricted. It is not hidden, like on VPN, just disguised.

How to Use Shadowsocks?

To use Shadowsocks, you need to have two things: a Shadowsocks client application and a remote Shadowsocks server located outside of China. The client application can be easily downloaded from the website or an app store, but the Shadowsocks server is a little complicated to set up.

1. Client Application

Click Here to download Shadowsocks client applications (Windows, Mac OS X, Android, iOS, Linux, OpenWRT)

2. Remote Server

Setting up a server is a complicated process. For this reason, many users in China ask for accounts set up and shared by other tech-savvy users, or pay a small fee to buy access from sellers. We paid about $2 for such service from this website, and it worked like a charm! After registration and paying the fee, we were given step-by-step instructions to set up the client application where we can select from a list of numerous available servers, each of them with live indication of response time and the ability for us to test speed from our own device. Once connected to a desired server, we just kept Shadowsocks running in the background, and we were able to access restricted sites as if we are in US on all of our laptops and phones.

The downside of this website is that it’s currently all in Chinese, and requires payments from the Chinese payments systems like Alipay. Please see Using Money in China – A Comprehensive Guide for Non-Chinese Tourists in Tech Era for detailed instructions on how to set up payment solution in China. If Google Translate does not help and you need further help with this, please contact me and I’ll be happy to help where I can. Meanwhile, please be mindful that circumventing the Great Fire Wall is not legal in China, and the survival of these Shadowsocks service providers depend on our discretion and efforts in keeping it underground.

Alternatively, you can also set up the server yourself. This article provides instruction on how to do this using a new Shadowsocks software called Outline. Traditional way of setting up Shadowsocks remote server can be found here.