What Is the Great Firewall of China and How Does It Work?

Reading time: 10 min

Updated on January 02, 2025

  • Sayb Saad

    Written by Sayb Saad Cybersecurity Specialist

  • Justyn Newman

    Fact-Checked by Justyn Newman Lead Cybersecurity Editor

China’s Great Firewall blocks many websites and apps you use every day. If you’re traveling, working, or living in China, losing access to Google, Facebook, and WhatsApp can feel isolating. Even worse, you may not know how this system works or why it’s so hard to get around.

You might also worry about your privacy since the internet in China is heavily monitored. Is your data safe from government monitoring? Do VPNs still work in China? Without clear answers, staying connected and secure can seem impossible. This guide explains how the Great Firewall works and how to stay safe online in China. Editor’s Note: We value our relationship with our readers, and we strive to earn your trust through transparency and integrity. We are in the same ownership group as some of the industry-leading products reviewed on this site: ExpressVPN, Cyberghost, Private Internet Access, and Intego. However, this does not affect our review process, as we adhere to a strict testing methodology.

Quick Summary: What Is the Great Firewall of China

The Great Firewall of China is a government-controlled system that regulates what you can see and do online in China. Its main goal is to block foreign websites and apps, filter content, and enforce strict internet rules. It’s part of a broader strategy to protect the country’s political, social, and cultural values by controlling the flow of information.

This system works using advanced techniques like blocking IP addresses, filtering URLs, and monitoring online activity. It restricts access to platforms like Google, Facebook, and WhatsApp while promoting local alternatives like Baidu and WeChat. For you, this means losing access to many tools and services you rely on every day.

Why Does China Have a Firewall?

China introduced the Great Firewall in the late 1990s as part of its Golden Shield Project. It was designed to control what people in China could see online and ensure the internet aligned with the government’s goals. Over time, it has grown into one of the most advanced and strict censorship systems in the world. Here are some reasons why the firewall exists in China:

  • Maintain political control — The Firewall blocks content critical of the Communist Party, including anything about democracy, protests, or human rights.
  • Preserve social stability — By filtering out harmful or subversive content, it prevents material that could spark unrest or disrupt public order from spreading online.
  • Protect local businesses — Blocking international platforms like Google and Facebook reduces competition and gives Chinese companies like Baidu and WeChat the space to thrive.
  • Ensure national security — Controlling the flow of information helps the government guard against foreign influence, cyber threats, and espionage, keeping the state secure.
  • Promote Chinese culture — The Firewall filters out content that could push foreign cultural values, ensuring traditional Chinese norms and values remain strong.

How Does the Great Firewall of China Work?

The Great Firewall uses a mix of advanced technologies to block websites, apps, and online tools. Each method targets different parts of your internet activity, making it harder to access restricted content.

Destination IP Address Blocking

The Great Firewall blocks access to certain websites by targeting their IP addresses. Every website you visit has a unique IP address, and the Firewall maintains a list of addresses it wants to block. When you try to connect to a restricted site, your request is stopped before it can reach the destination server.

This method is effective for blocking websites with fixed IPs, like Google or Facebook. However, it struggles with services that use dynamic IPs or Content Delivery Networks (CDNs), as these frequently change their IP addresses. This is why some platforms can still occasionally slip through the cracks.

URL Filtering

The Great Firewall uses URL filtering to block specific web pages based on their address. It scans the URLs you try to access and checks them against a blacklist of restricted keywords or domains. If a URL contains banned words or references a blocked site, the Firewall stops your connection immediately.

This method allows the Firewall to block individual pages without banning an entire website. For example, it can block a single news article while leaving the rest of the site accessible. This level of precision makes URL filtering one of the Firewall’s most effective tools for controlling content.

DNS Poisoning

DNS poisoning, also called DNS spoofing, is one of the most common ways the Great Firewall blocks websites. When you type a web address like google.com, your device asks a DNS server to find the matching IP address. The Firewall steps in, sends back a fake or wrong IP, and stops you from reaching the site.

This method works because it targets a core part of how the internet works. Even if the site isn’t blocked in other ways, DNS poisoning can make it unreachable. You’ll usually see an error message or get redirected to a government warning page.

Deep Packet Inspection

Deep Packet Inspection (DPI) is one of the Great Firewall’s most advanced tools for blocking content. It doesn’t just look at where your data is going — it actually checks the data itself. This means the Firewall can scan for specific keywords, files, or protocols and block them on the spot.

What makes DPI so powerful is how precise it is. It can stop certain websites, apps, or even VPNs if the traffic matches the patterns it’s looking for. For you, this means your online activity is closely monitored, and getting around restrictions becomes much harder.

TCP Reset Attacks

TCP reset attacks are another way the Great Firewall blocks websites. When you try to visit a site, the Firewall sends fake reset signals to your device and the site’s server. This tricks both sides into thinking the connection is closed, so the page won’t load.

This method is sneaky because it doesn’t fully block the website, it just cuts off your access. To you, it might seem like the site is stuck loading or can’t connect, but it’s the Firewall breaking the connection in real-time.

Active Probing

Active probing is how the Great Firewall hunts down VPNs and proxies. When it notices unusual traffic, it sends test signals to the server you’re connecting to. If the server replies in a way that matches a VPN or proxy, the Firewall blocks it.

This method is aggressive because it doesn’t wait for you to make a move—it actively searches for tools people use to bypass it. For you, this means even the most secure VPNs can get detected and blocked in real-time.

Fake SSL Root Certificates

The Great Firewall uses fake SSL root certificates to spy on encrypted connections. Normally, SSL certificates protect your connection and keep it private. But the firewall creates fake ones to trick your browser into thinking the connection is secure while secretly monitoring your activity.

This makes it especially risky to share sensitive information like passwords or personal details online. Since your browser doesn’t alert you, it’s easy to assume your connection is safe when it’s not.

Blocking Access to App Downloads

The Great Firewall also blocks access to app stores and download links for apps that it deems unacceptable. This means you can’t download popular apps like WhatsApp, Instagram, or Signal in China from official platforms like Google Play or the App Store — they won’t appear in the app store.

This restriction forces users to rely on approved Chinese apps or alternative sources, which can be risky. Downloading apps from unofficial sites increases the chance of installing malware or fake versions.

Man-in-the-Middle Attacks

The Great Firewall uses man-in-the-middle (MITM) attacks to intercept and monitor certain types of online activity. When you visit a website, the Firewall can place itself between you and the site, acting like a trusted server. This lets it block, monitor, or even change the data being sent, depending on the connection.

That said, it doesn’t mean all your activity is exposed. Strong encryption, like what secure VPNs use, can protect your data from these attacks. Still, the Firewall’s ability to interfere with some connections makes it important to use reliable tools to keep your privacy intact.

What Websites & Services Does the Great Firewall of China Block?

The Great Firewall blocks some of the most popular websites and apps, including Google and Facebook. If you’re traveling to China, here’s a list of the sites, apps, and services you won’t be able to access.

Search Engines

Google Search DuckDuckGo Yahoo Search Bing
StartPage WolframAlpha Yandex Ask.com
Ecosia Archive.org Wayback Machine Lycos

Social Media Platforms

Facebook X.com Instagram Pinterest
Tumblr Reddit Quora TikTok (international)
Snapchat LinkedIn Clubhouse Truth Social

Messaging Services

WhatsApp iMessage Telegram Signal
Facebook Messenger LINE Viber Skype
Google Chat KakaoTalk Discord WeChat

News Sites

The New York Times BBC CNN The Guardian
Reuters Bloomberg Wall Street Journal The Washington Post
Al Jazeera South China Morning Post The Economist Time

Streaming & Entertainment

YouTube Netflix Spotify Amazon Prime Video
Twitch Soundcloud Vimeo Dailymotion
Pandora HBO Crunchyroll Google Play Movies & TV

FAQs on the Great Firewall of China

Is it legal to use a VPN in China?

Using a VPN in China isn’t explicitly illegal, but it’s a gray area. The firewall blocks unapproved VPNs through various censorship measures and only allows approved VPNs that follow strict rules — unauthorized ones are banned. While there haven’t been reports of tourists being punished for using VPNs, it’s still important to be cautious and understand the risks before using one.

Do VPNs work in China?

Some VPNs work in China but the Great Firewall blocks most. The government uses advanced tools like deep packet inspection to detect and stop VPN traffic, and the Firewall keeps getting better at blocking them.

Which major sites, apps, and services are blocked in China?

Here’s the extensive list of popular sites, apps, and services blocked in China but a few popular ones include Google, Facebook, Instagram, WhatsApp, YouTube, Netflix, CNN, BBC, and more.

Is it possible to bypass the Great Firewall of China?

Yes, tools like VPNs with obfuscation, TOR, and Shadowsocks proxy can work but the Great Firewall uses several measures to block them. You can also set up a private proxy server using DNS-over-HTTPS to encrypt your DNS queries or run a personal VPN on a remote server. Dynamic DNS services, which frequently change IP addresses, can also help. However, the Firewall is constantly improving, so even effective methods can stop working over time.

Can I use a free VPN in China?

You can try, but it’s unlikely to work. Some free VPNs might have a chance to work in China but it’s not guaranteed. The Great Firewall is excellent at blocking even premium VPNs that use obfuscation, so free VPNs often don’t stand a chance.

Bottom Line: Is Using the Internet Safe in China?

The Great Firewall controls your entire online experience in China. From social media to messaging apps and even cloud storage, it targets anything that doesn’t fit within the government’s rules. Staying connected can be difficult if you’re not ready for it.

If you’re planning a trip to China, you need to be prepared. Install a trusted VPN that works in China beforehand or use a government-approved one. Also, make sure you have offline backups of anything important.

Best VPNs That Work in China

Editor's Note: We value our relationship with our readers, and we strive to earn your trust through transparency and integrity. We are in the same ownership group as some of the industry-leading products reviewed on this site: ExpressVPN, Cyberghost, Private Internet Access, and Intego. However, this does not affect our review process, as we adhere to a strict testing methodology.

We review vendors based on rigorous testing and research, and also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more

Wizcase was established in 2018 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, Intego and Private Internet Access which may be ranked and reviewed on this website. The reviews published on Wizcase are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Sayb Saad
Written By Sayb Saad
Sayb Saad is a writer at WizCase. Sayb is a tech enthusiast who takes security and privacy very seriously. He regularly tests various cybersecurity products, including VPNs, antiviruses, and password managers, and writes expert reviews about them. Before joining WizCase, Sayb worked as a freelance tech writer for 5+ years. He has mostly worked for independent clients on various freelancing platforms in diverse niches, including the latest antivirus software and security threats. In his free time, Sayb likes to disconnect by playing his guitar and spending time with his feline companion, BonBon.
Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
4.40 Voted by 2 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...