"Great Firewall in a Box" – How a massive data leak unveiled China's censorship export model

News
By published

A 500 GB breach uncovers how China is selling its censorship system to authoritarian regimes

China
Image Credit: Geralt / Pixabay (Image credit: Geralt / Pixabay)
  • A 500 GB leak reveals China’s "Great Firewall in a box" sold to four countries
  • The turnkey DPI kit detects and blocks VPN traffic
  • Citizens face tighter online restrictions, with some VPNs struggling to bypass blocks

A massive data breach has revealed that China is selling the same deep packet inspection (DPI) technology that powers its Great Firewall to four authoritarian regimes.

The September 11, 2025, leak originates from Geedge Networks, a company linked to the development of China’s Great Firewall. More than 100,000 documents – and 500 GB of data – that reveal detailed blueprints of the filtering and DPI technology that powers China’s internet censorship system.

Researchers at the Great Firewall Report have traced the same hardware and software to at least four overseas clients – Ethiopia, Myanmar, Kazakhstan, and Pakistan – all of which have faced waves of political unrest or tightened media controls, making them prime candidates for a turnkey censorship solution.

China’s move marks a strategic shift from domestic control to a commercial export model that monetizes censorship. It gives authoritarian governments a ready-made playbook for shutting out foreign media, enforcing state narratives, and suppressing dissent, profoundly impacting citizens and their digital freedoms.

Although the best VPN services help combat censorship, they face growing struggles against increasingly strict restrictions.

A "Great Firewall in a box"

The Chinese government is infamous for using the Great Firewall to regulate all online activity within its borders.

At its core is a deep packet inspection (DPI) engine that examines each data packet that passes through an ISP (internet service provider), matches it against a constantly updated list of banned keywords, IP addresses, and protocol signatures, and then decides whether to allow, throttle, or drop the traffic.

The firewall also employs DNS tampering, IP blocking, keyword filtering, and real-time traffic shaping to create a comprehensive barrier, blocking foreign news sites, social media platforms, and any other content deemed politically insensitive, all while logging user activity for state surveillance.

Geedge Networks, whose Chief Scientist Fang Binxing has been dubbed "Father of the Great Firewall," produces the hardware, firmware, and proprietary Secure Gateway software that runs the DPI engine.

The MESA Lab at the Institute of Information Engineering contributed algorithms that teach the Great Firewall to tools used to bypass censorship, such as VPNs and proxy tools.

Bundled together, they form a turnkey – a complete, ready-to-use product – which researchers at the Great Firewall Report describe as a "Great Firewall in a box."

Investigators pieced together the export trail by cross-referencing three data sources: cargo manifests, data center footprints, and code annotations.

Citizens face new censorship hurdles as VPNs struggle to bypass blocks

A VPN running on a mobile device

(Image credit: Getty Images)

The arrival of a ready-made Great Firewall kit in countries already known for limited internet freedom changes everyday internet life for millions.

The imported firewall can instantly block a news article, mute a messaging app, or drop a video call, cutting off vital information and severing communication with family and friends.

Constant surveillance erodes privacy and may put citizens, particularly activists, journalists, and whistle-blowers, at risk simply for speaking freely.

Even the most robust virtual private network (VPN) tools struggle against China’s layered defenses, like deep-learning classifiers that can spot obfuscation protocols. The exported DPI engine inspects traffic in real time, recognizes the distinctive handshakes used by many commercial VPNs, and either throttles speeds or blocks the connection outright.

Nevertheless, users in the affected locations can still circumvent restrictions with the best VPNs for China, all of which use advanced VPN obfuscation tactics. Some, such as NordVPN and Proton VPN, have even introduced custom stealth protocols to address this challenge.

It’s a classic game of cat-and-mouse. As censorship grows more sophisticated, VPN developers must continually evolve to stay one step ahead and help citizens access a free internet.

You might also like

Mark Gill
Mark Gill
Tech Security Writer

Mark is a Tech Security Writer for TechRadar and has been published on Comparitech and IGN. He graduated with a degree in English and Journalism from the University of Lincoln and spent several years teaching English as a foreign language in Spain. The Facebook-Cambridge Analytica data scandal sparked Mark’s interest in online privacy, leading him to write hundreds of articles on VPNs, antivirus software, password managers, and other cybersecurity topics. He recently completed the Google Cybersecurity Certificate, and when he's not studying for the CompTIA Security+ exam, Mark can be found agonizing over his fantasy football team selections, watching the Detroit Lions, and battling bugs and bots in Helldivers 2.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.