The People’s Republic of China is determined to prevent its citizens from getting enthusiastic about American consumerism. The big hitters of social media, such as Instagram, Twitter, and particularly Facebook, are seen as the vanguard of cultural imperialism by the Chinese authorities.
The government of China has put more resources into blocking websites than any other authority in the world. The technical feats of the IT experts that the government employs are breathtakingly extensive. So much so that the internet community refers to Chinese internet restrictions as the “Great Firewall of China.”
The Chinese authorities haven’t poured resources into their restrictions just to stop people having fun. They are afraid of dissidents using Facebook to organize anti-government actions, and they don’t want young people getting sociable with foreigners who might give the obedient population of the republic ideas about having freedom of expression, or any kind of political rights.
The ban on Facebook might not be particularly missed by those born and raised in the republic – you don’t miss what you never had – but world citizens who travel to China often yearn to log in and contact their friends while they are visiting the country.
Get Access to Facebook
Fortunately, you do not have to go without Facebook access while you are in China. There is a way around the ban. You can use a Virtual Private Network (VPN) to dodge the official restrictions.
A VPN masks the true identity of your internet connection. The Chinese authorities read all of the data packets that travel between your computer and the Facebook server. They know the internet addresses of Facebook’s data centers all over the world. A block on Facebook access is very easy to implement – the authorities simply order internet service providers to drop any data packets with a Facebook address on the front of them. These addresses are called Internet Protocol (IP) addresses and the Internet Service Provider (ISP) has to be able to read them in order to know which router to forward them on to. In this case, they simply don’t forward on any requests that go to Facebook servers.
An Easy Block
When you open up your browser and type www.facebook.com into the address bar, the browser will first of all seek the IP address of the Facebook computer. It will then send a message to that address asking for a particular page to be sent back.
The lookup process to get the address usually takes place in a directory that may be held by the ISP, or may be available across the internet. This task is managed by the Domain Name System and requires access to a Domain Name Server, which is like a telephone directory. Both the Domain Name System and a Domain Name Server are referred to by the abbreviation “DNS.”
This essential step gives the ISP a very quick way to block all Facebook access. It simply removes the cross-reference to the Facebook IP addresses in the DNS. Should that fail, it resorts to just not passing on packets that have the destination address of a Facebook server.
VPNs usually take care of the DNS stage with their own private DNS server, but make sure you see that service listed in their features before you sign up.
The VPN Trick
A VPN diverts all of the internet traffic that comes out of your computer. Whatever address you type into your browser, the VPN client software on your computer will process any request and disguise it before sending it out onto the internet.
You may know about security measures over the internet. Very often, all of the data you send out and receive back is encrypted. When you see “https://” at the beginning of an address in your browser, you can be sure that all of the data that travelled across the internet to get you that webpage was encrypted. However, standard encryption only applies to the “payload” of the packets that make up the connection. The header section has to be unencrypted, because each router along the path of the link has to be able to read the destination address.
VPNs encrypt everything in a packet. Even the header with the source and destination addresses in it. The VPN client program puts that entirely encrypted packet inside another packet and leaves the header of the outer packet unencrypted.
It doesn’t matter that the address of the computer that you really want to contact is rendered useless by this process. When your packets arrive at the VPN server, a program there takes out the original packets, decrypts them and sends them on to their intended destination. Secured connections will encrypt the payloads of the original packets before the VPN client software works on them. When the VPN server decrypts each arriving package, the payload will still have the encryption that the Hypertext Transfer Protocol Secure (HTTPS) process applied, so the final stage of the journey is still secure.
The Facebook server can’t be allowed to send the packet straight back to you. This is because the Chinese ISP would receive a packet with a source address of a Facebook server, and a destination address that points to your location. The source address will get the packet dropped and the destination address will tell the authorities where you are.
It is not a good idea to disobey the government of China. If they say that you should not access Facebook from within their country, you better make sure that they don’t find out that you are doing it anyway.
To save customers from being harassed or even arrested, VPNs mediate all connections with the outside world. In order to do that, the VPN server alters the source address in the packets that it forwards on to Facebook, so when the social media site’s computer replies, those packets go to the VPN server and not to you in China. The VPN software references a temporary cross-reference table and retrieves your IP address. It then encrypts each packet entirely and sends them all on to you. When they pass through the ISP, the source address in the headers of those packets will not be that of Facebook, so they get through the block.
The VPN software that is resident on your computer captures each arriving packet, decrypts it, extracts the original packet and passes it on to your browser.
The operating methods of VPNs work well everywhere in the world… except for in China. The Chinese government worked out pretty early on that VPNs could be used to bypass their controls, so they banned VPNs.
Not only does the Great Firewall of China search every data packet address to filter out communication with Facebook servers, it also has a long list of VPN server addresses that it is on the lookout for.
A protocol is set of rules that is used for internet communications. Most internet protocols are freely available and commonly known. This enables two sides in a connection to follow the same procedures and use the same codes. Unfortunately, having access to the specs of protocols commonly used by VPNs makes it easier for the Chinese government to detect their traffic.
There are a number of protocols that VPN services can employ. Some VPN companies will just offer one of these, while others will offer you a choice, with a page in the control panel where you can switch protocols at will.
By far the most popular VPN protocol is called OpenVPN. This is the default method used by VPN services all over the world. However, in China, this protocol is a victim of its own success. The Chinese authorities researched VPN technology and soon read about the extensive use of OpenVPN. Therefore, they put all of their resources into detecting that protocol, making it the least successful method for getting through the Great Firewall of China.
The Chinese government’s prowess at blocking OpenVPN made other protocols better bets for connecting to Facebook from China. The main contenders are Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (IPSec). IPSec is used in conjunction with the Layer 2 Tunneling Protocol (L2TP). However, now that they have mastered blocking OpenVPN, the Great Firewall technicians have turned their attention to these other protocols. That means that there is no particular protocol that will guarantee you constant Facebook access when you are in China.
VPN services have to keep one step ahead of Chinese government technicians in order to give Facebook lovers access to their social needs. However, they sometimes trip up. When you look for a VPN service check out their list of features before you sign up. Make sure one of these terms is listed:
• Stealth servers
• Stealth technology
• Cloaking methods
• Detection avoidance
• Secure Shell (SSH)/Socket Secure 5 (SOCKS5) proxy
• Obfuscating methods
The VPN services won’t tell you exactly what their methods are for detection avoidance. Quite right, too, as the Chinese technicians can read and would find it easier to block any VPN stupid enough to post details of their evasion methods on their website!
These methods make using OpenVPN plausible because they usually involve cloaking the handshaking procedures used by the protocol, which is one of the “give aways” that the technicians look for.
VPN companies have servers all over the world. When you sign up for a service you will be able to see a list of all the countries where that company has servers. Once you have subscribed, you can select your preferred server from a list.
You don’t want to route your traffic through a server based in China. For one thing, the traffic from the server out to Facebook would just be blocked. For another thing, the employees that run those servers would be vulnerable to pressure by the Chinese authorities and the company could be sued or shut down by the government.
It’s better to choose a server located in the country where you have your Facebook account.
Most VPN services make a point of not keeping any records of their customers’ activities. As long as you don’t sign up to a company based in China, and you don’t use a server in China, this issue is not so important for those who just need a VPN to access Facebook from that country.
Copyright holders have taken a number of illegal download and torrent sites to court to force them to hand over records of those who have accessed their services, then gone after the end users. The Chinese government doesn’t do this. It prosecutes the VPN companies instead. However, this situation is evolving. The government is now making moves to issue fines to those caught using a VPN – they won’t send individuals to prison for using one.
The law is applied unevenly in China and the local police chief is given the option of which statutes he wants to implement. The local government in Chongquing announced in late March 2017 that it would start to take measures to discourage VPN use, with fines of between 5,000 and 15,000 Yuan for those who get caught.
Just to future-proof your freedom, it is better to make sure that your preferred service doesn’t keep logs.
The technological situation in China is very changeable. “The Great Firewall of China” is a great term, because it has echoes of that wonderful wall in the north of the country. However, the restrictions are not as solid as a massive wall along the border.
VPN companies keep moving and you may read user reviews that a particular company’s service doesn’t work in China, and then read that it works very well. It is important to check the dates on reviews and also manage your expectations to expect service outages.
Government restrictions on internet access are everywhere in the country, not just at the points of access to foreign networks. Surveillance is all pervasive, so if you do get through to Facebook, be careful about what you write. Also, remember that even though the authorities may not be so willing to harass foreigners, you could get your local contacts and friends “disappeared” if you are indiscreet or offensive in your Facebook posts. The authorities can read, and they have teams of investigators searching through Facebook every hour of the day.
The Great Firewall of China is certainly a challenge to Facebook fans, but VPNs can get you through it.