If you’ve ever been to China or read about it online, you’ll know that the government take State Security very seriously.
This is probably why they created the “Great Firewall” or “Golden Shield” as it’s also known. It’s the biggest and most effective censorship tool in history.
Websites that we take for granted in the West like Facebook and YouTube are blocked. Sometimes when you try to visit one website, you’ll be directed to another.
Worse still, the Great Firewall actively seeks to restrict VPN connections by banning websites of popular providers and even trying to block most VPN servers.
This is unfortunate because if you’re visiting China, a VPN is usually the only way to access your favourite websites. Today we’ll learn more about how VPNs are blocked in China and what you can do to bypass these restrictions.
Planning Your Trip
If you’re thinking of heading to China, or any other country which tries to block VPNs, firstly make sure you check with your local Embassy to see where the law stands on VPN usage.
In China, for instance, VPNs aren’t forbidden altogether as the government recognises foreign companies need them for work.
Still, since almost all VPN websites are blocked, you’ll need to sign up with a provider and download the necessary software before you arrive.
A word on “free” VPN services
When you’re searching for a suitable VPN provider, you may come across any number of “free” services. Running a VPN service is expensive, so if a provider is saying that it’s 100% cost-free you should be suspicious. (We draw a distinction here between totally “free” services and paid services with a free tier like hide.me).
Some free VPN providers pay their running costs by selling user data, which undermines your privacy. Some apps even contain bad code such as spyware or adware. A 2017 study found that around a third of “free” VPN apps available in the Google Play store contained malware. 18% of them didn’t even encrypt the users’ traffic.
If you’re planning a trip to China stay safe by signing up with a reputable VPN provider.
Contact your VPN Provider
Even if you already have a VPN subscription, make sure to contact your VPN provider before you go. They may have some help and advice for you: for instance, they may be able to tell you which of their servers haven’t been blocked yet in China.
At hide.me for instance we can advise on the very best servers to use which haven’t been blocked in the country.
If your VPN provider doesn’t offer specialist servers, consider asking if they’ll let you rent a dedicated IP address instead. As each IP address is unique, when they assign one to you, it’s very unlikely that the Great Firewall will detect and block it right away. This usually costs a few extra dollars per month on top of your existing VPN subscription.
Some VPN providers even have special protocols which try to disguise your traffic, so it’s harder to detect you’re using a VPN in the first place. For instance, if you connect to hide.me via the OpenVPN protocol, we’ve upgraded the traffic to use TLS-crypt, which encrypts your VPN data. This will make it much harder for Chinese ISPs (or indeed any ISPs) to recognize that you’re connecting to a VPN. Again, make sure to set this up before you go.
What to do if you can’t connect to your VPN
Even if you’ve prepared ahead, don’t be surprised if you arrive in China only to find that you can’t connect to your VPN service. The Great Firewall is policed by around 50,000 people who are checking daily for any holes in their “Golden Shield”.
If you can’t connect to your VPN provider, try switching to a different server. If your current one has been ‘blacklisted’ by the Great Firewall, there’s a chance your new one won’t be.
If you’ve signed up with a major VPN provider it’s very unlikely that every one of their servers has been blocked, so keep trying.
If your VPN server supports more than one type of protocol, try to switch these around too. Some types of protocol are easier to detect than others, even if they’re not specifically designed to disguise your traffic. For instance, L2TP/IPSec is safe to use and may let you connect, even if trying with OpenVPN or Wireguard won’t.
Watch out for DNS Poisoning
DNS Poisoning is another dirty trick used by the Great Firewall to stop web users from protecting their privacy. DNS acts as a virtual “phone book” for the Internet: each time you enter a human-readable web address e.g. https://hide-me.nproxy.org your device will connect to a DNS server to find out the machine-readable IP address for that site. This is known as a ‘DNS Request’.
Of course, if someone with bad intentions controls the DNS server you can enter the address of one website and be taken to another. For example, in 2005 anyone trying to visit www.skype.com in China to download the official app was instead directed to a Chinese website containing TOM-Skype: a modified version which allowed monitoring of conversations and blocking of ‘sensitive’ keywords.
If you use a reliable VPN provider though, this shouldn’t be an issue: these VPN services route all your traffic through their servers, including your DNS requests. This means you’re using their DNS servers, not the ones in China. You won’t be redirected to other websites in this way.
Use Shadowsocks to bypass censorship
If all else fails, you can try using Shadowsocks to access the sites you need. The original software was developed in 2012 by a Chinese user and was available on GitHub until the State Police “politely” asked him to take it down.
Shadowsocks works by connecting to a “proxy server” outside a country like China. It disguises your web traffic to look like regular HTTPS data, making it much harder to detect.
This isn’t the same thing as a VPN but it is possible to channel your VPN traffic using Shadowsocks to help keep it hidden. This is known as “Shadowsocks over VPN”.
To do this you’ll have to modify your VPN configuration and have access to a compatible proxy server. Make sure to speak to your VPN Provider for help with setting this up.
When in China…
China is an amazing country to visit and you shouldn’t let the Great Firewall stand in the way of enjoying yourself. Even if you do connect to websites without any issue via VPN, make sure you only do so in private. You should also be careful about discussing or posting anything you see or read with locals.
If you do find a particular VPN server configuration or protocol that worked well for you in China, make sure you also get in touch with your provider to let them know. This could be useful info for other VPN subscribers who are travelling there.
We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.
Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone. That is why we give you a 30-day money-back guarantee on our Premium plan. No questions asked and no logs recorded.
If you have any questions, please feel to contact our 24/7 support team either at support@hide.me or via live chat.