Scientists discovered a hidden layer of the “Great Firewall of China”

A group of scientists from the University of Maryland presented a report on a hidden layer discovered in the Great Firewall of China. It turned out to be a secondary HTTPS filtering system SNI, running in parallel with the first one launched last year.

The fact is that within the Great Firewall of China there are various censoring mechanisms that work with different protocols. Its most powerful and technically advanced part is the system that works with encrypted HTTPS traffic, and this mechanism is split into two separate systems. The first and oldest of these works by intercepting HTTPS connections in the early stages, and then examines the SNI field, which contains data about the domain that the user is trying to access. Thus, the SNI field allows the Chinese government to block access to unwanted sites.

The second mechanism, introduced last year, is broadly similar to the first, but works with HTTPS connections, which use modern protocols that encrypt the SNI field (like eSNI). Since this system cannot “see” which domain the user is trying to access, all connections in which eSNI fields are found are blocked. The second mechanism has not yet become widespread and seems to be still in the testing phase, as few HTTPS connections use eSNI in general.

Now experts from the University of Maryland write that they have discovered a secondary HTTPS SNI filtering system running in parallel with the one launched last year. The researchers told The Record that the discovery was made by accident, back in 2019. According to experts, the discovered system is as effective as the first level of HTTPS censorship, although it interferes with what is happening already at the last stages of the connection.

Experts summarize that a few years ago the Great Firewall of China was presented to specialists as a single whole, but now it becomes clear that it consists of different sets of middleboxes working in parallel with each other, and each of them is designed to censor different protocols.

Let me remind you that we wrote that “Great Firewall of China” blocks 311,000 domains, and 41,000 of them – by mistake.