So, you are an Internet social butterfly and planning a trip to see the Great Wall of China with the family. Perhaps you are thinking about expanding business into the People’s Republic. If you have never been to mainland China before, you are in for a rude awakening. When you go to access some of your favorite social websites like Twitter and Facebook or use your Gmail to send a message to a work colleague, you will probably not be able to perform any of these tasks because access to these sites is restricted by the Chinese government. Similarly, you decide to look at the world news for the day and discover that you can not access the New York Times site or USA Today. If you do find a source for your news, you may find your view of world events redacted in content. Connecting to a VPN from China will get you around these restrictions imposed by the Chinese government.
These are just a few of the problems you could face due to a project started in 1998 by the Chinese government called the Golden Shield Project but more commonly know as Great Firewall (GFW) of China (coined by Wired magazine in 1997). China has arguably the most extensive system of Internet surveillance and censorship in the world. They block thousands of websites and censor content from many others including Facebook, Google, Twitter, YouTube, and WordPress. Even some important online tools and applications like Google Docs, Gmail, and Wikipedia, that many of us have become accustomed to using on a regular basis, are not available inside the GFW. Those who live and work in China as well as its citizens have been dealing with these conditions for some time. Over that time, they have discovered that the only reliable way over the Great Firewall is by means of encryption. To overcome this censorship and surveillance, you need a good personal VPN. Let look at some of the best VPNs for the job.
|1||$4.87 60% Off||9.9 Read Review|
|2||$6.25 25% Off||9.6 Read Review|
|3||$5.83 41% Off||9.5 Read Review|
|4||$8.32 35% Off||9.7 Read Review|
How Does the Great Firewall of China Work?
Although the exact inner workings of the GFW, ie. the specifics of the filters being used to choose what is censored are not well known. Some of the methodology employed by it has been discovered by watching how it operates. The GFW is made possible because China only has three access points for Internet traffic to transit in and out of China: Beijing, Shanghai, and the southern city of Guangzhou. This allows the Chinese government to mirror all the traffic between China and the rest of the Internet. They analyze this mirrored data using filters on the URLs, keywords, and data packets that they sniff. The analysis allows them to:
- Poison the DNS: Your computer queries its DNS servers to convert the website name to an IP address to locate it. China deliberately poisons DNS caches with wrong addresses for websites like Facebook, Twitter, Gmail, and many others so that you can not connect to them.
- Blocking Access to IPs: The Great Firewall can also block access to IP addresses outright to prevent users from being able to directly type the IP address to circumvent the poisoned DNS cache. This will however block any websites that may share the IP address as well.
- Analyzing and Filtering URLs: The firewall scans URLs and blocks connections if they contain sensitive keywords. For example, although you may be able to view the wiki site inside of China, certain topics like the protest by Chinese students in 1989 will probably not be accessible. This lets the Chinese government only show a redacted wiki, as well as, other search sites to its citizens containing only the information they want them to know.
- Inspecting and Filtering Packets: Similarly, deep packet inspection of unencrypted data packets and then filtering for sensitive or controversial keywords is also used to block unwelcome content.
- Resetting Connections: After the GFW blocks such packets, it will often block communication between both computers for a period of time by re-setting their connections.
- Blocking VPNs: In late 2012, the Great Firewall started trying to block VPNs. Only the best VPNs can be used to escape the Great Firewall. This is why care must be used to choose a VPN service to use inside China.
Since the GFW is not totally transparent, this is probably just a sample of some of the technology that it employs and not a complete picture. The Chinese government also employs Internet propaganda, direct intimidation, and requires sites to be responsible for the content posted on them within China. Finally, since they have firewalls on the three gateways between the Internet and China, they can slow down or throttle traffic into and out of China whenever they want.
What is a VPN?
Now that we have seen some of the best VPNs for scaling China’s Great Firewall, let us look at what a VPN is and how and why it is your best choice to be able to free the Internet from inside of China. First of all, VPN stands for Virtual Private Network and has been used for years by businesses to create private networks for their remote employees which allowed them to use the free Internet to access internal company applications and data. The private network created a secure SSL tunnel between its computers through which encrypted traffic was sent. The VPN allowed them to leverage the Internet while still protecting the security and privacy of their proprietary company information.
How Can a VPN Help You Climb the Great Firewall?
A personal VPN service works similarly by creating an secure tunnel from its server to your computer or other device through which encrypted Internet traffic is sent. The VPN server then forwards the data or request in your stead to the open Internet so it seems as if the request was sent from its location (IP Address). Once the VPN server receives a response it is then encrypted and sent back through the secure tunnel to your machine. This helps you to remain more anonymous and protect your privacy while using the Internet.
Over the past 10 years, the need to have a personal VPN service has grown due to the many revelations of government surveillance from countries across the world. No where is this need more prevalent than in the People’s Republic of China. Since Internet requests are seen as coming from the VPN server location which is not located in China, having a VPN allows you to see sites that are blocked in China. Similarly, it also lets you view other sites without the censorship and redaction often found on websites viewed from inside China. Also since the data sent to your device is encrypted, this helps to shield it from government Internet police. It is important to know that VPNs are not banned in China and no one has ever been prosecuted for using one. This is because they form the backbone of the Chinese government’s goal of maintaining its status as one of the worlds largest global economies. They are constantly trying to balance this goal against establishing their own sovereign Internet.
Criteria to Choose a VPN to Scale the Great Firewall
Because of the technologically advanced filters that the GFW employs, not all VPNs can help you to climb over it and indeed those that do play a game of cat-and-mouse to stay ahead of it because it is constantly changing and evolving. Given this fact, let us now look at some of the criteria we looked at when choosing our best VPNs for China list. These criteria include a balance of provider trust, speed, reliability, server locations, device compatibility, encryption employed, bandwidth, ease of use, service and support, and cost.
- First as always is do you trust the VPN provider with your personal information?
- How long have they been providing VPN service and what kind of reputation do they have in the industry?
- Second, how fast is the VPN service?
- The Internet in China is not the fastest which is probably due to all the government filters.
- Therefore, choosing a fast VPN is imperative if you are going to use it while visiting or living in China.
- This is even more important if you want to use it for e-commerce, blogging, website creation or design, or accessing online media.
- Third, how reliable is the network?
- You want to choose a VPN which is stable and has limited problems with reconnects.
- It can be frustrating to lose your Internet connection and continually have to change servers and reconnect just to stay online.
- If this occurs too often, your patience, followed by your sanity may be the next thing you lose.
- Fourth, where does it have sever locations?
- Chose a VPN with server locations across the world.
- In addition to this, having multiple close locations (IP addresses) will help ensure the best possible reliability and speed.
- Locations in Hong Kong, South Korea, Japan, or the West Coast of the United States are ideal.
- Multiple locations in these areas are even better in case the GFW blocks one.
- Fifth, is it compatible with desktops, phones, tablets or other devices you might want to use with it?
- Is the VPN compatible with Windows? Mac OS? Linux? iOS? Android? Others?
- Does the VPN allow multiple simultaneous connections?
- To save yourself a headache later, you should test all of your devices to make sure that they the work with your chosen VPN service.
- Sixth, Is it secure and private to protect your traffic from China’s Internet police?
- What kind of protocols does it employ? (Protocols are rules for transmitting data).
- A VPN that supports all three protocols: OpenVPN, L2TP/IPsec and PPTP is best in case one protocol is targeted by Chinese authorities for blockage or throttling.
- OpenVPN (UDP/TCP) (Best mix of security and speed)
- Highly configurable and fast
- Very secure – uses OpenSSL library and SSLv3/TLSv1 protocols to provide encryption algorithms.
- Can bypass firewalls since it can can be set to run on any port and run TCP on port 443 to mimic other HTTPS traffic making it hard to distinguish from normal business traffic.
- L2TP/IPsec – Layer 2 Tunnel Protocol / Internet Protocol Security is the encryption protocol for traffic.
- Built into most devices and uses same client as PPTP
- Better if port forwarding is supported (for bypassing GFW)
- By default uses UDP port 500
- Provides excellent security because it encapsulates data twice so it can be a little slower than some other protocols
- PPTP – Point to Point Tunneling Protocol
- Considered least secure
- Built into most devices
- Fast and easy to set up
- Proprietary Stealth Technology (to bypass GFW and other firewalls)
- Examples include StrongVPN Scrambler and VyprVPN Chameleon.
- SSTP – Secure Socket Tunneling Protocol
- Largely Windows only platform
- Secure and potentially most stable protocol for Windows
- IKEv2 – Internet Key Exchange version 2, ( IPSec based tunneling protocol)
- Good at automatically re-establishing VPN connections
- Supports Blackberry devices
- Particularly good for mobile devices
- Encryption strength – usually AES or Blowfish
- At least 128 bit – not as secure but faster
- Prefer 256 bit – more secure but slightly slower
- What kind of protocols does it employ? (Protocols are rules for transmitting data).
- Seventh, bandwidth (This refers to how much data (in GB) you can download)
- The best VPNs offer unlimited bandwidth.
- Eighth, ease of use.
- Does the VPN have easy to use, auto installation clients?
- Does the service have user-friendly connection interfaces?
- Ninth, customer service and support
- Does the VPN resolve issues in a timely manner?
- Do they have live 24-hour chat, email ticketing, or phone support?
- Can you contact them without being connected to the VPN?
- Tenth, How much does it cost?
- Cost is important- spend what your budget can afford.
- Reliability and speed should take precedence over cost when choosing a VPN for China.
- Take advantage of money-back guarantees to test the product on all of your devices before making the trip to China.
We looked at each of these criteria to choose the best VPNs for China. Additionally, we primarily looked at users in China who want to use a VPN to climb the GFW and avoid Internet censorship within the People’s Republic. This included locals, people who might be vacationing in China, or those who may be temporarily working in China. These VPNs will also allow users to stream media if that is their goal as well since all have servers in strategic locations across the world.
China has one of the most technologically advanced Internet surveillance and censoring programs in the world. So much in fact, it is referred to as the great firewall (GFW) of China. One thing that is certain is that if you live in, work in, or are just visiting the People’s Republic of China and want to see a more unbiased view of world events, access to a VPN service is essential. Having a VPN service will let you keep up with all of your social websites like Facebook, Twitter, Instagram, and others which would otherwise be blocked by GFW. Additionally, it will let you access an unabridged version of Google or Wiki which all of us have grown used to using daily. Applications like Google docs and Google sheets, Gmail and other email services which many of us use to simplify our online lives will be unobstructed as well. Finally, it will provide privacy and give you peace of mind when you use the Internet to conduct business and personal banking and finances while in mainland China.
When choosing a VPN for China you should look at the following criteria: a balance of provider trust, speed, reliability, server locations, device compatibility, encryption employed, bandwidth, ease of use, service and support, and cost. In looking at these features more weight should be given to trust and security, reliability, and speed than cost because sometimes you really do get what you pay for. Additionally, you should setup and test all of your devices with the VPN that you choose before you take your trip to China because sometimes you will not be able to do so once there, as VPN provider’s websites are sometimes blocked. It is probably a good idea to have a backup VPN just in case the government decides to block or throttle your chosen one. All of the recommendations that we make for the best VPN for China satisfy most if not all of the above criteria. All also have features like stealth protocols or port forwarding to help you climb the GFW. Finally, all have money-back guarantees so grab the one that impresses you the most and test for it yourself.