Glossary: China’s Censorship & Circumvention Methods

Published September 7, 2025 | By Adblockdude

Glossary: China’s Censorship & Circumvention Methods

Click here to learn more about removing geoblocking.

Be sure to also check out our other pages on:

VPN Glossary

DNS Glossary

Cybersecurity Glossary

🔒 Blocking & Filtering Techniques

  • IP Blocking
    Whole server IP ranges are blacklisted. Example: Google servers.
    Workaround: VPNs with fresh IPs, proxy/CDN routing.
  • DNS Poisoning (DNS Spoofing)
    DNS queries return false or unreachable IPs for blocked domains.
    Workaround:
    DNS over HTTPS (DoH) or
    DNS over TLS (DoT).
  • Keyword / URL Filtering
    HTTP requests scanned for banned words; connections killed if detected.
    Workaround: Encrypted tunnels (HTTPS, VPN, Shadowsocks).
  • SNI Filtering (TLS Handshake Blocking)
    The Server Name Indication (SNI) reveals the target domain in HTTPS; censored domains are blocked.
    Workaround:
    Encrypted Client Hello (ECH), VPNs with TLS camouflage.
  • TCP Reset Injection
    Fake “reset” packets abruptly terminate connections.
    Workaround: Resilient tunneling protocols (e.g.
    WireGuard).
  • Deep Packet Inspection (DPI)
    Analyzes packet patterns to detect VPNs/Tor/proxies even if encrypted.
    Workaround: VPNs with
    obfuscation or
    Pluggable Transports.
  • Active Probing
    Suspected proxy/VPN servers are tested by the GFW; if confirmed, they’re blocked.
    Workaround: Tools with probe resistance (e.g.,
    Shadowsocks with v2ray-plugin).
  • Traffic Throttling (QoS Filtering)
    Some VPN protocols slowed to unusable speeds (e.g., OpenVPN).
    Workaround:
    WireGuard or stealth VPN modes.
  • App Store Restrictions
    VPN apps are removed from China’s iOS App Store; Google Play is blocked.
    Workaround: Download before travel or use sideloading.

🚀 Circumvention & Workarounds

  • VPN (Virtual Private Network)
    Encrypted tunnel to servers outside China. Needs stealth protocols to evade detection.
  • Obfuscation / Stealth Mode
    Techniques to disguise VPN traffic as HTTPS. Built into some VPNs (ExpressVPN, NordVPN, Astrill).
  • Shadowsocks
    Lightweight encrypted proxy designed in China; popular with plugins for camouflage.
  • Outline
    User-friendly GUI to run your own Shadowsocks server.
  • V2Ray (VMess/VLESS)
    Advanced proxy platform supporting multiple disguises (WebSocket, gRPC, TLS camouflage).
  • Tor Project +
    Pluggable Transports
    Onion routing network with obfs4, Snowflake, meek transports to disguise Tor traffic.
  • Snowflake
    Volunteer-run WebRTC proxies for Tor; sometimes effective in China.
  • Domain Fronting
    Disguising traffic as if it’s headed to a major CDN. Largely shut down, but explained in Tor meek.
  • DNS over HTTPS (DoH)
    Encrypts DNS lookups to prevent tampering.
  • Probe Resistance
    Server techniques that ignore unauthorized connections. Implemented in Shadowsocks plugins.

Powered by WordPress and Simple Affiliate WordPress Theme