Getting around the Great Firewall while in China: roaming versus VPN

Some practical advice for getting around China as a tourist…

Buying a local SIM means you’ll be behind the Great Firewall whenever you’re on LTE. Tourists whom I met said that they tried to use ExpressVPN, but that it did not work for more than a few days. “One VPN will work for awhile and then stop,” said a local. I had subscribed in advance to Express VPN, but found that it never worked on WiFi.

The Verizon Travel Pass: works! “They don’t care what foreigners read or think,” said a local. Be aware that the included 0.5 GB per day will be consumed within an hour or two if you let photos sync over cellular data. Simply using iMessage to share photos, posting to Facebook, etc., will run up close to the 0.5 GB limit every 24 hours (Verizon will sell you another 0.5 GB for $10, but in a world of ever-increasing bandwidth consumption they really should expand this).

Public WiFi is often 50+ Mbps, but, as in France, it is not legal to run a completely open network. You have to authenticate with a mobile number and it often doesn’t work to type in a foreign number. The splash pages are often in Chinese only. Hotel WiFi networks are authenticated with room number and last name, but some networks are more permissive than others. The Four Seasons Shanghai ran a network that worked with all the Google services, albeit crawling at 3 Mbps. Networks in Suzhou, Hangzhou, and at the Wanda Reign hotel back in Shanghai were faster, but Google was locked out.

If you love Apple, you’ll find that the Chinese government shares your love. Apple speaks truth to power by disabling its news service entirely in China, even for foreigners connected via roaming. (Tim Cook is not afraid to challenge voters in Arkansas, though!) Perhaps not coincidentally, every Apple service seems to work in China (but you won’t find the Taiwanese flag emoji on the keyboard if you buy the phone in China).

4 thoughts on “Getting around the Great Firewall while in China: roaming versus VPN

  1. The english summary is no, you can’t get around the firewall. Surprising how effective they are at limiting what 20 years ago seemed invincible to borders. There was once a saying that the world was flat because information wanted to be free.

    • This kind of efficiency is quite similar to how the Berlin Wall was so much more impenetrable than the Trump Mexico wall: the difference was not so much the construction as the guards ready to shoot trespassers dead.

      The Chinese Great Firewall is actually pretty simple to implement since there are only so many BGP gateways in and out of the PRC: any packet deemed encrypted can be dropped with a certain probability that can learn to grow with time. If the packet loss rate is not too high TCP will have to retry which simply slows down the connection, and when it’s high enough the connection will simply time out and drop dead.

      Of course, the concept of probability is foreign to the US graduates who write newspaper articles about how sophisticated the Chinese government tech is.

  2. The firewall acts at many levels. The first level is surprisingly easy to bypass with a proper hosts file. With that, you will be able to connect directly to Google and so on, but still the bandwidth is severely limited (e.g. compared to Baidu). They must have limiters at many chokepoints. Then there is the block at DNS level (also easy to bypass). And finally, VPNs through OpenVPN over TCP work best (traffic indistinguishable from HTTPS), although IPs of “Western” VPN providers get blocked all the time, therefore only work momentarily.

Comments are closed.