We’re a team of anti-censorship researchers from Stanford University, University of Colorado Boulder, and GFW Report, investigating how people get around China’s Internet censorship system.
If you use VPN, proxies, and/or any censorship circumvention tools to get around the Great Firewall (GFW), it would be a huge help if you can fill out a short anonymous 5-min survey and assist us to better understand and improve the circumvention ecosystem. Our study has undergone review by the Stanford University Institutional Review Board (IRB). Please note that the survey is anonymous, and no personally identifiable information is collected.
Thank you for your participation and support.
Link to survey: https://stanforduniversity.qualtrics.com/jfe/form/SV_9sCK42HV8Ntwc4e?s=duq
If you use VPN, proxies, and/or any censorship circumvention tools to get around the Great Firewall (GFW), it would be a huge help if you can fill out a short anonymous 5-min survey and assist us to better understand and improve the circumvention ecosystem. Our study has undergone review by the Stanford University Institutional Review Board (IRB). Please note that the survey is anonymous, and no personally identifiable information is collected.
Thank you for your participation and support.
Link to survey: https://stanforduniversity.qualtrics.com/jfe/form/SV_9sCK42HV8Ntwc4e?s=duq
Qualtrics
翻墙服务调查
我们是来自斯坦福大学、科罗拉多大学博尔德分校和GFW Report的反审查研究团队,致力于调查人们如何绕过中国的互联网审查系统。如果您使用VPN、代理服务器和/或其他绕过翻墙工具绕过防火长城(GFW),我们诚邀您花5分钟时间填写一份简短的匿名的调查问卷,来帮助我们更好地理解和改进翻墙生态。我们的研究已通过斯坦福大学机构审查委员会(IRB)的严格审核。请注意,问卷是匿名的,不会收集任何可识别参与者个人身份的信息。
如果您有任何疑问或担忧,可以通过以下电子邮件地址联系研究团队:gfw@esrg.stanford.edu
如果您有任何疑问或担忧,可以通过以下电子邮件地址联系研究团队:gfw@esrg.stanford.edu
👍6👎3❤2👀1
我们是来自斯坦福大学、科罗拉多大学和GFW Report的反审查研究人员,致力于了解人们如何绕过中国的互联网审查。
如果您使用VPN、代理或任何其他翻墙软件绕过防火长城(GFW),请考虑花5分钟的时间帮助我们完成一份简短的调查问卷,以助我们更好地理解和改进翻墙生态系统。我们的调查问卷和整个研究已通过斯坦福大学伦理审查委员会(IRB)的严格审核。本次调查是匿名的,不会收集任何可识别参与者个人身份的信息。
谢谢您的参与和支持。
问卷链接:https://stanforduniversity.qualtrics.com/jfe/form/SV_9sCK42HV8Ntwc4e?s=duq&Q_Language=ZH-S
如果您使用VPN、代理或任何其他翻墙软件绕过防火长城(GFW),请考虑花5分钟的时间帮助我们完成一份简短的调查问卷,以助我们更好地理解和改进翻墙生态系统。我们的调查问卷和整个研究已通过斯坦福大学伦理审查委员会(IRB)的严格审核。本次调查是匿名的,不会收集任何可识别参与者个人身份的信息。
谢谢您的参与和支持。
问卷链接:https://stanforduniversity.qualtrics.com/jfe/form/SV_9sCK42HV8Ntwc4e?s=duq&Q_Language=ZH-S
Qualtrics
翻墙服务调查
我们是来自斯坦福大学、科罗拉多大学博尔德分校和GFW Report的反审查研究团队,致力于调查人们如何绕过中国的互联网审查系统。如果您使用VPN、代理服务器和/或其他绕过翻墙工具绕过防火长城(GFW),我们诚邀您花5分钟时间填写一份简短的匿名的调查问卷,来帮助我们更好地理解和改进翻墙生态。我们的研究已通过斯坦福大学机构审查委员会(IRB)的严格审核。请注意,问卷是匿名的,不会收集任何可识别参与者个人身份的信息。
如果您有任何疑问或担忧,可以通过以下电子邮件地址联系研究团队:gfw@esrg.stanford.edu
如果您有任何疑问或担忧,可以通过以下电子邮件地址联系研究团队:gfw@esrg.stanford.edu
👍22👎7🔥3
https://gfw.report/publications/ndss25/en/
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.
To understand the causes and implications of Wallbleed, we conducted longitudinal and Internet-wide measurements for over two years from October 2021. We (1) reverse-engineered the injector’s parsing logic, (2) evaluated what information was leaked and how Internet users inside and outside of China were affected, and (3) monitored the censor’s patching behaviors over time. We identified possible internal traffic of the censorship system, analyzed its memory management and load-balancing mechanisms, and observed process-level changes in an injector node. We employed a new side channel to distinguish the injector’s multiple processes to assist our analysis. Our monitoring revealed that the censor coordinated an incorrect patch for Wallbleed in November 2023 and fully patched it in March 2024.
Wallbleed exemplifies that the harm censorship middleboxes impose on Internet users is even beyond their obvious infringement of freedom of expression. When implemented poorly, it also imposes severe privacy and confidentiality risks to Internet users.
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.
To understand the causes and implications of Wallbleed, we conducted longitudinal and Internet-wide measurements for over two years from October 2021. We (1) reverse-engineered the injector’s parsing logic, (2) evaluated what information was leaked and how Internet users inside and outside of China were affected, and (3) monitored the censor’s patching behaviors over time. We identified possible internal traffic of the censorship system, analyzed its memory management and load-balancing mechanisms, and observed process-level changes in an injector node. We employed a new side channel to distinguish the injector’s multiple processes to assist our analysis. Our monitoring revealed that the censor coordinated an incorrect patch for Wallbleed in November 2023 and fully patched it in March 2024.
Wallbleed exemplifies that the harm censorship middleboxes impose on Internet users is even beyond their obvious infringement of freedom of expression. When implemented poorly, it also imposes severe privacy and confidentiality risks to Internet users.
GFW Report
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted…
https://gfw.report/publications/ndss25/zh/
我们发现了一个名为Wallbleed(墙出血)的缓冲区过度读取漏洞,该漏洞存在于中国防火长城(GFW)的DNS注入子系统中。Wallbleed导致某些影响全国范围的审查设备在处理特制的DNS请求时会泄露至多125字节的内存数据。这一漏洞为我们提供了一个难得的机会,以深入了解防火长城最著名的网络攻击手段之一——DNS注入——的内部架构,以及审查者的操作行为。
为了理解Wallbleed的形成原因和影响,我们从2021年10月开始进行了为期两年的持续性、全网范围的测量。我们(1)逆向工程了DNS注入器的解析逻辑,(2)评估了哪些信息被泄露以及中国国内和海外的互联网用户受到何种影响,并且(3)实时监测审查者的修补行为。我们识别出可能来自审查系统内部的流量,分析了审查系统的内存管理和负载均衡机制,并观察到注入节点的进程级变化。为了协助分析,我们还利用了一个新的旁路信道来区分注入器的不同进程。我们的监测显示审查者在2023年11月对Wallbleed进行了一次不正确的修补,并在2024年3月完成了彻底修复。
Wallbleed漏洞例证了审查设备对互联网用户造成的危害不仅在于其对言论自由的明显侵犯。如果实现不当,审查设备还会对互联网用户的隐私和保密性构成严重威胁。
我们发现了一个名为Wallbleed(墙出血)的缓冲区过度读取漏洞,该漏洞存在于中国防火长城(GFW)的DNS注入子系统中。Wallbleed导致某些影响全国范围的审查设备在处理特制的DNS请求时会泄露至多125字节的内存数据。这一漏洞为我们提供了一个难得的机会,以深入了解防火长城最著名的网络攻击手段之一——DNS注入——的内部架构,以及审查者的操作行为。
为了理解Wallbleed的形成原因和影响,我们从2021年10月开始进行了为期两年的持续性、全网范围的测量。我们(1)逆向工程了DNS注入器的解析逻辑,(2)评估了哪些信息被泄露以及中国国内和海外的互联网用户受到何种影响,并且(3)实时监测审查者的修补行为。我们识别出可能来自审查系统内部的流量,分析了审查系统的内存管理和负载均衡机制,并观察到注入节点的进程级变化。为了协助分析,我们还利用了一个新的旁路信道来区分注入器的不同进程。我们的监测显示审查者在2023年11月对Wallbleed进行了一次不正确的修补,并在2024年3月完成了彻底修复。
Wallbleed漏洞例证了审查设备对互联网用户造成的危害不仅在于其对言论自由的明显侵犯。如果实现不当,审查设备还会对互联网用户的隐私和保密性构成严重威胁。
GFW Report
Wallbleed(墙出血):中国防火长城中的内存数据泄露漏洞
我们发现了一个名为Wallbleed(墙出血)的缓冲区过度读取漏洞,该漏洞存在于中国防火长城(GFW)的DNS注入子系统中。Wallbleed导致某些影响全国范围的审查设备在处理特制的DNS请求时会泄露至多125字节的内存数据。这一漏洞为我们提供了一个难得的机会,以深入了解防火长城DNS注入的内部架构,以及审查者的操作行为
❤4
https://gfw.report/publications/sp25/en/
China has long orchestrated its Internet censorship through relatively centralized policies and a unified implementation, known as the Great Firewall of China (GFW). However, since August 2023, anecdotes suggest that the Henan Province has deployed its own regional censorship.
In this work, we characterize provincial-level censorship in Henan, and compare it with the national-level GFW. We find that Henan has established TLS SNI-based and HTTP Host-based censorship that inspects and blocks traffic leaving the province. While the Henan Firewall is less sophisticated and less robust against typical network variability, its volatile and aggressive blocking of second-level domains made it block ten times more websites than the GFW at some points in time.
Based on the observed parsing flaws and injection behaviors, we introduce simple client-side methods to bypass censorship in the Henan province. Our work documents an alarming sign of regional censorship emerging in China.
China has long orchestrated its Internet censorship through relatively centralized policies and a unified implementation, known as the Great Firewall of China (GFW). However, since August 2023, anecdotes suggest that the Henan Province has deployed its own regional censorship.
In this work, we characterize provincial-level censorship in Henan, and compare it with the national-level GFW. We find that Henan has established TLS SNI-based and HTTP Host-based censorship that inspects and blocks traffic leaving the province. While the Henan Firewall is less sophisticated and less robust against typical network variability, its volatile and aggressive blocking of second-level domains made it block ten times more websites than the GFW at some points in time.
Based on the observed parsing flaws and injection behaviors, we introduce simple client-side methods to bypass censorship in the Henan province. Our work documents an alarming sign of regional censorship emerging in China.
GFW Report
A Wall Behind A Wall: Emerging Regional Censorship in China
We characterized the provincial-level censorship in Henan and compared it to the national GFW. The Henan Firewall conducts TLS SNI-based and HTTP Host-based censorship, inspecting and blocking traffic leaving the province. While Henan Firewall is less sophisticated…
👍2🆒1
https://gfw.report/publications/sp25/zh/
长期以来,中国的互联网审查有着相对集中的政策和统一的实现,这套系统被称为中国防火长城(GFW)。然而,自2023年8月以来,有传闻称河南省部署了自己的地区性审查系统。
在这项工作中,我们对河南省的省级审查进行描述和分析,并将其与国家级的GFW进行了比较。我们发现,河南建立了基于TLS SNI和HTTP Host的审查机制,用于检测和封锁离开该省的流量。虽然河南防火墙在复杂性和应对网络流量多样性方面有所欠缺,但其不稳定且激进的二级域名封锁策略,一度使其封锁的网站数量达到GFW的十倍之多。
我们基于对河南防火墙的流量解析缺陷和注入行为的观察,提出了一些简单的仅需客户端实现的办法来绕过河南省的审查。我们的工作记录了一种值得警惕的现象,即中国的地区性审查正在抬头。
长期以来,中国的互联网审查有着相对集中的政策和统一的实现,这套系统被称为中国防火长城(GFW)。然而,自2023年8月以来,有传闻称河南省部署了自己的地区性审查系统。
在这项工作中,我们对河南省的省级审查进行描述和分析,并将其与国家级的GFW进行了比较。我们发现,河南建立了基于TLS SNI和HTTP Host的审查机制,用于检测和封锁离开该省的流量。虽然河南防火墙在复杂性和应对网络流量多样性方面有所欠缺,但其不稳定且激进的二级域名封锁策略,一度使其封锁的网站数量达到GFW的十倍之多。
我们基于对河南防火墙的流量解析缺陷和注入行为的观察,提出了一些简单的仅需客户端实现的办法来绕过河南省的审查。我们的工作记录了一种值得警惕的现象,即中国的地区性审查正在抬头。
GFW Report
墙中之墙:中国地区性审查的兴起
我们研究了河南的省级防火墙,并将其与国家级的防火长城(GFW)进行了比较。河南防火墙对TLS SNI和HTTP Header进行审查,检查并阻止出省流量。虽然河南防火墙的技术复杂性和健壮性较低,但其激进的封锁策略让其一度封锁了十倍于GFW的域名数量。我们介绍了一些仅需客户端支持就能绕过河南网络审查的策略。我们的工作记录了一个令人担忧的迹象:中国正在出现区域性的网络审查。