May 26, 2024

On China's new, mandatory censorship software

The New York Times reports that China will start requiring censorship software on PCs. One interesting quote stands out:

Zhang Chenming, general manager of Jinhui Computer System Engineering, a company that helped create Green Dam, said worries that the software could be used to censor a broad range of content or monitor Internet use were overblown. He insisted that the software, which neutralizes programs designed to override China’s so-called Great Firewall, could simply be deleted or temporarily turned off by the user. “A parent can still use this computer to go to porn,” he said.

In this post, I’d like to consider the different capabilities that software like this could give to the Chinese authorities, without getting too much into their motives.

Firstly, and most obviously, this software allows the authorities to do filtering of web sites and network services that originate inside or outside of the Great Firewall. By operating directly on a client machine, this filter can be aware of the operations of Tor, VPNs, and other firewall-evading software, allowing connections to a given target machine to be blocked, regardless of how the client tries to get there. (You can’t accomplish “surgical” Tor and VPN filtering if you’re only operating inside the network. You need to be on the end host to see where the connection is ultimately going.)

Software like this can do far more, since it can presumably be updated remotely to support any feature desired by the government authorities. This could be the ultimate “Big Brother Inside” feature. Not only can the authorities observe behavior or scan files within one given computer, but every computer now because a launching point for investigating other machines reachable over a local area network. If one such machine were connected, for example, to a private home network, behind a security firewall, the government software could still scan every other computer on the same private network, log every packet, and so forth. Would you be willing to give your friends the password to log into your private wireless network, knowing their machine might be running this software?

Perhaps less ominously, software like this could also be used to force users to install security patches, to uninstall zombie/botnet systems, and perform other sorts of remote systems administration. I can’t imagine the difficulty in trying to run the Central Government Bureau of National Systems Administration (would they have a phone number you could call to complain when your computer isn’t working, and could they fix it remotely?), but the technological base is now there.

Of course, anybody who owns their own computer will be able to circumvent this software. If you control your machine, you can control what’s running on it. Maybe you can pretend to be running the software, maybe not. That would turn into a technological arms race which the authorities would ultimately fail to win, though they might succeed in creating enough fear, uncertainty, and doubt to deter would-be circumventors.

This software will also have a notable impact in Internet cafes, schools, and other sorts of “public” computing resources, which are exactly the sorts of places that people might go when they want to hide their identity, and where the authorities could have physical audits to check for compliance.

Big Brother is watching.


  1. I’m a PC user from this crazy country , I hate this spy-ware, it’s just wasting of this country’s money and killing the freedom of thought. By the way, I’m not afraid of spy-ware they created for PCs, but when they embedded that into Router or somewhere else, we’ll have none choice but loose the freedom on the internet.

  2. So for the “Great Firewall” its something that I assume many computer users don’t directly interact with. Now that they are putting software on end users computers it seems that the censorship will be staring them in the face in a way that is more obvious. And maybe that is a good thing. The more the chinese realize they are being denied basic online freedoms they more likely they will want change.

    In Iran if the government had let the reformist win nothing much would have happened (the president has no real power). But now that Iranians realize that they basically live in a dictorship and the government ignores their voice they are pissed.

    Who knows maybe not but one can hope.

    Inside Houston

  3. Thanks. Very interesting article

  4. Very interesting Big Brother stuff, just wonder how long it will take the hackers to bypass this stuff. My guess, not to long. Freedom will find a way.
    Speed Cleaning

  5. Anonymous says

    Dan, it’s not “censorware”, as no end user is required to install or run it. It’s a 1-year free anti-malware license. PC makers are not required to preinstall Green Dam either.

    Our own government does the same thing. Dept of Justice makes free McGruff SafeGuard ( available to US citizens.

  6. Anonymous says

    I’ll turn to English and try to make English my first language from now on, I believe they (the cn government ) don’t stop their steps to control the internet, and I believe their text filter of none chinese language will be less powerful. Freedom will live long life time, much much longer than the spy ware.

  7. Anonymous says

    I’m a PC user from this crazy country , I hate this spy-ware, it’s just wasting of this country’s money and killing the freedom of thought. By the way, I’m not afraid of spy-ware they created for PCs, but when they embedded that into Router or somewhere else, we’ll have none choice but loose the freedom on the internet.
    Thanks for your nice article.

  8. It is very ironic how China claims to have a “great firewall” but they have created a system that could cause cyber attacks. How in the world could they millions of people download this software?


    selling photography 101
    1 dollar ebooks

  9. As someone who has worked in the PC bixz, there is no way you can get new software onto the HDDs of retail PCs in 6 weeks. Whoever thought this up doesn’t understand the manufacturing process, that of building and testing gold HDD images that get handed off to the disk manufacturer to put on their disks for you. The lead time is atrocious. Then there’s the fact that it probably won’t work on Windows 7, which all the manufacturers are gearing up for.

    the only way you get the software on PCs by august is to have it on a CD bundled in the box, “install a police state here”, or push it out via whatever update clients are installed on the machine.

  10. Drew Dean says

    I read the same thing re: bundling as Drew Thaler. However, my question is what OS(es) will the censorship software support? Presumably Windows is supported but recall that China was (maybe still is?) promoting Linux. What about MacOS? Will machines have to be bundled with software that they are incapable of running?

    • Presumably, version 1 only supports Windows. At some later point, the authorities could just require compatible features from other vendors, including embedded products, and they could also do their own “official” version of Linux and/or other open-source systems.

  11. It gives the Chinese government one helluva’ platform for launching cyber attacks, too, doesn’t it?

    • John Millington says

      Such a platform would be too centralized (all sharing the same series-of-tubes out of the country) to be any more useful than whatever the government already has. This ain’t one of the things I’d worry about.

      Although, I guess related to that, it gives the government a handy supercomputer (except it’s one they can’t trust, so I don’t know how useful that would be for, e.g. nuke simulations).

  12. Hmm. It’s apparently mandatory for the computer manufacturers to bundle the software, but apparently not mandatory for end users yet. (Or, at least, the Times only mentions bundling.) So it’ll still be relatively straightforward to avoid: just reinstall a fresh, trusted copy of Windows. But you’re right that a single Green Dam host could compromise an entire LAN, at least to the extent of sniffing for IP addresses that you’re connecting to, or logging DNS queries, or something. Not good.

    On the bright side, it’s also going to create an IT nightmare for the Chinese government. They say it’s been downloaded 3.2 million times. Now they are about to start shipping it on 40 million PCs *per year*. That’s 12x the number of users in a single year, 25x in two years. It’ll be a mess to deal with.

    • Anonymous says

      yeah, so many machines need to listen, they don’t have the ability to control all the machines in this country, I believe in that too