Playing with Fire: OSINT and China’s Great Firewall

China’s Great Firewall (or GFW) is one of the most sophisticated and tightly enforced systems of internet censorship in the world. It shields China from the Western internet; and behind this barrier, a rich and distinct online ecosystem flourishes - one entirely foreign to non-native netizens. If surfing the Chinese web is tough going for Westerners, OSINT in China is even harder. 

For anyone doing OSINT in China – crucial for everything from human rights activism to cyberthreat intelligence to academic research – the GFW is a major hurdle. Jumping it is almost impossible; meanwhile, its boundaries shape what data is available, how one can access it, and the serious risks involved.  

This guide will teach you everything you need to know about OSINT and the Great Firewall. We’ll take you behind the digital iron curtain, giving you a glimpse of the Chinese online world. You’ll learn the rules of the Chinese OSINT game, along with safe, effective strategies for working with OSINT in and around the GFW.

Ready? 我们走吧!

What is the Great Firewall?

The Great Firewall (formally known as China’s Golden Shield Project), was first sparked in 1998. Recognising that the internet could destabilise cultural hegemony, the Chinese government lit on an initiative to separate Chinese cyberspace from the rest of the world. That way, they could censor the information available to the Chinese people - and prevent them accessing anything detrimental to the country’s interests. 

Over a quarter of a century later, the Great Firewall is still raging. This layered system of controls both restricts Chinese users’ activity, and monitors everything they do online - with or without their knowledge. If they step too far over the line, they’re liable to get burned. The GFW system includes:

• IP blocking: Nixing access to blacklisted non-Chinese servers
• DNS poisoning: Altering DNS resolution so requests to blocked domains fail. Also known as ‘DNS spoofing’.
• Keyword filtering: Blocking content, searches, and posts that includes certain blacklisted keywords
• Deep Packet Inspection (DPI): Examining the contents of internet traffic, and denying anything not deemed acceptable.
• Manual content moderation: Takedowns of disallowed content by human moderators (usually on social platforms like WeChat)
• Legal regulation: Banning internet tools that could bypass the GFW (most of all VPNs).

The system’s layers change over time: the administrators might add new keywords to the filter list, or suddenly tighten controls during political events. Meanwhile, attempting to breach the GFW from within China can land you a fine, prison time, or worse. For OSINT practitioners, it means that what is accessible one week may be partially or fully blocked the next. In short, the GFW makes Chinese OSINT work extremely high-risk; after all, you’re playing with fire. 

Burn Risks: Key OSINT Challenges Around the Great Firewall

Speaking of risks, let’s get into what they are. There are six (surmountable) obstacles that every OSINT investigator will face in China, and it’s important to understand them deeply if you want to work well. Here’s what to expect from Chinese-source OSINT - all thanks to our fiery friend the GFW.

Restricted Access to Foreign Platforms

Most major Western platforms are blocked in China, so you won't have access to the usual suspects like Google, Youtube, X and Meta products. Instead, you’ll be reliant on Chinese native platforms like WeChat. This unfamiliar territory might complicate data collection, especially when some foreign OSINT tools and databases are blocked too.

Anonymity Loss

Chinese regulation requires most services - from mobile phone SIMs to Chinese platform accounts - to be tied to a verified real-world identity. Like a souped-up Online Safety Act, this obliterates people’s ability to create pseudonymous accounts, making anonymity an impossibility. It also stops you making sock puppet accounts for your Chinese OSINT work.

The Language Barrier

As a closed society, China’s language is extra idiosyncratic. Slang terms change fast, whilst memes and inside references can be hard to decode for non-natives. Researchers need Mandarin fluency or strong collaboration with native speakers; the GFW’s censorship will understand the context, so you should too. 

Content Censorship

Even when you manage to get your hands on Chinese OSINT gold, it can slip through your fingers. Entire posts, threads, and accounts can all blip out of existence at the censor’s whim. Archival access isn’t guaranteed, so expect missing data as a hazard. Chinese censorship may also cause distortions: like gaps in narratives, or people thinking twice and changing what they choose to post. 

Legal Risks

Using VPNs and proxies is a legal grey area in Chinese OSINT. Every now and again, China brings down the ban hammer on firewall-dodging tech - introducing regulation that makes using (or even providing) certain tools punishable by fines, or even imprisonment. This generates risk for both you and your Chinese sources, so make sure you know the law. 

Verification and Source Reliability

As a rule: if restrictions on public discourse increase, so do the risks of propaganda, misinformation, and fake news. State-sanctioned narratives are privileged, so be aware that with OSINT in China, you can’t take things at face value. Meanwhile, follow-ups with human sources (eyewitnesses, contacts inside China), will be much riskier and less reliable under mass state surveillance. 

Leaping The Flames: Workarounds and Techniques for Chinese OSINT

Given these obstacles, it’s easy to see that OSINT in China won’t be a walk in the traditional landscape garden. However, there are some handy workarounds you can use to dodge the GFW - with maximum effectiveness, and minimum risk.

1. Circumvention Tools: As we’ve previously mentioned, it’s important to be conscious of legal risks when attempting to leap the flames of the GFW. But there are some circumvention tools you can use safely. 
   
   1. VPNS are the classic tool for Chinese OSINT, specifically those that have been tested and found safe to use in China. Some providers may be blocked, and some blacklisted. 
   2. Proxy servers (e.g. Psiphon, Lantern etc) use several complex layers of obfuscation to slip through the GFW, and protect your browsing from censors’ prying eyes. They are free, but slower than VPNs.
   3. Tor is a commonly available and effective tool for OSINT investigators branching into Chinese work. Direct use is often blocked, but Tor bridges and domain fronting can work - if you’re prepared to keep re-adapting your approach to beat the block. 
2. Local Platforms and Domestic Sources: Since Western platforms are a no-go, most of the data you need for OSINT work will be on Chinese native platforms: WeChat (aka Weixin), Weibo, and the like. Master these, and get used to using Chinese search engines like Baidu. Many of these domestic platforms are more accessible to researchers outside China (though, again, often with IP restrictions). 
3. Online Archivers: There are online communities dedicated to archiving Chinese posts that fall foul of the GFW, like the late FreeWeibo. Even if something’s been “disappeared”, archives will help you verify that it actually existed. 
4. Archive Everything: Do some archiving yourself, too. If you find evidence in your Chinese OSINT work, always archive it. That way if it vanishes, you can rely on those snapshots to prove it once existed. 
5. Geographic Vantage Points: The best advantage is a Chinese collaborator. They can cross-validate the visibility of content - letting you know what’s actually censored, and what’s available to the Chinese public. Since censorship varies from region to region, multiple vantage points help you see what’s genuinely hidden, and from who. 
6. Cultural Immersion: Work with Mandarin speakers. Ideally, collaborate with investigators that are native Chinese, or at least have lived there long enough to be internet literate. Knowledge of local slang, algospeak, and memes is the only way to accurately track the discourse; under censorship, most meanings will be indirect and take a native to parse. 

Fire Safety: OpSec, Ethics and Legal Awareness

Even with all these tools and techniques under your belt, fighting the Great Firewall will always be one of the internet’s riskiest OSINT missions. The most important advice we can give you for Chinese OSINT work is this: prioritize safety. Not just your own safety, but that of others too - both on and offline. 

For yourself, always use secure and private communication channels; preferably encrypted ones. The same goes for your circumvention tools, which should always be 100% secure. Consider using an alternate device for your Chinese OSINT work to make things less traceable. 

Meanwhile, make sure you also assess the risks for any other individuals involved. People inside China who share information with you - or assist you in bypassing the Great Firewall - are at the highest risk of all. Arrests and fines happen, often, even for offences that involve foreign nationals. So as the sensitivity of the topic you’re investigating increases, expect your eyewitness sources to either melt away… or get much more tight-lipped. 

Lastly, read up everything you can on regulations around cybersecurity and the Great Firewall, from as up-to-date sources as possible. The legal situation changes, and what is considered permissible can shift rapidly.

To see Chinese OSINT in action, check out our Case Study:

‘Julian was able to reveal, through research with OSINT Industries, not only proof of Chinese culpability… but, with some degree of certainty, that guilty actors were members of the Chinese Communist Party (CCP)...’

Read: An OSINT Investigator Exposing the Truth About Chinese Fentanyl