GFW Connectivity Diary
The GFW is not a static wall; it is a dynamic weather system. This diary tracks daily fluctuations in censorship pressure to help you adjust your protocols accordingly.
Cybercrime Prevention Law: Exit Bans & Extraterritorial Enforcement
Ministry of Public Security announced draft Cybercrime Prevention and Control Law (网络犯罪防控法) on February 2. Key provisions: 3-year exit bans for cyber-offense convictions, fines up to 20x illegal income, and extraterritorial jurisdiction targeting foreign VPN providers and overseas facilitators.
Enforcement Target: VPN operators, payment processors, and "human infrastructure" — not personal end-users. Zero reported cases of foreigners penalized for personal VPN use as of March 2026.
Technical Impact Assessment:
No change to protocol detection capabilities. This is a legal framework update, not a technical GFW upgrade. WireGuard and OpenVPN were already blocked before this law. VLESS-Reality (98%) and Hysteria2 (81%) remain effective because they bypass detection at the protocol level, regardless of legal penalties.
Read full technical & legal analysis →Escalation: Whitelists & Education Net Blocks
Critical Update: Reports (Jan 27) confirm
GFW "Small Whitelist" testing in select provinces, dropping
all unverified overseas traffic. Additionally, CERNET (Education Net) has deployed specific blocks against TLS record fragmentation.
Regional Alert: Users in Henan Province face a secondary firewall blocking ~4.2M domains (5x national
average).
Also in the Feed:
- CAC "Minor Protection" Rules (Jan 23): New regulations targeting content affecting "minors' values" effective March 1. Expect keyword tightening on social platforms.
- GitHub Degradation (Jan 26): Coinciding with global Actions failures, China-based devs report a 17% block rate for API requests and package registries.
Countermeasure Release:
Xray-core v26.1.23 released with native port-hopping. This is the primary mitigation for China Mobile's 8PM-11PM UDP throttle.
Proactive IP Throttling Detected
As of 18:00 CST, we are seeing a spike in TCP Reset (RST) packets originating from China Telecom's 163 backbone for all UDP traffic on port 443. This appears to be targeting standard WireGuard fingerprints.
Analyst Recommendation:
Switch to VLESS-Reality or Astrill StealthVPN (Port 443). Avoid UDP-based tunnels until further notice.
Unicom AS4837 Resilience
Peering between China Unicom and NTT/GTT backbones remains high-performance. Let'sVPN and VLESS nodes hosted in Tokyo/Hong Kong are reporting < 150ms latency. This is currently the most stable route for international CDN access.
Shadowsocks Entropy Block Wave
Massive wave of Shadowsocks IP bannings reported in Shenzhen (China Mobile). The GFW's entropy analyzer is effectively flagging high-entropy data chunks exceeding 1500 bytes. Users are advised to enable obfs-tls or migrate to VLESS-Reality immediately.