Truth, Inspiration, Hope.

Massive Leak of ‘Great Firewall’ Documents Offers More Insights on China’s Internet Censorship

Leo Timm
Leo Timm is a translator and writer focusing on China-related news, culture, and history.
Published: September 19, 2025
A woman watches while using her laptop in front of Tencent's booth during the World Artificial Intelligence Conference (WAIC) in Shanghai on July 6, 2023. (Image: WANG ZHAO/AFP via Getty Images)

A leak of more than 100,000 internal files from a Chinese cybersecurity company has shed new light on how Beijing builds and exports digital repression tools, raising concerns about the global spread of authoritarian internet control. 

The documents, belonging to Geedge Networks, were published online earlier this month and analyzed by researchers with InterSecLab and several human rights organizations. 

An expert said the scale and detail of the disclosure suggest it was an intentional leak, possibly from inside the company itself.

Geedge Networks, founded in 2018, describes itself as a cybersecurity provider. But according to the leaked records, the firm has been supplying governments in Kazakhstan, Ethiopia, Pakistan, Burma (Myanmar), and at least one other country with censorship and surveillance systems. 

Researchers found evidence of contracts at both the national and provincial level, including in the Xinjiang region of western China, where the Chinese Communist Party (CCP) authorities have long carried out intrusive monitoring of ethnic and religious minorities.

A ‘devastating’ leak

The leaked cache includes internal correspondence, technical manuals, minutes of meetings, reimbursement records, and personnel files. Bill Xia, president of Dynamic Internet Technology (DIT), told The Epoch Times on Sept. 13 that the exposure would be “devastating” for the company’s internal trust. 

DIT was founded in 2001 to develop tools for circumventing the CCP’s internet censorship. Its products have been used by millions in China to access content otherwise blocked by the “Great Firewall,” as Beijing’s online repression is popularly termed. 

“This leaked information about many internal personnel has been a deterrent to all involved,” he said, noting that names of staff, detailed software analyses, and sensitive reports were disclosed. Xia added that the information could also help developers of anti-censorship tools better understand how the CCP censorship operates.

“For example, many overseas reports that simply refer to VPN tools [are] actually inaccurate. The vast majority of VPN tools lack the ability to circumvent the Great Firewall,” Xia explained, stressing that open-source circumvention projects can be more easily reverse-engineered by Chinese authorities.

A photo illustration taken on March 30, 2018 in Beijing shows the screen of a laptop with the word “VPN” written in the search field of the Chinese Baidu website. Chinese authorities had announced that all unrecognised VPN services would be blocked by March 31, meaning that Chinese and foreign companies must choose from a limited number of state-approved VPNs. (FRED DUFOUR/AFP via Getty Images)

Exporting digital authoritarianism

On Sept. 9, InterSecLab published a report based on the leaked files, warning that Geedge’s open marketing of censorship services signals “a fundamental shift in both technical capability and willingness to deploy such technologies around the world.” 

Unlike earlier “patchwork” attempts at digital repression, Geedge offers turnkey solutions that can be deployed rapidly. In some cases, researchers found, the company accomplished “in a matter of months tasks that a client government struggled with for years.”

The report highlights how Geedge technologies enable both broad and targeted controls. Systems such as Cyber Narrator allow governments to locate individuals through cell identifiers and monitor gatherings in real time. Other tools include Tiangou Secure Gateway (TSG), a national-scale firewall capable of filtering internet traffic, blocking tools and apps, and tracking specific users. A related platform, TSG Galaxy, stores and analyzes large volumes of intercepted data.

Documents also show client requests for added features, including social relationship mapping, SIM card change detection, and even offensive cyberattack services.

One example of how these tools are used came during Ethiopia’s civil conflict. In December 2022, while the Ethiopian government was announcing a cease-fire at the United Nations’ Internet Governance Forum, Geedge executives were simultaneously approving contracts for new data centers in the country. Log entries show development of surveillance systems continued throughout 2023 and 2024, even as international officials praised Ethiopia for reconnecting its Tigray region to the internet after a two-year blackout.

“These systems empower client governments to conduct both broad-scale population monitoring and internet shutdowns, while simultaneously enabling granular surveillance of internet users,” the InterSecLab report stated.

Global links and complicity

The leak also exposed how international companies may be indirectly enabling these systems. Researchers noted that Geedge relies on Sentinel HASP, a digital rights management product originally developed in the West and now owned by French defense contractor Thales Group. The documents indicate that client governments’ access to Geedge firewalls depends on the licensing of this software. Thales told investigators that while it does license Sentinel to Geedge, it does not contribute to surveillance functions. The company did not respond to further questions.

The report also stressed the role of internet service providers (ISPs). “There is no way for Geedge to install its hardware without the knowledge and collaboration from ISPs,” researchers wrote, urging international telecom companies to reconsider their involvement in projects that could bolster authoritarian control.

Beyond exposing global expansion, the leak points to growing internal strain within China’s censorship apparatus. Xia argued that the deliberate release of so many files suggests discontent within the ranks of those who build the Great Firewall. “This is also what we’ve seen in the past year or two, with many grassroots people coming forward to expose the CCP and things happening in China,” he said.

Journalists crowd around a laptop during a press conference by He Lifeng, the Director of the National Development and Reform Commission, at the ongoing annual National People’s congress (NPC), China’s legislature in Beijing on March 6, 2018. (Image: GREG BAKER/AFP via Getty Images)

He emphasized that while the revelations are damaging for Geedge, they provide valuable intelligence for developers working on freer and more resilient internet technologies. 

“Another misconception overseas is that open source is crucial, with everyone collaborating to develop the most powerful solution to circumvent these blockades,” Xia said. But as the leaked files show, open-source projects are particularly vulnerable to reverse engineering and hence countermeasures by the CCP. 

The Geedge documents were released as part of the Great Firewall Export investigation, a joint effort by InterSecLab, Amnesty International, Justice for Myanmar, Paper Trail Media, The Globe and Mail, the Tor Project, Austrian newspaper Der Standard, and FollowTheMoney. The coalition argues the findings come at a “critical moment for internet freedom worldwide,” as authoritarian states acquire increasingly sophisticated means to control their populations online.

The timing was underscored by a separate Associated Press report, also published on Sept. 9, which documented how Chinese surveillance systems used to persecute Uyghurs and Falun Gong practitioners incorporated technologies originally developed by U.S. companies.

Researchers say the leaked records highlight not only how China refines its domestic censorship, but also how it monetizes repression abroad. “Our research suggests that the possibility for rapid expansion is likely,” InterSecLab concluded.