A Technical Analysis on How a Chinese Company is Exporting The Great Firewall to Autocratic Regimes
Over the past two decades, the Chinese government has been steadily refining their model of internet control using surveillance and censorship technologies domestically while promoting this approach to other nations under the banner of “digital sovereignty”. Through the export of these technologies, China is not only extending its global influence but also laying the foundation for a federated system of internet governance. In this system, Chinese companies provide the infrastructure and expertise for client governments to more easily monitor and control their own networks, while learning from these deployments and improving collective capacity for digital authoritarianism worldwide.
This research by InterSecLab uncovers evidence of the export of a suite of technologies resembling China’s Great Firewall by Geedge Networks, a private company linked to the academic entity ‘Massive and Effective Stream Analysis’ (Mesalab), a research laboratory at the Chinese Academy of Sciences. Our team’s investigation identifies a pattern of commercialization of surveillance capabilities, with Geedge Networks offering a suite of products that enable comprehensive monitoring and control of internet users.
InterSecLab’s analysis reveals that Geedge Networks is contracted with governments in Kazakhstan, Ethiopia, Pakistan, Myanmar, and one other unknown country to establish sophisticated systems of internet censorship and surveillance. Furthermore, our findings indicate that Geedge Networks is also involved in developing similar systems deployed within China, including in Xinjiang and other regions.
Following a joint investigation of 100,000 leaked internal documents linked to the Chinese company Geedge Networks, researchers found that the Chinese company has exported an internet censorship toolset similar to the Chinese Great Firewall to autocratic regimes.
The research team was composed of investigative reporters from several media outlets and researchers from human rights and internet freedom groups, including InterSecLab, Amnesty International, Justice For Myanmar and the Tor Project. The research team spent almost one year reviewing the 100,000 documents that leaked in 2024, and discovered that China, through its affiliated private company, has developed a business model by providing censorship services to autocratic regimes and has tested new surveillance technology domestically in Xinjiang and other Chinese cities.
Geedge Networks: China’s private entity on censorship and surveillance
The Beijing-based Chinese company Geedge Networks was founded in 2018 by Fang Binxing, a former principal of Beijing University of Posts and Telecommunications who was crowned the father of the Great Firewall. On the company’s website, it describes itself as “a global provider of network security and intelligence equipment and solutions.”
Like the Chinese Great Firewall, the “security network” offered by the Chinese company can filter websites and apps, conduct real-time online surveillance, control internet data flow by region, enact internet blackouts, detect and block circumvention tools (including VPNs), launch DDoS attacks against targeted websites, monitor and control internet users’ data flow, infect users with malware, and geographically locate individual internet users.
The leaked documents revealed that the company, in addition to providing censorship and surveillance systems to governments from autocratic regimes, including Myanmar, Pakistan, Ethiopia, and Kazakhstan, also conducts testing projects in various regions within China in Xinjiang, Fujian, and Jiangsu, to enhance its surveillance and censorship systems further.
The researcher from InterSecLab found that the system relies on remote management by the company employees in China, and the data of internet users from their clients are shared with students at MesaLab, a research laboratory on informational national security at the Chinese Academy of Sciences. This not only implies an infringement of internet users’ privacy, but also has serious implications for national data sovereignty, as InterSecLab’s researchers highlighted.
Geedge’s overseas Great Firewall business
Kazakhstan is Geedge’s first foreign government client. The leaked documents show that the Chinese company worked with the president of Kazakhstan, Kassym-Jomart Tokayev, who studied in China between 1984–1991, to promote the image of a “state that listens” to civil society when Tokayev began his presidency in 2019. Yet, the “constructive dialogue” was monitored and manipulated through the Chinese political control toolset.Geedge started operating in Ethiopia around 2021 after the Tigray war broke out in 2020. The researchers said that the Chinese system was used to detect and respond to social unrest.
Geedge’s operations in Pakistan began in 2023, after the Canadian software company Sandvine ended its contract with Pakistan under the political pressure of US sanctions. Upon further development of Sandvine’s hardware, Geedge enhanced the capacity of the pre-existing monitoring system to track local internet traffic and detect and block the use of circumvention tools. In 2024, Access Now’s “Keep It On” report registered 21 shutdowns, and the Pakistan Telecom Authority acknowledged over 100,000 instances of content blocking over concerns including “morality,” “national security,” and “incitement of hate.”
The implementation of the Geedge system in Myanmar also began in 2023, two years after the military coup that overthrew the democratically elected government of Aung San Suu Kyi in February 2021. Geedge helped the junta block 55 apps, including circumvention tools such as VPNs and Tor, as well as messaging apps like Signal and WhatsApp. In 2024, the junta ordered 74 internet shutdowns to cover up the killing of civilians during armed conflicts and to isolate the country from the rest of the world.
The complicity of Western companies
As indicated in the leaked documents, Geedge’s toolset must be installed by internet service providers (ISPs). In the case of Myanmar, Frontiir, an ISP that received investment funds from Denmark, Norway, and the UK, had installed in its data centers Geedge’s hardware that could track people online, and block websites and VPNs. Yet, the company denied its involvement in assisting censorship and surveillance.
InterSecLab’s report also revealed that Geedge had used certain technologies owned by Western companies in its censorship business. For example, according to the data leak, Sentinel HASP, a software license protection application developed by a subsidiary of the French aerospace and defense giant Thales Group, has been used by Geedge to set a time limit on client access to its software, therefore monetizing its software. However, in response to InterSecLab’s finding, the Thales Group said that “Geedge Networks software does not rely on Sentinel to function. Thus, Sentinel does not contribute to the performance and functioning of Geedge Networks software and has nothing to do with the surveillance function of Geedge Networks’ product.”
InterSecLab highlighted the need for transparency and accountability among Western companies regarding their involvement in business activities that violate human rights.
Xinjiang: Testing ground for new surveillance technologies
The leaked document showed that Geedge had a special operation in Xinjiang in collaboration with MesaLab and the Chinese Academy of Sciences beginning in 2022. The consortium of local government, academics, and Geedge indicates that the project is closely affiliated with the Chinese government.
A major testing feature of the Xinjiang project is Cyber Narrator, which aims to analyze internet user behavior, lifestyle patterns and relationships. It is capable of generating a relationship graph based on a person’s contacts, online groups, and data from the users’ applications and websites they visit.
Another feature is an alert system targeting specific individuals when they enter a designated area, change SIM cards, make an international call, or use circumvention tools and foreign social media applications.
The Geedge system also strengthens its geo-detection capacity, which not only locates an individual but also maps the distribution of a monitored group and their geolocation pattern to identify unusual gatherings.
Other domestic projects have taken place in Fujian and Jiangsu. The former is a southern Chinese province, located off the coast of Taiwan, a runaway autonomous state that China claims as a part of its sovereignty. There was limited information about the Fujian project in the leaked document. As for Jiangsu, the project was related to the development of a scam-detection system.
The development, as indicated by the leaked documents, shows that the Chinese government is actively translating its political control model into a capitalist business model that caters for the needs of authoritarian and autocratic governments. The domestic censorship and surveillance system, hence, extends beyond the country, affecting people who live under oppressive regimes around the world.
Source and credits: INTERSECLAB
September 09th, 2025
Read the full report
The Internet Coup: A Technical Analysis on How a Chinese Company is Exporting The Great Firewall to Autocratic Regimes.
This research by InterSecLab is part of the Great Firewall Export investigation, a joint collaboration with the partners Amnesty International, Justice For Myanmar, Paper Trail Media, The Globe and Mail, the Tor Project, the Austrian newspaper DER STANDARD and Follow The Money.