Get your website working in Mainland China – China Internet 101

 

In my 8+ years living and operating online businesses in Asia, I’ve learned a few hard lessons. Here’s a big one: China is different. When it comes to delivering a website, app, or any sort of internet bound service China requires far more planning and investment than any other market in the world today.

The internet is global by design. For most organizations, the infrastructure used to deliver a website in France is the same infrastructure used to deliver a website in Germany.  China however, has its own version of the internet. If your website, app, or business serves a mainland Chinese audience you need to understand the  differences between the internet you are used to v.s. the internet ecosystem in the People’s Republic of China. Here are 5  differences technology professionals need to plan for.

Note: When “China” is mentioned below I am referring to Mainland China. This excludes the autonomous regions of Hong Kong and Macau. It also excludes Taiwan which is its own nation entirely. (but don’t tell China I said that.)

 

China Great Firewall

1 – The Great Firewall of China (GFoC)

The most famous of differences is “Project Golden Shield”, or what is colloquially known as the “Great Firewall of China” (GFoC).

The GFoC is China’s censorship apparatus. Its goal is to filter and block content and services from reaching the Chinese mainland that the government has deemed against its natural interests. Some examples being:

  • Foreign (non China) media websites such as the New York Times, CNN, The Guardian.
  • Foreign Social media platforms such as Twitter, Facebook or SnapChat.
  • Foreign messaging apps such as Skype, Facebook messenger, WhatsApp.
  • Gambling websites of any kind
  • Pornography websites of any kind
  • Wikipedia
  • Websites disparaging or satirizing government figures or sowing public discontent / unrest. This includes content related to the Dalai Lama, or Falun Gong.
  • In addition to the criteria above, any website which the censors employed by “Project Golden Shield” deem to be offensive.

Wikipedia has a more detailed list, of sites which are actively blocked, but it is far from exhaustive.

Although often described as a discrete network service, the GFoC is really a collection of technologies deployed by Chinese hosting providers, Major Chinese Tech companies, Telecom providers and the Government itself. Through these technologies the GFoC can:

  • block a website URL via DNS poisoning
  • Deny traffic to and from a port, IP address, or IP address range via TCP resets or simply dropping the traffic
  • Filter content by keywords in URL’s
  • Block or interrupt services to VPN’s
  • Intercept and block or monitor unencrypted communications and even some encrypted information via “Man in the middle” attacks

Interestingly GFoC blocking is not always black and white. In my experience working with various businesses in Asia Pacific – it’s common for some sites to be available during one time, and unavailable during others.  It’s also possible to be blocked in one region, and not another. Many online businesses make the mistake of running a few tests from mainland China and assuming if it works once, it works always. Nothing could be further from the truth.

It is also important to note that the GFoC’s methods of blocking are not obvious. At no time is a user in China presented with a dialog or message that a site has been blocked. It simply does not work. This is a very important distinction because to a potential user in Mainland China, a site or app simply fails to load. The perception will likely be that the site or service is broken, not that the GFoC has stopped it from working. In other words, potential users will blame you, not their Government or ISP.

To avoid being blocked by the GFoC ensure these basic precautions are taken:

  • Do not offer ANY content or service which the GFoC would find offensive. It may work temporarily, but if you gain any sort of audience or sizable traffic within China – they will find it, and it will be blocked! This is not an “if”, but a “when”.
  • Even if your site or product is absent of content the Chinese government finds offensive, certain words or content types can raise additional scrutiny. Any media, social media, or video content will be watched with extreme caution and possibly banned without warning.
  • Encrypt your entire site using TLS whenever possible. This reduces the chances of false positives, and typically speeds up most sites as encrypted content cannot undergo proxy filtering or deep packet inspection GFoC perimeters employ.
  • Avoid domains and URL’s which contain “unsafe” words related to banned content. This could include video, media or even seemingly harmless Chinese in-jokes like whinny the poo.
  • Apply for an ICP license. This is really the only way to ensure your content is allowed to be served within China. Technically ANY SITE without an ICP license can be banned at any time, without warning or explanation.

China ICP

2 – Hosting + ICP Licensing

Hosting content within China remains the best option from a performance perspective. Having web servers + cloud services running within the country will skip many of the GFoC and networking bottlenecks,  ensuring your content is fast and available to Chinese users. Cloud services like Aliyun have made building complex web applications within Mainland China as easy as AWS. (Note: AWS  also have a China presence, operated by a local partner)

If your website or product allows, a separate China instance often solves many problems. Just be aware of the trade-offs. Hosting in China may mean that site is slower everywhere else.

Some businesses cannot put webservers or sensitive information in China for security or compliance reasons. In this case hosting in nearby Hong Kong, Taiwan or Japan can provide decent latency, but beware the networking challenges explained in the next section.

Regardless of where you host your content from, if you want it to stay accessible for Chinese users, you must have an “Internet Content Provider” (ICP) license. These licenses are issued regionally, and are typically granted by hosting providers. Technically, any website or domain which does not have an active ICP license can be blocked at any time. You must either be a Chinese Citizen to apply for a personal license, or a Chinese business to apply for a corporate license. Both require strict “Know Your Customer” processes and in-person verification. This means Foreign companies or individuals which wish to secure ICP licenses must work with a Chinese partner.

Websites are required to publish their ICP Number on the footer of their site. The license contains the region it was issued and a unique number tied to that domain.  Baidu’s ICP looks like this: “京ICP证030173号”. An ICP License applies to a root domain. – in our example, all sub-domains of Baidu are covered by this license.

Remember, just because you have secured a license it does not make you exempt from the content rules above. ICP’s are often rescinded at the first sign of trouble, usually accompanied by a swift block from the GFoC.

China Network Transit

3 – Network Transit and Peering

Of all the technical differences between the Global and Chinese Internet, I find Network Transit  the most interesting.

The internet is functionally a gigantic collection of separate networks, held together by common standards and protocols. Commercially, these large networks either pay to access one another, or they “peer” and swap traffic for free.

Mainland China’s Internet backbone is handled by three state-owned ISP’s. China Telecom (North), China Unicom (South) and China Mobile. (nationwide). Peering points for these networks are extremely congested – often resulting in massive slowdowns to internet services in one region or the next. I’ve personally seen more than one businesses operate in China for years, confident with their revenue growth in the South, not knowing (or not believing) they are non-functional in the north.

For Global ISP’s, “transit” traffic usually gets more expensive with distance. A 100mbps dedicated network connection between New York and Connecticut would be far cheaper than a 100mbps dedicated connection between New York and Dubai. Sure enough in China, the exact opposite is true. Traffic could be $8 per 1mbps of bandwidth between Guanzhou and Europe, and $80 per mbps between Guanzhou and Hong Kong, which are neighboring cities.

The reasons for these inefficiencies are two-fold: One, congested peering and expensive bandwidth creates great commercial opportunities for Chinese ISP’s. Dedicated Intra-China bandwidth between Tier 1 ISP’s can go for over $120 per mbps! That’s a lot of gravy.

Two, these inefficiencies throw up big cost barriers to foreign companies and have the added effect of slowing down foreign-hosted websites. Say for instance a Chinese user requests a web page hosted in nearby Japan. If the hosting provider doesn’t pay Chinese Telecom companies for transit, the traffic will likely flow via California or Russia, or some other distant place where transit is cheaper. Between the inefficient network paths , the delays added by the GFoC and congested peering its easy to see how most foreign-hosted websites are slowed to a crawl.

China-focused CDN’s such as Chinacache solve many of these Networking issues as they  cache content all around the country and have existing transit + peering agreement with Chinese ISP’s. CDN’s are also privy to ICP rules, so you will need a license before you can serve any content from them.

China DNS

4 – DNS

DNS in China is also unique for a several reasons.

1 – It is an integral part of the GFoC, and hence tightly controlled and centralized.

2 – All Chinese-hosted DNS is Unicast. There are no Anycast DNS services.

3-  Global DNS Providers rarely have DNS Edge nodes in China, and when they do they are on a separate network which requires additional cost.

This results in foreign sites being put at  a disadvantage, yet again.  DNS lookups need to traverse the GFoC, and with the combination of network filtering, congestion and the generally flakiness of the UDP protocol, packets are often slow in returning or go missing all together.

The best solution is to use a China-based DNS provider like DNSPod or Alibaba DNS. This will keep your DNS records hosted within China, resulting in lower latency and higher availability. The trade-off is that even the more expensive paid versions of these DNS Services have poor international DNS coverage. This is another reason why I suggest a totally separate Chinese site if possible.

Javascript IDE

5 – Software Design

Naturally, the challenges listed above cannot be overcome by infrastructure alone. Many optimizations need to be baked into the software itself. Including:

  • Reducing Site + Asset Size: The less data you move over congested Chinese ISP’s the better
  • Removing dependencies on widgets and tools from foreign web companies: Common services like Google Fonts, Google Tag Manager or Facebook’s tracking pixel are blocked in China and won’t be functional. Same goes for widgets like Twitter, YouTube or Soundcloud embeds.
  • Moving as many assets to China-based CDN’s as possible: The more content you can put on edge nodes around the country the better.
  • Ensuring Compatibility with common Chinese browsers:  Browser market share in China is quite different from other countries. Local browsers like UC Browser, Sogou Explorer and QQ are all fairly common on both desktop and mobile. Although they are WebKit based, some may introduce compatibility issues with your website or applications.
  • Ensuring compatibility with local Phones. China has a variety of home-grown phone brands which rarely seen outside of the country. Brands like Meizu, Vivo, Oppo, Xiaomi and Huawei are all very. If you develop a complex mobile phone app or website – these devices will require extra customization.
China Provinces
Think of China as 34 markets, not one.

 

Conclusion

Do not think of China as a single market. It is a gigantic country. The 4th largest in the world by landmass and the 1st in the world by population with a staggering 1.4 billion people. It is divided and governed by 34 independent provincial bodies. It operates at a size and scale that is difficult for Western nations to comprehend. (Have you ever heard of Tianjin? Probably not… but it is a Chinese city with 3x the population of Finland.)

China truly has its own unique flavor of the internet. Its Government policies have created a cyberspace which favors home-grown players to foreign competition. Far too many internet companies have looked to China for growth, rushed in without careful planning and failed miserably. Competing successfully in the Chinese market requires knowledge and investment into both product and technical localization. With the right planning and tools, you can scale the great firewall and deliver the same experience to Chinese customers that other users enjoy worldwide.

If you plan to expand your online business into China, make sure you work with a team who has the experience and knowledge of the unique challenges in this market . My consultancy business Takehan Technologies specializes in optimizing online products for China and other emerging markets. Contact us if you’d like to learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *