Article illustration 1

A trove of more than 100,000 internal documents has laid bare the operations of Geedge Networks, a little-known Chinese company exporting sophisticated censorship technology modeled on China's Great Firewall to governments across Asia, Africa, and beyond. The leak, provided anonymously and analyzed by a consortium including Amnesty International, InterSecLab, and The Tor Project, exposes how Geedge's systems enable mass surveillance, website blocking, and individual targeting—effectively packaging digital repression as commercial cybersecurity. For developers and infrastructure engineers, this represents a chilling evolution in state-sponsored network control, where machine learning and deep packet inspection are weaponized against fundamental internet freedoms.

The Anatomy of Digital Control

At the heart of Geedge's offering is the Tiangou Secure Gateway (TSG), hardware installed in telecom data centers that processes all internet traffic for entire nations. According to the documents reviewed by WIRED, TSG scans every data packet, using deep packet inspection and ML algorithms to:
- Block access to websites and VPNs (like ExpressVPN and Signal) by analyzing encrypted traffic metadata.
- Intercept unencrypted content, including emails, passwords, and attachments.
- Flag and slow connections deemed suspicious, based on real-time behavioral analysis.

Complementing this is Cyber Narrator, a dashboard that gives non-technical government operators a real-time view of user activities. Screenshots from Myanmar show the system monitoring 81 million connections simultaneously, geolocating users via cell towers, and identifying VPN usage. As Marla Rivera, a technical researcher at InterSecLab, states:

"This is not like lawful interception... It gives so much power to the government that really nobody should have. This is very frightening."

Global Deployment and Sanctions Evasion

Geedge's technology is already operational in Kazakhstan, Ethiopia, Pakistan, and Myanmar, with evidence pointing to expansions in Malaysia, Bahrain, and Algeria via job postings for engineers in Belt and Road Initiative countries. The leak reveals how the company repurposes existing infrastructure—such as hardware left by Canadian firm Sandvine in Pakistan—to sidestep sanctions. Jurre van Bergen, a technologist at Amnesty International, warns:

"Once [hardware] is exported, it's there, and they're going to reuse it... This speaks to the limits of sanctions."

In Ethiopia, internal logs show Geedge's system switching from passive monitoring to active blocking just days before a nationwide internet shutdown in February 2023. Similarly, in Myanmar, Canadian VPN service Psiphon corroborated traffic patterns aligning with Geedge's deployment, highlighting the real-world impact on connectivity.

Roots in China's Censorship Regime

Geedge's rise is inextricably linked to China's surveillance state. Founded in 2018 as part of state-owned China Electronics Corporation (CEC)—sanctioned by the U.S. in 2020—the company counts Fang Binxing, the "father of the Great Firewall," as a key investor. Fang's expertise in controlling decentralized information flows has been commercialized into Geedge's products, which now refine repression at home and abroad. For instance:
- Xinjiang deployments (coded J24) test features like user "reputation scores" (requiring ID authentication for internet access) and geofencing.
- Experimental capabilities include building relationship graphs based on app usage and injecting malware into insecure traffic streams, as noted by InterSecLab researcher Lea Horne.

The Unchecked Spread of Surveillance Tech

Geedge's leak underscores a dangerous trend: the commodification of censorship tools that blur lines between cybersecurity and authoritarian control. By leveraging academic partnerships (e.g., with the Chinese Academy of Sciences) and avoiding Western hardware, the firm creates a self-sustaining ecosystem where innovations tested in places like Xinjiang can be rolled out globally via software updates. For developers, this poses ethical dilemmas about infrastructure vulnerabilities, while policymakers must confront the inadequacy of current export controls. As internet fragmentation accelerates, Geedge's story is a stark reminder that the tools of digital oppression are not confined by borders—they're being industrialized.

Source: Based on reporting from WIRED and analysis by InterSecLab, Amnesty International, and partners.