April 28, 2015

Chinese government censors at the helm of the “Great Firewall of China” appear to have inadvertently blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook’s “like” buttons. While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks — effectively blocking millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored.


Sometime in the last 24 hours, Web requests from within China for a large number of websites were being redirected to wpkg.org, an apparently innocuous site hosting an open-source, automated software deployment, upgrade and removal program for Windows.

One KrebsOnSecurity reader living in China who was inconvenienced by the glitch said he discovered the problem just by trying to access the regularly non-blocked UK newspapers online. He soon noticed a large swath of other sites were also being re-directed to the same page.

“It has the feel of a cyber attack rather than a new addition to the Great Firewall,” said the reader, who asked not to be identified by name. “I thought it might be malware on my laptop, but then I got an email from the IT services at my university saying the issue was nation-wide, which made me curious. It’s obviously very normal for sites to be blocked here in China, but the scale and the type of sites being blocked (and the fact that we’re being re-directed instead of the usual 404 result) suggests a problem with the Internet system itself. It doesn’t seem like the kind of thing the Chinese gov would do intentionally, which raises some interesting questions.”

Nicholas Weaver, a researcher who has delved deeply into Chinese censorship tools in his role at the International Computer Science Institute (ICSI) and the University of California, Berkeley, agrees that the blocking of connect.facebook.net by censors inside the country was likely a mistake.

“Any page that had a Facebook Connect element on it that was unencrypted and visited from within China would instead get this thing which would reload the main page of wpkg.org,” Weaver said, noting that while Facebook.com always encrypts users’ connections, sites that rely on Facebook “like” buttons and related resources draw those from connect.facebook.net. “That screw-up seems to have been fairly quickly corrected, but the effect of it has lingered because it got into peoples’ domain name system (DNS) caches.”

In short, a brief misstep in censorship can have lasting and far flung repercussions. But why should this be considered a screw-up by Chinese censors? For one thing, it was corrected quickly, Weaver said.

“Also, the Chinese censors don’t benefit from it, because this caused a huge amount of disruption to Chinese web surfers on pages that the government doesn’t want to censor,” he said.

Such screw-ups are not unprecedented. In January 2014, Chinese censors attempting to block Greatfire.org — a site that hosts tools and instructions for people to circumvent restrictions erected by the Great Firewall — inadvertently blocked all Chinese Web surfers from accessing most of the Internet.

Doing censorship right — without introducing the occasional routing calamities and unintended consequences — is hard, Weaver said. And China isn’t the only nation that’s struggled with censorship goofs. The United Kingdom filters its providers’ Internet traffic for requests to known child pornography material. In 2008, a filtering system run by the U.K-based Internet Watch Foundation flagged the cover art for the album Virgin Killers by the rock band Scorpions as potential child porn. As a result, the system placed several pages from Wikipedia on its Internet black list.

The child porn filtering system checked for requests to images flagged as indecent by proxying the traffic through a specific system. So when many U.K. residents tried to edit Wiki pages following the blacklisting, Wikipedia saw those requests as huge numbers of users all trying to edit Wiki pages from the same Internet addresses, and blocked the proxy address — effectively cutting off U.K. users from editing all Wiki pages for several days.

Suggested further reading:

Don’t Be Fodder for China’s ‘Great Cannon’


20 thoughts on “China Censors Facebook.net, Blocks Sites With “Like” Buttons

  1. Donald J Trump

    This sounds like a B.G.P. internet router table issue where a person entered in the wrong data which then spread into main land China.

  2. GreenZone

    Governments spend millions of dollars on censorship systems that can be defeated for hundreds or nothing. Put up dumb buttons.

  3. GreenZone

    “The obvious question arises: Why do government-sanctioned services offer tools to beat the law?

    Independent Iranian media have reported that “elements within the government and the Revolutionary Guard provide support to a number of VPN sellers,” according to a 2014 report from Small Media. “Reports hypothesize that this is a mutually profitable arrangement; lining the pockets of officials at the same time as it allows VPN sellers to continue in their work without the threat of state interference.””

    If it’s Tuesday, it’s Beat The Press. We can hypothesize that Chinese officials are operating the same racket and if the press reports it it is espionage. To stop espionage, give away VPN and not your location. The Chinese can sell maps with all the locations wrong. Iranians can sell updated maps with corrections to Chinese maps.

    “The Iranian government owns more than 70 percent of VPNs inside Iran,” researcher and activist Nariman Gharib told the Daily Dot. He believes the VPN owners are almost certainly connected to the government and Iranian Revolutionary Guard Corps “because [otherwise] they should be in jail by now! Which [they are] not!”

    They have the journalists in jail for writing about the folly.

  4. Mike

    It does raise some interesting questions. It should cause some concern over just how much control over things we are all giving to Facebook.

    lol….I have connect.facebook.net redirected internally to (has been that way for quite a while)

  5. nikol

    “Blocks Sites With “Like” Buttons” sounds like a great idea, get rid of those ridiculous buttons, here in the USA.

  6. patti

    China has serious problems. After all its effort to avoid mass starvation, they still may be looking at just that. Not sure how a legitimate government will hold on.

    1. GreenZone

      Ghost town compliments of central planning committee.

      “It laid out plans for a huge new town for hundreds of thousands of residents, with Genghis Khan Plaza at the centre of it.”

      “Chinese economic commentators seem much less concerned than the Western doom-mongers.”

      We have ghost baseball games!

  7. Billy Dean

    It would be interesting to see who owns the wpkg.org site and their connections to the Chinese internet regulator (CAC).

  8. Edward Nygma

    “Doing censorship right … is hard, Weaver said”.

    Understatement of the year. Doing censorship right is impossible, because censorship is wrong. This is like saying “doing murder right is hard”.

    Meanwhile, it’s odd that this blog of all places hasn’t yet questioned whether this “screwup” may have been an attack. Think about it. The GFW, especially with its “Great Cannon” capability, is an obvious juicy target for (non-Chinese-government) blackhats to manipulate to their own ends. And wpkg sounds like a similar sort of site to Github, which was recently a Great Cannon target. Perhaps this wasn’t a glitch but a test, and maybe not by the Chinese government either. If the next time it happens they get redirected to some gamer kid or a booter service we’ll know. “I see you are using Cloudflare, rival booter service. Now witness the firepower of this fully armed and operational battle station!”

    1. GreenZone

      Knowing they could never abolish crime, they created a monopoly to control it and called it the state. With the Toilet Paper Partnership (TPP) and DMCA action everything will be censored and they’ll have more influence for sale. You can lobby and peddle influence.

  9. Janis

    *.facebook.net is blocked on my personal firewall also and it does not affect any other sites. Just those annoying buttons. Also sounds like Chine steps forward in privacy protection:)

    1. CooloutAC

      What I think is worse then facebook profiling us, is other companies doing the same thing based off of facebook profiles.

      Like Job Prospects. We know for sure record execs go off just how many likes an artist has. I’m sure head hunters use facebook. and also the German government who work hand in hand with GHCQ then any other European country, , etc…

      But more importantly all of these profiles can be faked and now we have not just facebook, but governments and employers profiling people based on pure lies.

  10. CooloutAC

    I mean think about it, now all someone needs is your name and picture, and a fake facebook account, to possibly ruin your life. To demonize you with the government and future employers, not that most users don’t already do that themselves with posts they feel are innocent, and most just dn’t care.

    But Say you liked a certain music artist on your page. You can now kiss that job prospect out the window…lol

    Its also all an imposter needs to create a fake identity that doesn’t really exist, that might be believed by some agency.

  11. CooloutAC

    sorry for the spam, maybe I’m beating a dead horse. But I feel that likes and dislikes are a way for society to voice their opinions. I use to tell my family not to click like buttons in fb in case they get a virus haha, but now I feel the fakes take over the less people use them, which I’m sure is how most Gov’t would prefer it.

    1. Janis

      you are wrong, Facebook Likes only function is getting information on people to sell.

Comments are closed.