IPFS and Kubo have been blocked by China GFW

pussygithubpussy · January 15, 2026, 1:37pm

Please investigate the GFW source code leak and improve IPFS/Kubo to circumvent the blockade.

Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak

The Great Firewall of China (GFW) experienced the largest leak of internal documents in its history on Thursday September 11, 2025. Over 500 GB of source code, work logs, and internal communication

github.com/net4people/bbs

Leak of Geedge Networks internal documents (100,000+ from Jira, Confluence, GitLab)

opened 04:07PM - 09 Sep 25 UTC

wkrp

reading group China Kazakhstan India Pakistan Ethiopia Myanmar Malaysia Bahrain Algeria

We have discussed the Chinese company [Geedge Networks](https://www.geedgenetwor…ks.com/) (积至). Last year, there was the news that [Geedge had provided equipment for VPN blocking in Myanmar](https://github.com/net4people/bbs/issues/369#issuecomment-2195258977). One of the founders of the company is [方滨兴 (Fang Binxing)](https://en.wikipedia.org/wiki/Fang_Binxing), the famous "father of the Great Firewall". Another Geedge principal, [郑超 (Zheng Chao)](https://github.com/net4people/bbs/issues/369#issuecomment-2195455424), is a coauthor of censorship-related research papers we have discussed: #275, #282, #444. Today, there are many news articles and reports about a leak of Geedge Networks internal documents, including from Jira (bug tracker), Confluence (wiki), and GitLab (source code). They say that several news organizations and technologists have worked together for a year to analyze the documents. This is the primary reporting from the people who worked directly with the documents, as best as I have been able to determine: * *The Globe and Mail*: [Leaked files show a Chinese company is exporting the Great Firewall's censorship technology](https://www.theglobeandmail.com/world/article-leaked-files-show-a-chinese-company-is-exporting-the-great-firewalls/) ([archive](https://web.archive.org/web/20250909115204/https://www.theglobeandmail.com/world/article-leaked-files-show-a-chinese-company-is-exporting-the-great-firewalls/)) * *Der Standard*: [Wie China seine Totalüberwachung des Internets ins Ausland exportiert](https://www.derstandard.at/consent/tcf/story/3000000286721/wie-china-seine-great-firewall-ins-ausland-exportiert) ([archive](https://archive.is/dCXZQ)) * *Follow the Money*: [China exports censorship tech to authoritarian regimes – aided by EU firms](https://www.ftm.eu/articles/how-china-is-exporting-its-censorship-technology) ([archive](https://archive.is/EIGSZ)) * InterSecLab: [The Internet Coup](https://interseclab.org/research/the-internet-coup/) ([archive](https://web.archive.org/web/20250909115332/https://interseclab.org/research/the-internet-coup/)) [PDF 76 pages](https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_September2025.pdf) ([archive](https://web.archive.org/web/20250909115839/https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_September2025.pdf)) * Amnesty International: [Shadows of Control: Censorship and mass surveillance in Pakistan](https://www.amnesty.org/en/documents/asa33/0206/2025/en/) ([archive](https://web.archive.org/web/20250909115219/https://www.amnesty.org/en/latest/news/2025/09/pakistan-mass-surveillance-and-censorship-machine-is-fueled-by-chinese-european-emirati-and-north-american-companies/)) [PDF 102 pages](https://www.amnesty.org/en/wp-content/uploads/2025/09/ASA3302062025ENGLISH.pdf) ([archive](https://web.archive.org/web/20250909115238/https://www.amnesty.org/en/wp-content/uploads/2025/09/ASA3302062025ENGLISH.pdf)) * Justice for Myanmar: [Silk Road of Surveillance](https://www.justiceformyanmar.org/stories/silk-road-of-surveillance) ([archive](https://web.archive.org/web/20250909115436/https://www.justiceformyanmar.org/stories/silk-road-of-surveillance)) [PDF 47 pages](https://jfm-files.s3.us-east-2.amazonaws.com/public/Silk+Road+of+Surveillance+EN.pdf) ([archive](https://web.archive.org/web/20250909121539/https://jfm-files.s3.us-east-2.amazonaws.com/public/Silk+Road+of+Surveillance+EN.pdf)) As far as I can tell, the actual contents of the leak have not been made public. Even so, there is a lot of information across these public articles and reports. They include, at least, evidence of exports to other contries including Myanmar, Pakistan, Ethiopia, Kazakhstan, and at least one other unidentified country; operation in the Chinese provinces of Xinjiang, Jiangsu and Fujian; technical information about Geedge's products; and collaboration with [MESA](https://web.archive.org/web/20241202193832/https://mesalab.cn/), a research lab at the Chinese Academy of Sciences.

lidel · January 19, 2026, 7:35pm

Thanks for bringing this up. Here’s what we understand about the current situation:

What is blocked:

The ipfs.io domain of the most popular public gateway
Default bootstrap node addresses (since at least 2019, see kubo#5993)
GFW can detect and block IPFS traffic patterns in some cases
Some regions (e.g. Shanghai) report wholesale P2P blocking except for enterprise-whitelisted traffic

What still works (?):

My understanding of GWF may be outdated, but last time I looked into it:

Some VPNs
P2P connectivity itself largely functions. Academic research from 2023 found that “the GFW has little measurable impact on P2P functionality” and that NAT is actually the main impediment.
QUIC transport has an advantage over TCP. GFW detection is primarily TCP-focused, and P2P QUIC connections use IP addresses directly (no SNI/hostname to censor).
Many public community-hosted HTTP gateways remain accessible, including Tor Onion Services (volunteer-run, useful as last resort when running your own node is not possible or not safe).
Kubo releases can be fetched from any working gateway (incl. Tor ones) via DNSLink (resolved by gateway, so not impacted by DNS censorship in China): https://<gateway>/ipns/dist.ipfs.tech/kubo/

Workarounds:

Make sure you have QUIC transport enabled
Bootstrap nodes are only needed for initial peer discovery. Once connected, Kubo remembers peers.
You can discover peer addresses by other means, for example by querying a delegated routing endpoint(s) for providers of popular content (example) (e.g. over Tor).

Regarding the Geedge/MESA leak:

The leak is real and significant, but published analyses focus on VPN blocking and application-layer censorship - no mentions of IPFS/libp2p so far. The technical details about how GFW detects encrypted traffic were already documented in academic research from 2023, so the leak doesn’t appear to reveal new information relevant to IPFS. If this is not true, and you find specific references in the leaked documents, please share.

Topic		Replies	Views
GFW blocked the ipfs.io Help	0	394	April 20, 2018
IPFS blocked by GFW Help	1	592	December 25, 2018
How censorship-resistant is IPFS intended to be? Ecosystem and Usage use-cases-and-apps	16	5544	December 22, 2023
IPFS.io gateway blocked in South Korea Related News	2	359	February 16, 2023
IPFS is not secure? Help	9	3180	August 22, 2019

IPFS and Kubo have been blocked by China GFW

Related topics