Software Engineering Daily Inside China’s Great Firewall with Jackson Sippe
12 snips
Feb 19, 2026 
Jackson Sipp, a PhD researcher at the University of Colorado Boulder studying national-scale censorship systems. He explains how China’s Great Firewall worked during the 2021–2023 blocking window. Topics include the pop-count entropy detection technique, how padding and TLS-like headers were used to evade blocks, active probing and fingerprinting, and implications for circumvention tool design and future censorship trends.
AI Snips
Chapters
Transcript
Episode notes
GFW Used Pop-Count Entropy Heuristic
- Researchers found the GFW used a pop-count (Hamming weight) entropy test counting set bits to detect encrypted payloads.
- Traffic with roughly 50% bits set was classified as high-entropy and subject to blocking.
Exact Bit-Range Trigger Observed
- The observed pop-count threshold that triggered blocking clustered between 3.4 and 4.6 set bits per byte.
- Packets within that range were considered encrypted and were blocked by the GFW.
Exemptions Reduced False Positives
- The GFW applied cheap exemptions before entropy checks: ASCII-heavy payloads and crude protocol fingerprints like TLS headers.
- These early filters reduced load and prevented huge false positives from blocking commonplace protocols.
