In mid-April, an internal emergency directive from Shaanxi Telecom started circulating online.
The title was blunt -- "Complete Ban on Overseas Traffic and Strict Prohibition of All Circumvention Services."
The contents were even blunter: all IP addresses are to be completely blocked from accessing any destination outside mainland China, including Hong Kong, Macau, and Taiwan. At the same time, carrying any form of circumvention traffic -- VPNs, proxies, or anything else -- is strictly forbidden.
My first reaction when I saw this: "No way."
My second reaction: "Well, it was only a matter of time."
First, Let's Break Down What the Directive Actually Says
Translating the bureaucratic language into plain English:
- All IPs blocked from accessing overseas addresses -- This isn't just about blocking circumvention tools. It means cutting off even normal overseas traffic. Want to visit a Japanese shopping site? Nope. Want to watch Netflix? Dream on.
- Including Hong Kong, Macau, and Taiwan -- That's right, Hong Kong counts as "overseas." The "one country, two systems" principle is effectively dead when it comes to the internet.
- Strict prohibition on carrying any circumvention traffic -- This one targets the telecom operators themselves, meaning if someone uses your infrastructure to circumvent the firewall, you're on the hook too.
Some might say: "Isn't this just one province doing its own thing?"
But if you understand how China's telecom system works, you know it's not that simple.
Why This Isn't Just "One Province's Problem"
China's three major telecom operators (China Telecom, China Mobile, China Unicom) typically roll out policies like this:
- Headquarters sets the general direction
- Provincial branches handle implementation
- Some provinces pilot first, others follow
Shaanxi is rarely the first province to pioneer anything. If even Shaanxi has already issued a formal directive, it likely means the policy direction was set at headquarters level long ago -- the only variable is the timing of each province's rollout.
Historical precedent backs this up:
- In 2017, MIIT ordered all ISPs to clean up unauthorized "international dedicated lines." A few provinces moved first, and within six months it went nationwide
- The 2019 Deep Packet Inspection (DPI) upgrades followed the same pattern -- some provinces first, then gradual expansion
- The playbook is always the same: one province pilots, several follow, then nationwide rollout
So the question isn't "will this go nationwide," but "when."
What Else Is Happening at the Same Time
If Shaanxi Telecom's directive were an isolated incident, it could be written off as a local overreaction. But several other things happened around the same time, and when you put them together, it stops looking like coincidence:
Bitchat Removed from China App Store
Bitchat is an encrypted messaging app with a following in privacy circles. In early April, Apple removed it from the China App Store at the government's request. Apple has always been cooperative on these matters, but the frequency and scope of removals is increasing.
VPN Detection Patent CN121691088A Enters Substantive Review
This is a new patent for VPN traffic detection technology that recently entered substantive examination. In plain terms: someone is developing more precise methods for identifying and blocking VPN traffic, and this technology just got one step closer to real-world deployment.
I won't get into the technical details (it goes deep), but the key takeaway is: the Great Firewall isn't static -- it's constantly evolving. Every time you think "my current tools work fine," the other side is researching how to block those too.
The Cybercrime Prevention Law Draft Continues Advancing
If passed, this law would explicitly criminalize many online behaviors that currently exist in a legal gray area. The legal status of circumvention in China has always been ambiguous -- technically illegal, but individual users are rarely prosecuted. This law could change that calculus.
For a deeper look at the legal landscape, check out: Is Using a VPN Illegal in China?
The Big Picture: Q2 2026's Censorship Storm
When you put these events together, the trajectory for Q2 2026 becomes crystal clear:
| Event |
Nature |
Scope |
| Shaanxi Telecom overseas traffic ban |
Direct ISP-level blocking |
Provincial, likely to expand |
| Bitchat removal |
App Store compliance with censorship |
Nationwide |
| VPN detection patent in review |
Technical capability upgrade |
Future nationwide |
| Cybercrime Prevention Law draft |
Legal framework tightening |
Nationwide |
Four dimensions tightening simultaneously: infrastructure (ISPs), app stores, detection technology, and legal framework. This isn't some department acting on a whim -- it's a systematic, planned escalation.
For more on April 2026's censorship developments, see: Monthly Censorship Report -- April 2026
How Is This Different from Previous GFW Upgrades
The Great Firewall's evolution can be roughly divided into phases:
Phase 1 (~2012): Block IPs + block DNS. Simple and crude, but a VPN connection would punch right through.
Phase 2 (2017-2019): Deep Packet Inspection (DPI), enabling identification of VPN protocol signatures. Traditional protocols like OpenVPN and PPTP were essentially killed off.
Phase 3 (2020-2025): Active probing + machine learning. Even newer circumvention protocols started becoming unreliable. Blocking intensity ramped up during sensitive periods (National People's Congress, National Day, etc.).
Phase 4 (2026~): What we're seeing now -- cutting off overseas traffic directly at the ISP level. This isn't about detecting which tool you're using and then blocking it. It's about not letting traffic leave the country in the first place.
If this approach goes nationwide, what does it mean? It means no matter how good your tool's disguise or how strong its encryption, if the ISP simply won't route overseas traffic, you don't even get a chance to try.
Of course, a 100% block on all overseas traffic is unlikely -- China has massive numbers of foreign enterprises, multinational operations, and academic exchanges that depend on international connectivity. The more likely implementation would be:
- Corporate users apply for "international dedicated line" whitelists
- Residential and individual users face severe restrictions on overseas traffic
- Whatever traffic does get through faces even more aggressive DPI scrutiny
For ordinary users trying to access the open internet, the bar just got a lot higher.
For a deep dive into the GFW's latest blocking techniques, see: Q2 2026 GFW Upgrade -- Full Analysis
What This Means for Regular Users
After all that analysis, let's get to the practical question: what should you do?
1. Free VPNs Are Basically Dead
Free VPNs use the most basic protocols -- they're completely exposed to DPI. Add ISP-level blocking on top of that, and the survival rate for free tools approaches zero.
2. Traditional Commercial VPNs Are Struggling Too
The WireGuard and OpenVPN protocols used by big names like NordVPN and ExpressVPN have long been priority detection targets for the GFW. These companies are trying to fight back, but their high profile makes them easy targets.
In an environment where ISPs directly restrict overseas traffic, your circumvention tool must be able to make its traffic look like "normal domestic traffic" or "permitted business traffic." Only this level of disguise gives a tool any chance of surviving the next wave of blocks.
4. Prepare Now -- Don't Wait Until You're Cut Off
If you're in mainland China, or about to travel there, get your tools set up now. By the time restrictions are fully implemented, you may not even have the chance to download anything.
If your VPN suddenly stops working, start with this troubleshooting guide: VPN Not Connecting? 5 Quick Fixes
(Quick plug time)
Speaking of tools with traffic disguise -- I should mention Sunset Browser. It uses a proprietary encrypted tunnel with multi-layered encryption and traffic obfuscation that makes connections look like regular web browsing -- and it's still holding up well under current blocking conditions. Open the app, tap one button, and you're connected. No manual configuration needed.
iOS users can search "Sunset Browser" on the App Store to download it. The free plan is enough for everyday use.
Alright, plug over.
Final Thoughts
Shaanxi Telecom's directive may well be a turning point for internet freedom in 2026.
What it tells us isn't just "they're blocking more stuff again" -- it's that the entire logic of censorship is fundamentally shifting, from "detect and block circumvention traffic" to "deny all overseas traffic by default." That's a qualitative leap.
Combined with the VPN detection patent, the App Store removals, and legislative progress, the entire censorship apparatus is evolving toward "zero blind spots."
For the circumvention community, this means the technical arms race will intensify, the barrier to entry will keep rising, and the space for regular users to figure things out on their own will keep shrinking. Circumventing the firewall in the future won't be as simple as installing an app -- it will require more specialized technology, more flexible strategies, and faster response times.
But history also tells us: every time the wall gets higher, someone finds a way over it. The GFW has been around for nearly twenty years and has never achieved a 100% block. This time probably won't be any different.
It's just going to hurt a lot more along the way.
Questions? Feel free to leave a comment. I'm Kai -- see you in the next one.