×
The page is machine translated
TABLE OF CONTENT
QR Code
Scan this QR code to get the wallet
Select your store to download the app
applestore applestore
googleplay googleplay
xiaomi xiaomi
samsung samsung

Exporting digital repression: how China helps other regimes control the internet

~ 4 min
Exporting digital repression: how China helps other regimes control the internet

A set of newly leaked documents shows that Beijing is no longer focused solely on controlling its own information space—it is actively exporting the technology behind itscensorship system. Chinese contractors are providing complete, ready-to-deploy surveillance and filtering systems to governments in Pakistan, Ethiopia, Myanmar, and elsewhere.

But the biggest revelation in the leaks is not geopolitical; it’s personal. They expose how vulnerable any individual’s online privacy is in the face of modern deep-packet-inspection (DPI) systems designed to analyze and classify traffic in real time.

ForkLog reviewed the leaked materials from two Chinese tech companies at the center of this ecosystem: Geedge Networks and KnownSec.

Inside the leaks

Two major data troves surfaced this autumn. One contained roughly 100,000 internal files from Geedge Networks, a company whose core business includes network surveillance and censorship. The second held 12,000 documents tied to KnownSec, a firm with connections to China’s state security services.

Until now, experts only suspected that China was selling adapted versions of its domestic “Great Firewall” abroad. These leaks provide precise technical details, full system designs, and lists of foreign clients.

Geedge, closely linked to China’s MESA Lab and to Fang Binxing—the architect of the Great Firewall—is shown to have repackaged years of domestic surveillance tools into polished commercial products for export.

The great firewall, now a product

Geedge’s main offering is the Tiangou Secure Gateway (TSG), an integrated hardware-software platform installed inside the data centers of internet service providers. It can monitor, filter, and block traffic at the scale of entire countries.

Its components include:

Cyber Narrator – A real-time monitoring engine that logs virtually everything: visited websites, DNS lookups, IP addresses, timestamps, and total data sent and received. It becomes a population-wide activity ledger.

TSG Galaxy – An analytics platform that processes this data to build user profiles, identify patterns, and map social connections.

Tiangou Console – A control interface for police or intelligence operators, allowing them to blacklist keywords, block domains, or cut off specific users.

The system relies heavily on DPI. Even when traffic is encrypted, TSG analyzes metadata and behavioral patterns to determine what kind of activity is taking place.

Myanmar: technology used against protesters

The documents make clear that China is exporting these systems as “turnkey” tools for political control. Project codes list rollouts in several countries:

● K18/K24 — Kazakhstan

● P19 — Pakistan (used during unrest)

● M22 — Myanmar (deployed after the 2021 military coup)

The Myanmar deployment is especially striking. After seizing power, the military sought to lock down the information space, and Geedge supplied the technology to do it. The leaked documents show that the system monitors 81 million internet connections simultaneously.

In Myanmar, the equipment is capable of:

● De-anonymizing VPN users

● Blocking hundreds of circumvention tools, including 281 VPN services and apps like Signal

● Rapidly escalating from “monitoring” to “full blocking” within months

Geedge’s devices were found inside the data centers of local providers Frontiir and Investcom, showing that these dual-use systems are built directly into civilian telecom infrastructure.

A parallel threat: scam centers thrive in the shadows

As states start to use these technologies, criminal networks in the area are taking advantage of the same weak legal and technical conditions. Fraud compounds—known as “scam centers”—operate in parts of Southeast Asia, targeting global victims from heavily guarded compounds.

U.S. officials have begun cracking down, recently seeking to seize Starlink terminals used by scam operations in Myanmar. Google has also filed suit against the operators of the Lighthouse phishing platform.

Still, the combination of lax oversight and powerful imported technology creates ideal conditions for cybercrime to flourish.

KnownSec: offensive operations and cyberweapons

While Geedge focuses on surveillance and censorship, the KnownSec leak sheds light on China’s offensive cyber capabilities.

Documents describe tools that compromise Windows, Linux, Android, and iOS devices. Highlights include:

● Massive data theft — such as 95 GB from India’s immigration service and 3 TB of call records from South Korea’s LG U Plus

● Tools to extract private chats from Telegram and Signal on compromised Android phones

● Hardware implants, including malicious power banks that steal data when a phone is plugged in

● Use of AI, with attackers employing language models (including Anthropic’sClaude) to write malware and analyze stolen data

Lessons learned abroad strengthen control at home

China doesn’t just export these technologies—it incorporates foreign experiences into its domestic systems. The leaks show Geedge applying lessons from Pakistan and Myanmar to refine surveillance in Xinjiang and other regions.

Experimental features in development include:

● Social scoring, starting every user at 550 points, with restricted internet access if scores do not increase (for example, if biometrics are withheld)

● Geofencing, using cell-tower data to enforce virtual movement boundaries

What this means for everyone

For people far from Myanmar or Pakistan, Chinese cyber-tools may seem like distant issues. But the leaks undermine several common assumptions about digital privacy:

Encryption is not a shield.
Modern DPI can analyze encrypted traffic patterns and confidently identify VPN, Tor, or messenger use without reading content.

VPNs do not make you invisible.
Systems like Cyber Narrator treat VPN use itself as a red flag, creating lists of “suspicious” users. In Myanmar, this led to targeted crackdowns.

Behavioral analytics have overtaken keyword filtering.
Modern systems build social graphs and assess behavior patterns. The leaked plans for a “reputation rating” show that automated access blocking is moving toward multi-factor behavioral scoring.

Hardware can betray you.
The “spy power bank” examples highlight the risk of plugging devices into untrusted chargers or public USB ports.

Conclusion

The Geedge and KnownSec leaks reveal the rise of a global marketplace for digital repression. Beijing is not only exporting the equipment—it’s exporting the playbook.

For everyday users, the message is sobering: the age of simple workarounds is ending. Defending privacy now requires understanding how much information is exposed not through content, but through patterns and metadata left behind in every online action.

You may be interested in this

IronWallet supports 10000+ tokens — here are the Top 10 cryptos for January 2026
IronWallet is a non-custodial, multi-chain crypto wallet designed to support the most widely used digital assets with clear utility or store-of-value narratives. In January 2026, …
How secure is IronWallet?
When choosing a crypto wallet, security is the first concern for most users, and rightly so—your digital assets deserve maximum protection. Therefore a common question …
IronWallet - Crypto Wallet
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.