Inside China’s Great Firewall with Jackson Sippe

February 19, 2026

58 min episode · 2 min read

Jackson Sippe

Episode

58 min

Read time

2 min

AI-Generated Summary

Published Feb 20, 2026

Key Takeaways

✓Pop Count Detection Threshold: The GFW's blocking algorithm counts set bits per byte and flags traffic as encrypted when the ratio falls between 3.4 and 4.6 out of 8 bits — approximately 50% density. Understanding this exact threshold lets proxy developers craft payloads that deliberately fall outside this range, restoring connectivity without requiring protocol redesign.
✓Bit-Stuffing Circumvention with 17% Overhead: Proxy developers can defeat pop count detection by padding encrypted payloads with additional ones or zeros, keyed pseudorandomly to avoid pattern detection, then appending a few bytes encoding the removal count. This technique carries roughly 17.6% bandwidth overhead — tolerable given existing proxy layering costs — and is now implemented in ShadowSocks Rust and ShadowSocks Android.
✓Emergency Header Prepending: Before the full pop count solution was ready, researchers discovered that prepending the first four bytes of a standard TLS handshake to any fully encrypted payload bypassed GFW blocking immediately. Proxy developers received this finding in January 2022 as a rapid patch, restoring service while the more robust bit-stuffing approach was developed and validated.
✓False Positive Rate Validation via University Traffic: Researchers validated their reverse-engineered ruleset by running it against University of Colorado campus traffic — a population with no reason to use circumvention tools. The resulting 0.6% false positive rate was further reduced when most flagged packets proved to be torrent protocol traffic, which the GFW likely intended to block anyway.
✓Protocol Fingerprint Exemptions Filter ~80% of Traffic First: Before applying the computationally expensive entropy check, the GFW exempts traffic matching known protocol byte signatures — TLS alone accounts for roughly 80% of all traffic. Proxy developers can exploit this by prepending recognized protocol headers, and understanding this layered exemption architecture helps engineers predict which traffic patterns will trigger or bypass inspection.

What It Covers

PhD researcher Jackson Sippe explains how China's Great Firewall deployed a passive, entropy-based detection algorithm from November 2021 to March 2023 to block fully encrypted proxy protocols used by millions of circumvention tool users, how his team reverse-engineered the pop count technique, and what countermeasures proxy developers implemented.

Key Questions Answered

•Pop Count Detection Threshold: The GFW's blocking algorithm counts set bits per byte and flags traffic as encrypted when the ratio falls between 3.4 and 4.6 out of 8 bits — approximately 50% density. Understanding this exact threshold lets proxy developers craft payloads that deliberately fall outside this range, restoring connectivity without requiring protocol redesign.
•Bit-Stuffing Circumvention with 17% Overhead: Proxy developers can defeat pop count detection by padding encrypted payloads with additional ones or zeros, keyed pseudorandomly to avoid pattern detection, then appending a few bytes encoding the removal count. This technique carries roughly 17.6% bandwidth overhead — tolerable given existing proxy layering costs — and is now implemented in ShadowSocks Rust and ShadowSocks Android.
•Emergency Header Prepending: Before the full pop count solution was ready, researchers discovered that prepending the first four bytes of a standard TLS handshake to any fully encrypted payload bypassed GFW blocking immediately. Proxy developers received this finding in January 2022 as a rapid patch, restoring service while the more robust bit-stuffing approach was developed and validated.
•False Positive Rate Validation via University Traffic: Researchers validated their reverse-engineered ruleset by running it against University of Colorado campus traffic — a population with no reason to use circumvention tools. The resulting 0.6% false positive rate was further reduced when most flagged packets proved to be torrent protocol traffic, which the GFW likely intended to block anyway.
•Protocol Fingerprint Exemptions Filter ~80% of Traffic First: Before applying the computationally expensive entropy check, the GFW exempts traffic matching known protocol byte signatures — TLS alone accounts for roughly 80% of all traffic. Proxy developers can exploit this by prepending recognized protocol headers, and understanding this layered exemption architecture helps engineers predict which traffic patterns will trigger or bypass inspection.

Notable Moment

Researchers discovered that the GFW used its own HTTP traffic as a weapon against GitHub in 2015 — injecting JavaScript into every unencrypted request crossing the border to generate what became the largest denial-of-service attack ever recorded, simply because GitHub refused to block proxy-hosting pages.

Know someone who'd find this useful?