3 Very different things when working in China’s Internet

  • November 11, 2020

Disclaimer

This is not an opinion article; we don’t judge the decisions made by the Chinese government. We respect the laws of the country in which we’re operating, just like other companies doing business in China.

With that out of the way, let’s continue.

Most of us know that internet laws and regulations are different in China than in most other countries. Though other governments around the world also want to be able to inspect any (or all) internet traffic, China’s government is “open” about that fact. 

Since we have been serving customers in mainland China for some time now, we thought it would be interesting to share some of the unique traits we’ve observed. 

(As a bit of context, one of our clients, for example, provides e-commerce services to global brands that operate in mainland China. We deploy and manage GCP clusters for them.)

#1: Encryption is a no-go

If you have been creating infrastructure for more than a week, you already know that encryption is not optional –  communications and traffic on the open internet need to be encrypted, right?. What would you say if I told you that you’re wrong?.

Well… at least in China, the moment you enable encryption, your traffic plummets, and all communication stops. This doesn’t mean that all Internet traffic in China  has to be plain text; you’re allowed to encrypt traffic. There are just some restrictions.

#2: You can’t sign your own TLS certificates

This is the fundamental restriction alluded to in Number 1 above: you can use TLS encryption in China, but you must buy the certificates from a state-approved provider. Compared to certificates from other, non-state-approved providers, these can be very expensive and can’t be obtained in an automated way.

#3: You must use someone else’s DNS service

This is the restriction that shocked us the most: you cannot administer public-facing DNS records.Though we’re not completely sure of the reason behind this, we assume it’s to ensure traceability. 

This is maybe the most annoying problem from an operations standpoint, since it renders automatic deployment of environments more or less out of the question.

Final thoughts

The Internet landscape in China is so, so different from what you see in other countries, there’s no doubt about that. 

There’s something that kinda shocked me: knowing that you can’t encrypt traffic might lead you to think that China is a very fertile hacker hunting ground. Well… it’s not. From what we’ve seen, being such a controlled place, doing silly things on China’s internet can get you into trouble with the authorities. 

Again, this is not a political analysis – it’s just our understanding of the situation. In all the time that we’ve been operating in China, we have yet to experience any type of security-related incident.

As a closing comment, working in China’s internet is a very interesting experience, one that forced us to think outside of the box in order to achieve the results our cya lo pingueeustomer was looking for.

Credits
Written by : Gabriel Vasquez & Luis Vinay