Subscribe for premier reporting on free speech, privacy, Big Tech, media gatekeepers, and individual liberty online.

China’s war on Wikipedia now extends to all language

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

According to OONI’s network measurement data, sub-domains are being blocked using DNS injection and SNI filtering in China.

Wikipedia domains have been tested since 2015 through the use of OONI Probe. The data collected has shown that since the blocking of Wikipedia’s Chinese edition on the 19th of May 2015, many other editions have been blocked.

OONI measurements suggest that the blocking is done by means of DNS injection, so it is possible to measure the DNS-based blocking from outside China as well.

An OONI Probe DNS injection test was run from a vantage point outside the Chinese territory and pointed towards an IP address in China.

The probe DNS injection test is very fast: it scans more than 2,000 Wikipedia domain names in less than a minute and determines which ones are blocked.  The blocks appear to be targeting any sub-domain edition of, (i.e. *,, etc.) including but do not affect other Wikimedia resources beyond from

The blocking applies to sub-domains, whether they exist or not – even the sub-domain ‘ was blocked.

Other tests were run to check if the blocking could be breached by encrypting the DNS traffic.

If a TLS handshake is attempted using the SNI of the connection is aborted immediately. Oppositely, if the SNI of is used when doing a TLS handshake with, the request is successful and the handshake finalizes.

The tests show that China’s Telecom is actively blocking all language editions of Wikipedia using DNS injection and SNI filtering. This network filtering tactic could be viewed as a “defense in depth” system similar to the type used for censorship in Egypt. By creating multiple censorship layers, Chinese telecom makes circumvention harder.

A potential way to work around the blocks could be to use an encrypted DNS resolver (such as DNS over HTTPS) in combination with Encrypted SNI. Whilst not currently supported by, the possibility of implementation is currently being discussed.

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

Read more

Join the pushback against online censorship, cancel culture, and surveillance.

Already a member? Login.