Leak reveals China firm exporting mass-censorship kit to India's neighbours

A leak of more than 100,000 files shows Chinese firm Geedge Networks exporting Tiangou Secure Gateway-national-scale filtering and tracking tech-now active in Pakistan and Myanmar

A cache of more than 100,000 internal documents reveals that Geedge Networks, a Chinese company tied to Fang Binxing—often described as the 'father' of China’s Great Firewall—is selling national-scale censorship infrastructure to governments abroad. Evidence points to deployments or licensing in Pakistan, Myanmar, Ethiopia, and Kazakhstan, bringing Great Firewall-style controls to China’s neighbourhood and beyond.

 

The leaked documents were studied by a consortium of human rights and media organisations including Amnesty International, InterSecLab, Justice For Myanmar, Paper Trail Media, The Globe and Mail, the Tor Project, the Austrian newspaper Der Standard, and Follow The Money.

 

What is China’s Great Firewall?

Think of the Great Firewall as a giant filter around China’s internet. When you try to visit a site, the system checks where you’re going and how you’re connecting. If the site or app is on a banned list, the connection is blocked or deliberately slowed. It also tries to spot and disrupt virtual private networks (VPNs)—tools people use to get around blocks.

 

 

What is Tiangou Secure Gateway (TSG)?

 

At the core of Geedge’s export offer is Tiangou Secure Gateway, which is like a national firewall in a box. Installed at telecom data centres, it can scan and control a whole country’s traffic. In plain terms: every connection can be allowed, blocked, or throttled. It can also detect common VPN protocols and interfere with them.

 

How does it work?

 

TSG captures connection records and key metadata (like the site name you’re reaching). That data flows into TSG Galaxy (the storage layer). A dashboard called Cyber Narrator lets officials search: who visited what, when, and from which SIM or device. 

 

For example: “Show all users who accessed a now-banned site last month.” The system can look back in time, which raises civil liberties questions.

 

In mirrored or 'passive' mode, the system quietly watches copies of traffic (faster, less fragile). To actually stop traffic, it injects packets to break connections. In in-line or “active” mode, all traffic passes through Geedge’s boxes—giving full blocking power but risking slowdowns or outages if the box fails.

 

What goes beyond a corporate firewall

 

Unlike a company firewall that protects one office, TSG can operate nationwide. It can slow just one service (say, video or chat) while leaving others normal, identify people behind shared IPs, and even alter unencrypted web pages or downloads in transit—like swapping a clean file with an infected one. Some deployments also use a 'reputation score' tied to user identity, which can limit access until extra ID checks are done.

 

How has it been implemented in Pakistan and Myanmar?

 

In Pakistan, the national filtering stack reportedly reuses older Sandvine hardware after a prior vendor exit, with Geedge running its TSG platform on that kit. After earlier systems focused on traffic at the country’s gateways, Geedge-era controls are reportedly inside ISP and mobile data centres too. That means local content and apps can be filtered, not just foreign sites. The leak also shows cases where unencrypted emails—including passwords—were captured, underscoring how risky non-TLS services are for users.  On September 9, the Amnesty International flagged Pakistan using the Chinese-built internet firewall to spy on millions of its citizens, calling it the "most comprehensive examples of state surveillance outside China".

 

In Myanmar, leaked dashboards showed monitoring of tens of millions of simultaneous connections and installations across multiple ISPs. After the junta’s VPN ban, large-scale blocking of VPNs and circumvention tools was reported while users adapted by shifting to more obfuscated connections. Equipment was reportedly installed across 26 data centres.

 

What it means for India

 

These systems operate in two of India’s neighbours. Cross-border calls, platforms used by diaspora communities, and traffic that transits regional networks can face selective blocking or slowdowns. The Pakistan case also shows how traffic can be tied to SIM-linked identity databases, enabling micro-targeting of individuals.