China’s Great Firewall Suffers Its Biggest Leak Yet

China’s Great Firewall, the system that blocks and monitors what people can see online, has leaked more than 500 gigabytes of internal files and code. The data shows how the censorship machine works and how China sells it abroad.

The Leak: 500 GB of Internal Data

The Great Firewall data surfaced on Sept. 11, 2025. Researchers identified archives from Geedge Networks and the MESA Lab at the Institute of Information Engineering, Chinese Academy of Sciences. The data included source code, technical manuals, and internal emails.

According to watchdog group GFW Report, the leaked material includes:

• Source code and RPM packages used to build the infrastructure
• Thousands of internal documents, including proposals, research papers, and operational logs
• References to projects connected to China’s Belt & Road Initiative (BRI) that hint at overseas deployments

“The documents show that the company not only provides services to governments in places like Xinjiang, Jiangsu, and Fujian, but also exports censorship and surveillance technology,” GFW Report researchers wrote.

Also, according to a Cybernews report, the surveillance suite has several powerful tools that include Deep Packet Inspection (DPI) to inspect traffic for content, detection modules for VPN, Tor and other tools, traffic throttling, content monitoring and possibly even the ability to label or track individual users.

The researchers also explained that, while all of these tools are present, it’s not known how they work because the source code hasn’t been inspected yet. Also, it’s not always clear how up-to-date all the leaked materials are.

Exported to other countries

The leak also suggests the tools might have been deployed in other countries as well, including Pakistan, Myanmar, Ethiopia and Kazakhstan.

In fact, Geedge Networks markets censorship as a commercial solution (“Tiangou Secure Gateway”).

Finally, one surprising conclusion is that China’s Great Firewall seems to be very far from a shadowy state project. The leak shows that it’s built just like any other commercial project that includes roadmaps, Jira tickets, and packaging servers.