Disclaimer: Affiliate links help us produce good content. Learn more.
In China’s repressive state, there’s one important thing to understand: there’s no such thing as privacy. There are private moments, yes, but when we talk about the ideological, even “Western” definition of privacy – the right to privacy – you’re in the wrong place.
Jie Zhang, a Chinese businesswoman involved in helping Western companies adapt to China, says that she often has problems translating the word ‘privacy’ into Chinese. “There is no direct word in Chinese that means privacy,” she states. “In China, people identify with a group, and privacy is a non-existent concept.”
Exploring privacy and censorship in China in the waning weeks of 2018 is a pretty arduous task. When you’re talking about a nation-state, especially one with as rich a history, politics and economy as China’s, you’re talking about a complex system that is often mired in state secrets, confidentiality and, frankly, concepts that are way above our pay grade.
But in our series this month on China’s dystopian reality, we’re going to be taking a deep look into the economic and technological giant’s plans for total surveillance and complete censorship:
- In Part I today, we’re taking a look at the Chinese surveillance system, and how it involves not only Chinese citizens inside the country, but also possibly anyone, anywhere with a smartphone or computer.
- Part II explores Chinese censorship – how the Great Firewall has been developed to crush any opposing ideas in order to ensure that the nation-state’s centuries-long ideology survives.
- Part III will take a look at how you can protect yourself when you’re outside of China, ensuring that your data isn’t being mined by Chinese-owned companies. Or, if you’re in China, we’ll show you how you can get around the state’s increasingly-sophisticated Great Firewall, so that you can keep in touch with the rest of the world.
The far-seeing eyes of digital surveillance
In Hangzhou, a prosperous city located about two hours southwest of Shanghai, local residents are being molded into becoming more perfect citizens. When they undertake positive activities such as giving blood or doing volunteer work, they’re awarded credit points in China’s new, mandatory social credit system.
But if they do undesirable activities, such as speeding or paying unofficially for products and services – or even smoking in non-smoking zones – they’re punished by having credit points removed from their files.
Lose too many points, and Hangzhou residents will be blocked from buying plane or train tickets, have to put up with slowed internet speeds, find their kids blocked from attending good schools, and even get banned from certain jobs.
This is China in the last days of 2018 – a growing, ravenous country eager to exert greater control over a population of more than 1.4 billion people. The new Social Credit System, set to roll out fully by 2020, will require a gigantic amount of data in order to accurately record and award – or punish – its citizens.
Luckily for China, its monstrous surveillance system – the largest in the world – has already been put in place. In 2017 it already had 176 million CCTV cameras across the country, with plans to reach 626 million by 2020 according to Beijing’s plans requiring 100% surveillance and facial recognition coverage. This facial recognition technology – ominously named Sky Net – can already scan China’s entire population in just 1 second flat. Theoretically, it can also scan all the people on the entire planet, at an accuracy rate of up to 99.8%, in just 2 seconds.
But looking at China’s technological push for greater surveillance is really only half the story. There’s also the other part: the Chinese citizens’ acceptance of this surveillance that is taking over more and more of their lives.
In fact, looking through China’s long history, you’ll see the same deep vein of governments and neighbors spying on each other to help keep the order. In order to understand and adapt to this modern communist country, we’ll need to take a quick look at China’s historic need for surveillance.
History of surveillance in China
More than 1,000 years ago, a system known as baojia – where households were divided into small groups – was instituted to help supply the government with trained and armed militiamen. Over the next 700 years, that system evolved to include a separate function where the members of the baojia were asked to oversee and enforce the morality of the community members.
By the time Mao Zedong and the Communist Party rose to power in the 1940s, communal surveillance was already ingrained in the people. Mao incorporated his own system of informants to help the Communist Party keep a watchful eye on dissidents and other perceived enemies of the state.
Neighbors spied on neighbors, friends spied on friends, children spied on their parents, informing on them out of both fear and duty, vengeance and responsibility. The Communist Party used the slogan, “The people have sharp eyes,” to encourage this behavior. In fact, China’s new surveillance program is known as Xueliang, or “Sharp Eyes,” reflecting and continuing this long tradition of surveillance throughout the data-filled 21st century.
But while modern China professes to have purged itself from the horrors of Chairman Mao’s Cultural Revolution, some of the same ideas of surveillance are being magnified. China’s current president, Xi Jinping, who was recently gifted with indefinite rule, has two well-known dreams:
- to shape the world’s economy around China
- to purify the country of any disruptive people
While the former is being manifested in the Chinese adventures in Asian and African countries, the latter is being aided by that black, rectangular device that you’re probably holding in your hands right now.
Surveillance inside China
The hunger for more data
In contrast to plans of achieving greater surveillance by installing more CCTVs and informants around the country, Chinese officials are now turning to the same opportunity as their Western counterparts: the smartphone.
The rise in smartphone usage and dependency in China is proving to be a bigger boon for better, more accurate government surveillance.
You’ll find the same when looking at the statistics. By December 2017, the number of mobile phone subscriptions (unique phone numbers) exceeded the population. The country also reached 802 million online users in August 2018, and more than 98% of those accessed the internet from their phone.
Even better, those users are increasingly depending on a few popular apps and companies – WeChat, Alibaba, and Baidu – to handle greater parts of their lives and incidentally giving them access to more and more personal data.
Tapping into this vast source of data could give officials a more complete picture of the activities of influential citizens – those able to distribute dissenting opinions online – while having CCTVs take care of the rest of the digitally isolated population.
With this in mind, China adopted a sweeping national security law in 2015 that allows the government to access any data from Chinese companies and companies operating in China. It also requires that companies provide keys for encrypted user data to authorities if required.
But to really understand what this law means, let’s look at what kind of data the biggest Chinese companies are collecting.
The Big Three in China
When looking looking at the Big Three – WeChat, Alibaba and Baidu – we’re going to be focusing on two important aspects:
- the sheer amount of data the service collects on its users
- data issues and connections to the government
The biggest app in China is WeChat, by far. It’s pretty unimaginable to Western audiences just how influential this product has become.
For many, WeChat isn’t on their phone, it is their phone, allowing them to do virtually everything. Here’s a short list of what you can do on WeChat:
- play games
- communicate with friends, family, teachers, officials, and more
- pay bills
- find fun places
- book doctor’s appointments
- file police reports
- make reservations
- order food
- access bank services
- order taxis
And every day, the feature-set of this app is growing. Of course, as with most digital products in China, their growth is largely attributed to China blocking or censoring Western products, such as Facebook, Messenger, Google, WhatsApp and more.
Nonetheless, WeChat has a lot of information about Chinese users. Imagine everything you’ve ever done and said on Messenger, Twitter, Facebook, Instagram, WhatsApp or Viber, everything you’ve ordered from Uber or UberEats, all your audio and video files, all your appointments – pretty much, your entire digital life.
That’s what WeChat deals in every single day. By 2018, the app had more than 902 million daily users, with 38 billion messages passing through its servers daily.
In fact, far from becoming a convenient service for the Chinese, it’s growing into an absolutely necessary one as more daily services migrate to WeChat. Even further, the app is set to become China’s electronic ID system, as users can only sign up to WeChat with their real names.
It’s not hard to imagine – especially in a country like China – that one day WeChat will be a mandatory part of everyday life.
Seeing as it’s located in China, it’s generally understood that WeChat is providing data to authorities in China. But there have been recorded instances of WeChat and Tencent, the company that owns it, readily breaching user rights.
First of all, Tencent scored a 0 out of 100 for Amnesty International’s encryption and human rights rankings. There’s also the report that authorities in Hefei province successfully retrieved deleted WeChat conversations as part of their investigation. People have even been arrested based on what they’ve said on the app, with conversations turning up as evidence in court.
And beyond that, WeChat constantly watches and censors sensitive topics in private chats.
Generally, it’s safe to say that if you’re using WeChat, absolutely nothing that you do is private. Every single message that you ever have and ever will send, even the ones you deleted, will be accessible by the government.
And, since the app goes beyond just messaging, every single thing you do on it, and everything you use it for, is accessible right now by Chinese authorities.
For Single’s Day (11/11) in China in 2018, Alibaba racked up more than $30.8 billion in sales in just 24 hours. For the record, that’s $7 billion more than America’s Black Friday shopping day, which only garnered about $23 billion.
In very simple terms: it’s a big company. It sells a lot of products to a lot of people and, like most giant tech companies nowadays, it has it hands in a lot of cookie jars. Here’s a short list of some of the companies and projects that fall under the Alibaba group:
- Ecommerce: Alibaba.com, AliExpress, Taobao
- Cloud computing and AI: Alibaba Cloud, AliGenie, AliOS
- Fintech: Ant Financial (Alipay)
- Entertainment: AliMusic, Alibaba Pictures, Youku (a Chinese copy of Youtube)
- Others: AliHealth, AliSports, Laiwang (a WeChat competitor)
All of these services have some considerable penetration into the Chinese consumer or business life, gathering staggering amounts of data in its day-to-day business.
Alibaba has had some data controversies in the last few years. The biggest happened in early 2018, when users discovered that Ant Financial was sharing data on their personal spending habits with third-party services. Ant Financial also has a credit-scoring unit called Sesame Credit, and users were automatically enrolled in this scheme that uses customer behavior analytics to grow its credit business.
Recently, Alibaba founder Jack Ma has been outed as a Communist Party member, which goes against the long-held belief that he has no political affiliation.
There is no definite thread that connects the Alibaba conglomerate with China’s hunger for surveillance, but there are a lot of questionable connections.
Alibaba has a lot of data about not just people’s spending habits, but also their health, sports, finances, stored data, hobbies and more. And with both the Chinese laws that demands access to this data, and Jack Ma’s party membership, it’s safe to say that nothing you do on any Alibaba company is private, not in the least.
In China, there is no Google. In 2010, Google decided it would be better to leave the country than be forced to hand over user data to the government. Even before then, Google had to put up with a lot of problems and censorship issues in China. Still, Google is now working on Dragonfly, a censored search engine that international human rights organizations and Google’s own employees are railing against.
In all of this, the Chinese search competitor Baidu was able to flourish, gaining market domination in the space left by Google’s departure. Today, more than 80% of all search traffic goes through Baidu, which means that the company has a lot of information on users’ habits, behaviors, likes, dislikes, affiliations, and much more.
Not to mention that Baidu, like Google, has products and services in nearly every single area imaginable.
Baidu co-founder and chief executive Robin Li has made no qualms about how the company views data.
At the 2018 China Development Forum in Beijing, Li said the following: “If they [Chinese] are able to exchange privacy for safety, convenience or efficiency, in many cases, they are willing to do that, then we can make more use of that data.”
Earlier in 2016, Baidu – along with Alibaba and WeChat’s parent company Tencent – agreed to share data with the Chinese government, ostensibly to fight “fake online reviews.”
Again, this isn’t going to be groundbreaking, but it has to be repeated: anything you’re searching for on Baidu, or any of its products that you’re using, is inherently not private.
Living in China means living without privacy
It’s worth mentioning right now the verifiable truth: being a resident in China, and going about your daily life without taking extra protective measures, means that you are living a life that is inherently unprotected.
You have no real privacy, not in the definition of absolute privacy where your messages, photos and videos, thoughts and ideas, can remain untouched. Your actions are being watched, they’re being recorded and filed so that at any point in the foreseeable future, they can be recalled and used in any manner of ways.
It doesn’t matter if you’ve deleted them, it doesn’t matter if there are aspects of your life you’d rather remain unknown – it is knowable, and with unchecked technology reaching further and further into every area of your life, you’re being surveilled, and through surveillance, you’re being controlled, molded, predicted, repressed, and violated.
That’s what you’re having to put up with every day, and it’s safe to say that it won’t be changing any time soon. But at least that’s just in China, right? If you’re lucky enough to be outside of the Chinese Surveillance State, there’s no need to worry.
China watches the world
In October 2018, Bloomberg Businessweek published an in-depth article detailing how the Chinese government planted pencil-tip sized chips into the hardware used by almost 30 US companies, including Amazon and Apple.
With the release of the article, renewed questions began to spring up about China’s growing desire to spy on the rest of the world. But while a lot of attention has been paid to hardware manipulation, there’s a lot more to be said about China’s use of software – mobile apps and desktop programs – to get more and more valuable data about populations around the world.
Even more, China has just been identified as the possible culprit behind the Marriott (Starwood) data hack, which exposed 500 million customers’ data.
At this point, it’s almost unnecessary to say this: you should be careful of the data you share with Chinese companies, or companies located in China.
We’ve laid out the reasoning already, but the steps are quite clear:
- Chinese data laws require any company that has Chinese users to store data inside the country
- Chinese data laws require access to all data processed within the country
- These data laws also require encryption keys upon request
These are the facts. From this, it’s clear that if there’s a Chinese company that has any data on you, that data is inherently no longer private. This also goes for companies operating in China: if their servers are in China, your data is in the hands of the Chinese government.
There’s a lot of ground we can cover here, but since we specialize in VPNs (Virtual Private Networks), we’re most interested in how many of the world’s most popular VPNs, which are supposed to help keep your information private and encrypted, are actually based in China and helping to leak your information to the authorities.
For that, we didn’t have to look further than the top VPN apps on the Google Play Store – which in total have millions and millions of downloads worldwide.
The mobile-only VPN apps putting consumer data at risk
Recently, a report was released that stated that half of the most popular VPN apps were actually linked to China.
We uncovered similar findings, with 12 of the top 30 VPN apps on the Play Store either shown to be Chinese (marked in red), or having strong, very suspicious ties to the surveillance state (marked in yellow):
Beyond that, many of the apps in the Play Store are also owned by the same company, such as the following:
- The 9th most popular VPN app, Free VPN Unlimited is developed by the same company – Hotspot VPN with addresses in Hong Kong, but whose director has a residential address in Heibei Province in mainland China – as Secure VPN (#27).
- The last group is actually not based in China, but the U.S. However, we would’ve been remiss to not mention that Hotspot Shield (#19), Touch VPN (#7) and Betternet’s VPN Free (#13) are all connected to AnchorFree. This company has had its own problems with privacy issues related to undisclosed data sharing advertising [pdf].
It’s no surprise then that these apps are mobile-only and free. As the old saying goes, if you’re not paying for it, you’re the product.
Needless to say, if you have any of those VPN apps that are marked either yellow or red, every site you’ve browsed or file you’ve downloaded while connected to them could be in the hands of the Chinese government at this very moment.
With Xi Jinping’s goals of global economic dominance, it’s understandable that the country wants as much data about competing nations as possible. Their global spying could also be fueled by their desire for greater international influence, which needs more data, and corporate espionage to steal technology.
All this to say: the Chinese government is eager for more surveillance, more data, and more knowledge on a global scale, and if you’re using Chinese apps – especially the free ones – you’re giving them exactly what they’re after.
But it’s even worse if you’re a government employee or you work at a tech company or major corporation.
Corporate and political espionage
Earlier, we discussed the Chinese microchip scandal that has affected almost 30 US companies, including Apple and Amazon.
This type of hardware tampering is a much more difficult form of espionage than simply creating free VPN software. It involves complicated, razor-sharp organization, and the logistics can be quite mind-blowing. However, because it’s so difficult, when it’s done right it can be a treasure trove of data that may not be uncovered for months or years.
The microchip controversy, which first raised red flags in 2015, wasn’t really stopped until 2016, and news only broke about it at the end of 2018.
But there have been other bigger scandals where the Chinese government was caught spying on Americans and the world.
- ZTE: this Chinese telecommunications firm is currently in trouble in the US for doing business with Iran and North Korea. However, it’s also been called out by US intelligence agencies for conducting espionage on the Chinese government’s behalf.
- Huawei: early in 2018, US agencies the CIA, FBI and NSA, including the director of national intelligence, all came out against Huawei, warning consumers not to buy any of the company’s handsets. Government officials are already being warned against using Huawei and ZTE phones.
There are many cases where the government was either caught red-handed or, more likely for political reasons, strongly linked to espionage attempts. While America is a favorite target for these attempts, you can find similar cases all around the world.
At this point, the trend is clear: surveillance inside the country, espionage outside – the Chinese government is hungry for data, it is working constantly to get more data, and its efforts likely will only get stronger.
And we probably won’t know about it until years after it’s taken place, and all our data is theirs.
Is China watching you?
It isn’t so hard to see the trail of surveillance and espionage left by the Chinese. Inside their own countries, it’s pretty clear – the Chinese Communist Party, under the leadership of Xi Jinping, makes no effort to hide it.
But outside the borders of China, way beyond the business districts of Shanghai or the misty, polluted skyline of the monstrous megacity of Beijing, it’s far less obvious how much of our everyday lives is being watched, recorded and stored away somewhere.
But the facts of the case are hard to deny. If you’re using Chinese mobile-only VPN apps – they’re usually free, and always shady – you’re the product.
If you’re using Chinese hardware, like ZTE or Huawei phones, you’re the target.
And if you’re reading now in China and wondering how you could possibly escape this repressive government you’re living in, or you’re outside China and just want to avoid being tracked by the Chinese government, don’t worry: we’ve got you covered.
Over the next two weeks we’ll be publishing the remaining parts of our series on China. Part II is next, which goes over the area intrinsic to surveillance: censorship. We’ll discuss how it works with the Great Firewall, how it’s enforced, and how it impacts everyday life in China.
And finally, in Part III, we’ll look at practical ways anyone, anywhere, inside and outside of China, can get around government surveillance and censorship.
Stay tuned for more.
Disclaimer: Affiliate links help us produce good content. Learn more.
Jan is a cybersecurity and consumer protection specialist focused on investigations that help readers navigate the complex infosecurity sphere. His research and commentary has been featured in Forbes, ComputerWeekly, PC Mag, TechRadar, ZDNet, The Mirror, Entrepreneur, and many other leading publications around the world.