China’s Great Firewall is often spoken about but is rarely understood. It is one of the most sophisticated and opaque censorship systems on the planet, and it shapes how over a billion people interact with the global internet, influences the design of privacy and proxy tools worldwide, and continues to evolve in ways that challenge researchers, developers, and policymakers alike.
Jackson Sippe is a PhD researcher at the University of Colorado Boulder whose work focuses on uncovering how national-scale censorship systems operate. Jackson recently helped lead a groundbreaking study analyzing a previously undocumented GFW technique that quietly broke fully encrypted proxy protocols across China for more than a year.
In this episode, Jackson joins Gregor Vand to discuss how the Great Firewall works at a technical level, the 2021–2023 blocking event, the popcount-based detection algorithm his team reverse-engineered, the cat-and-mouse ecosystem of censorship circumvention, and what these findings mean for the future of the open internet.
Gregor Vand is a security-focused technologist, having previously been a CTO across cybersecurity, cyber insurance and general software engineering companies. He is based in Singapore and can be found via his profile at vand.hk or on LinkedIn.
Please click here to see the transcript of this episode.
Sponsors
Why is there always a meeting bot in your Zoom call?
Blame Recall.ai.
Recall.ai powers the meeting bots and desktop recording apps behind products like Cluely, HubSpot, and ClickUp. They handle the hard infrastructure work—capturing clean recordings, transcripts, and metadata across Zoom, Google Meet, Microsoft Teams, in-person meetings, and more—so developers don’t have to build it themselves.
If you’re building a meeting notetaker or anything involving conversation data, Recall.ai is the API for meeting recording.
Get started today with $100 in free credits at recall.ai/software
In mobile application security, ‘good enough’ is a risk.
Guardsquare uses advanced, multi-layered code hardening techniques and automated runtime application self-protection and mobile application security testing, combined with real-time threat monitoring, to deliver the highest level of mobile app security.
Discover how Guardsquare brings all these together to provide mobile app security for your Android and iOS apps without compromise at www dot Guardsquare dot com.
If you’re an engineering leader, you know this cycle.
Your team is focused on building product, but someone in ops needs a dashboard. Marketing needs an admin panel. Finance needs a custom workflow. The requests pile up, and you cannot get to them all.
So people start building their own solutions. Shadow IT spreads. And eventually, you are the one stuck cleaning up tools that were built with duct tape and good intentions.
Retool breaks that cycle.
Their AI AppGen platform gives teams a governed place to build the tools they need, so everything stays secure and under your control. Someone could type, “build me a customer admin panel that manages accounts from Postgres,” and they would get a real, production ready app with proper permissions built in.
Your teams get unblocked, and you do not inherit a pile of technical debt down the road.
So if you are tired of being the cleanup crew for shadow IT, head to retool.com slash se daily and see how other engineering teams are democratizing building without creating chaos.
Because honestly, we could all use a better way to handle internal tools.
Sometimes you just need Retool.