Can mass surveillance be a consumer product?
We knew that analyzing over 100,000 leaked documents from a private surveillance company would yield significant findings. What we didn’t expect was to cross into a new frontier, one that challenges our current understanding of how far technology can go in enabling state control, what role private companies can have in it and what it all means for the work of protecting privacy and digital security.
This investigation, carried out in collaboration with international newsrooms, human rights and digital rights organizations, as well as expert researchers in surveillance and networks, required months of collective effort and a shift in how we think about surveillance. This leak offered an unprecedented look into how these systems are built, sold, and run, making repression a service that can be outsourced, fine-tuned, and quietly deployed.
Moreover, what makes this leak especially revealing is both the level of technical detail, and what it says about the broader landscape. Similar products have been offered before — by companies like Sandvine, for instance — but in recent years, as Western governments have imposed restrictions and sanctions on the export of surveillance tools, new actors have emerged to fill the gap. Companies based in countries like China and Russia are stepping into this space with fewer constraints and even less regard for human rights or individual data security.
What happens when systems designed to control and monitor an entire country’s internet are offered to the highest bidder?
This is the proposition quietly unfolding in the global market, led by Geedge Networks — a Chinese company founded by Fang Binxing, often referred to as one of the “Father of the Great Firewall”. What was once a nationally-contained architecture of censorship and control is now being rebranded and exported, turning core elements of China’s domestic model into ready-made solutions for foreign governments.
At the centre of this export strategy is a suite of powerful, scalable technologies: deep packet inspection (DPI), VPN and circumvention tool blocking, internet traffic monitoring, and even mobile communications interception. Technologies engineered for deployment at national scale.
The underlying idea is clear: surveillance is no longer a sovereign exception, but a global service.
Whose hands are these systems falling into?
These systems are not confined to a single regime. They are being packaged, priced, and promoted as infrastructure.
At the heart of this trend is a private sector with no enforceable ethical boundaries, ready to offer advanced surveillance capabilities to any government willing to pay. The implications are far-reaching: repression at scale will no longer be technical challenge, it will be accessible through a market transaction.
The documents describe a fundamental shift in how mass surveillance is delivered: authoritarianism as a managed service. Companies like Geedge offer not just the tools, but the maintenance, the upgrades, the customizable blocking rules. A full stack made to censor and repress, built to order.
That means surveillance can now be more easily outsourced, deployed rapidly, and administered remotely, which means civil liberties in many regions around the world depend on what their states can buy in bulk.
The weakening of counter-powers
The architecture Geedge promotes is both powerful and proactive. They’re not passive filters or reactive defenses. They are systems designed to detect, block, and evolve, constantly adapting to neutralize attempts at circumvention.
According to the leaked documents, Geedge’s tools are engineered to identify and dismantle the very mechanisms that citizens, activists, and journalists rely on to stay safe online. VPNs, encrypted traffic, circumvention protocols — all are targets in a system that learns as it observes.
The company’s flagship product, the Tiangou Secure Gateway (TSG), operates as a national-scale firewall with layered capacities: from deep packet inspection (DPI) to device-level identification. But here’s the major selling point: governments can provide the list of apps they want blocked, and the actual process gets outsourced to Geedge engineers in China. No more hiring or training of network engineers. Governments define custom blocking rules and Geedge handles the rest through reverse engineering, static and dynamic analysis, or even paid accounts with major VPN providers used for internal testing
What emerges is an ecosystem of surveillance built not just to block known “threats”, but to anticipate unknown ones. Among the more revealing details in the leaked documents is the role of Mesalab, a research laboratory affiliated with the Chinese Academy of Sciences. Students at Mesalab had begun early-stage research into potential methods for blocking WebTunnel, an emerging circumvention tool developed by the Tor Project.
At the time of the leak, Geedge had not yet developed effective countermeasures, but their interest in monitoring and eventually obstructing the protocol was evident. The company appears to grant Mesalab researchers access to anonymised internet traffic data, which is used for experiments aimed at identifying and defeating new forms of circumvention. This relationship raises broader concerns. What begins as academic inquiry, becomes the raw material for the commercialization of repression.
There’s more.
Perhaps most alarming is the system’s capacity to identify and track individual users. Once someone is flagged as a VPN user, the system can monitor their activity across time, watch them shift to alternative services, and block those too — affecting not just the original user, but anyone else who joins that new network. This is surveillance that follows, learns, and adapts.
And it does not stop at the technical level. In countries where these tools are deployed, the implications for civil society are immediate and concrete. After the 2021 military coup in Myanmar, for instance, internet access was cut, VPNs were blocked, and people were physically stopped at checkpoints, their phones inspected for signs of circumvention. In early 2025, a new cybersecurity law made VPN use punishable by law.
The capacity for retroactive identification adds another layer of control: users can be traced for activities that were legal at the time they occurred, creating a chilling effect that outlives any single crackdown.
The assumption of anonymity, which was once a baseline for digital safety, no longer holds. As the documents show, using a reputable VPN is no longer enough to guarantee protection in countries deploying Geedge systems. For millions, the space for dissent is shrinking both by force, and by code.
Read the full report The Internet Coup: A Technical Analysis on How a Chinese Company is Exporting The Great Firewall to Autocratic Regimes.
This research by InterSecLab is part of the Great Firewall Export investigation, a joint collaboration with the partners Amnesty International, Justice For Myanmar, Paper Trail Media, The Globe and Mail, the Tor Project, the Austrian newspaper DER STANDARD and Follow The Money.