Geedge Cases: Censorship Measurement Insights from the Geedge Networks Leak
Authors: Jade Sheffey (University of Massachusetts Amherst), Ali Zohaib (University of Massachusetts Amherst), Mingshi Wu (GFW Report), Amir Houmansadr (University of Massachusetts Amherst)
Year: 2026
Issue: 1
Pages: 43–47
Abstract: Geedge Networks is a network security company that builds Internet censorship software for both China and foreign authoritarian regimes. The September 2025 Geedge Networks leak (GNL) exposed 572 GiB of internal documents, source code, and binaries from Geedge Networks and the related MESA lab. We analyze 6,915,266 domains extracted from the GNL and compare them against the two most widely used domain lists in censorship research: Tranco and the CitizenLab test lists. Our analysis across 5 locations reveals that 298,955 censored GNL domains (93.7% of all censored GNL domains) are not included in either Tranco or the CitizenLab lists. While Tranco captures globally popular sites and CitizenLab monitors sensitive content categories, the GNL provides a vendor-side perspective on which domains commercial censorship systems consider of interest. By correlating censored domains with filepaths in the GNL, we reveal files containing domain lists likely to be related to censorship done by customers of Geedge Networks.
Copyright in FOCI articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
